Gem repository failed with "bundle install --deployment"

I’m new to Sonatype Nexus, but it was showing promise for us to bypass a gem builder we’ve been using at https://rails-assets.org. I can do a ‘bundle install’ for all my gems, but in production we runbundle install with the --deployment flag, which basically compiles a bunch of stuff. The error I got is:

[jenkins@staging Pacesetter_Enterprise]$ bundle install --deployment
Warning: the running version of Bundler is older than the version that created the lockfile. We suggest you upgrade to the latest version of Bundler by running `gem install bundler`.
Fetching gem metadata from https://rubygems.org/........
Fetching version metadata from https://rubygems.org/...
Fetching dependency metadata from https://rubygems.org/..
Could not find rails-assets-angular-1.7.5 in any of the sources

rails-assets-angular-1.7.5 is indeed in the repo (see attached screenshot). We use rvm and I found the gem in the cache, and pushed it from there. If one extracts the contents of the gem, it has source. This happens to be one that comes in as a dependency, so wasn’t initially in the Gemfile. Putting it in does not help however.

Any ideas are sincerely welcome!

Screen Shot 2021-10-04 at 3.36.49 PM

As soon as I posted that, I had a thought. The regular bundle install does not produce the messages about fetching metadata from https://rubygems.org. I have two repos under one group. One repo is a ruby gems proxy, the other is a ‘hosted’ type that contains these other assets that I pushed up. If it only looks for the metadata in rubygems.org, it won’t find those that I pushed. Is that what is going on? My ‘gem sources’ points to the group repo that contains both.

Hi Jeff,

If it only looks for the metadata in rubygems.org, it won’t find those that I pushed. Is that what is going on?

Yes, you’re correct. Your gem log shows that it tries to resolve the gems directly form RubyGems where it won’t find your gem in your local hosted repository.

My ‘gem sources’ points to the group repo that contains both.

Are you sure about that? I can see your screenshot suggest the issue you have happens on Jenkins, so when you say your gem source, is that configuration on your local development machine or is it configured on Jenkins too?

@dsawa Thanks much for your help. What I didn’t notice is that the Gemfile has a “source” declaration in it. Actually I discounted it – assuming that because Nexus is a proxy for https://rugyegems.org, that it would literally redirect that. The evidence is that without the --deployment flag on the bundle, in the rvm world, it manages to use the ‘gem sources’ value for your chosen gemset. With --deployment, however, you need to point the Gemfile to the nexus repo. --deployment doesn’t actually do the compile, rather we have a “bundle exec rake assets:precompile RAILS_ENV=production” which does that, but if you haven’t done the --deployment, the runtime (in our case passenger) will fail to find gems in production at runtime.

Bottom line is our little disaster was avoided by using Sonatype Nexus. For completeness, our problem was that https://rails-asseets.org changed their SSL certificate to one that is unknown to, I think, all JDKs from 8 through 11. We use jruby so all of a sudden we couldn’t bundle and deploy!

Thanks for the assistance and I gotta say – great product.

1 Like