diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a2bc7d9..556b7c0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -125,6 +125,7 @@ jobs: uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 with: ruby-version: ruby + bundler: 4.0.13 - name: Update Gemfile.lock run: bundle lock @@ -211,8 +212,9 @@ jobs: - name: Set up Ruby uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 with: - bundler-cache: true ruby-version: ruby + bundler: 4.0.13 + bundler-cache: true - name: Configure trusted publishing credentials uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 # v1.0.0 diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index c49142f..44741f4 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -24,6 +24,7 @@ jobs: uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 with: ruby-version: ${{ matrix.ruby-version }} + bundler: 4.0.13 # runs 'bundle install' and caches installed gems automatically bundler-cache: true diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5b72cc3..ea0afae 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,7 +7,7 @@ Thanks for your interest in improving the PostHog Ruby SDK. 1. Install `asdf` to manage your Ruby version: `brew install asdf` 2. Install Ruby's plugin: `asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git` 3. Install the required Ruby version: `asdf install` -4. Install dependencies: `bundle install` +4. Install dependencies with the pinned Bundler version (required for RubyGems cooldown enforcement): `gem install bundler -v 4.0.13 && bundle install` ## Running the example file diff --git a/Gemfile b/Gemfile index 4aa32b8..b756d0b 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,11 @@ # frozen_string_literal: true -source 'https://rubygems.org' +required_bundler = Gem::Version.new('4.0.13') +if Gem::Version.new(Bundler::VERSION) < required_bundler + abort "Bundler #{required_bundler}+ is required because this Gemfile enforces a 7-day RubyGems cooldown." +end + +source 'https://rubygems.org', cooldown: 7 gemspec gem 'concurrent-ruby', require: 'concurrent' diff --git a/Gemfile.lock b/Gemfile.lock index 672a406..73d735d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -251,6 +251,7 @@ CHECKSUMS benchmark (0.5.0) sha256=465df122341aedcb81a2a24b4d3bd19b6c67c1530713fd533f3ff034e419236c bigdecimal (4.1.0) sha256=6dc07767aa3dc456ccd48e7ae70a07b474e9afd7c5bc576f80bd6da5c8dd6cae builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f + bundler (4.0.13) sha256=19f08be7f27022cf0b89f27da0b044ae075e8270a9ef44ad248a932614e1ca3b cgi (0.5.1) sha256=e93fcafc69b8a934fe1e6146121fa35430efa8b4a4047c4893764067036f18e9 commander (5.0.0) sha256=22ca42866ce5ed1a7f3e9a9c831a23d03b75b3743c7ad0302c3cbcd9eb5f257d concurrent-ruby (1.3.6) sha256=6b56837e1e7e5292f9864f34b69c5a2cbc75c0cf5338f1ce9903d10fa762d5ab @@ -335,4 +336,4 @@ CHECKSUMS zeitwerk (2.7.5) sha256=d8da92128c09ea6ec62c949011b00ed4a20242b255293dd66bf41545398f73dd BUNDLED WITH - 4.0.8 + 4.0.13