Skip to content

chore(deps): generate Gemfile.lock files and allow in .gitignore for Phase 2 sample#34843

Open
torreypayne wants to merge 2 commits into
mainfrom
chore/phase2-sample-lockfiles
Open

chore(deps): generate Gemfile.lock files and allow in .gitignore for Phase 2 sample#34843
torreypayne wants to merge 2 commits into
mainfrom
chore/phase2-sample-lockfiles

Conversation

@torreypayne

@torreypayne torreypayne commented Jul 16, 2026

Copy link
Copy Markdown
Member

Overview

This pull request introduces `Gemfile.lock` tracking for a representative pilot sample of Phase 2 (`Batch 2: Generated Gems A - D`) client libraries, expanding upon the Phase 1 rollout (PR #34666) and fulfilling the P1 dependency security mandate (b/509981628).
By checking in these lockfiles, we eliminate non-deterministic dependency resolutions during CI presubmit/postsubmit runs and enroll these libraries into weekly automated lockfile maintenance (`bundle lock --update`) managed by Renovate.

Enrolled Scope (5 Sample Libraries)

To safely validate `.gitignore` negation and lockfile generation behavior across the major Generated Gem prefix families before scaling across all ~198 Phase 2 gems, this PR enrolls the following representative sample:

  • `google-ads-ad_manager-v1`
  • `google-analytics-data-v1beta`
  • `google-apps-chat-v1`
  • `google-area120-tables-v1alpha1`
  • `google-cloud-bigquery-data_exchange-v1beta1`

Changes Included

  1. `.gitignore` Negation Rules: Appended `# Allow tracking Gemfile.lock for Phase 2 rollout\n!Gemfile.lock` to each gem's `.gitignore` file so that `Gemfile.lock` is tracked by Git while preserving general build/doc ignore patterns.
  2. Initial Lockfile Generation: Executed `bundle lock` inside each of the 5 gem directories using Ruby 3.3 and Bundler to generate deterministic, production-ready `Gemfile.lock` files.

Verification

  • Checked `git status` to verify that `Gemfile.lock` files changed from ignored (`!!`) to tracked (`??` / staged `A`).
  • Confirmed dependencies resolve cleanly against local monorepo sibling path specifications (e.g., `gapic-common`, `google-cloud-errors`) and `https://rubygems.org/\` for third-party gems.

Related Issues

…e for Phase 2 rollout

- Generate initial Gemfile.lock files for 5 sample Phase 2 client libraries
- Update .gitignore negation rules (!Gemfile.lock) for enrolled sample libraries
- Enroll sample libraries in .github/renovate.json5 under 'enrolled gems lockfiles' group
Resolves https://b.corp.google.com/issues/509981628 (Phase 2 Sample Pilot)
@torreypayne torreypayne marked this pull request as ready for review July 16, 2026 21:53
@torreypayne torreypayne requested review from a team and yoshi-approver as code owners July 16, 2026 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant