Should one bundle gems with the app?

Question

Having just got a new machine I have taken the opportunity to try something new. RVM is great and I have been using gemsets but after reading a few blog posts I have decided use switch to rbenv and use bundler to manage my gems exclusively as outlined in Ruby Rogues episode 45.

I do not collaborate all that much and if I do it is usually with one or two other people.

The bundler documentation details the ability to package up gems in to the vendor/cache directory by running:

$ bundle package
$ bundle install --local

Great private gems that can be checked in to source control; I guess making deployment to a clean server or collaborating easier?

However if you check your Gemfile and Gemfile.lock into source control then what is the need for bundle package?

Ryan Mcgeary advocates for this approach in this blog post form early 2011 and in another blog post from 2010 Yehuda Katz says that:

You might want to install your bundled gems to a different location, such as a directory in the application itself. This will ensure that each application has its own copies of the gems, and provides an extra level of isolation.

This isolation is quite like gemsets I suppose and I can imagine when you have a huge list of system gems it would be difficult to know which ones are actually being used by your applications.

So packaging gems with the application?

Is anyone doing this? Is this practice obsolete?

What's the best practice and what are the advantages / disadvantages of bundling gems within the app?

Answer 1

I think bundle package has a narrow set of usage cases.

Gemfile and Gemfile.lock deal with version locking, but in the end you still go out to rubygems.org and download the gem when you do bundle install.

The three scenarios I can see bundle package being useful:

1) I have a clean production environment, and I don't want to touch rubygems.org at all. This might be due to a security protocol, limited internet access, etc. In the end I have a entirely self-contained application package with all the gems lined up and ready to go, without really touching the server environment, or the internet.

2) I want to download the gem, unpack it, screw around with it, and use that particular one. Especially if I don't wanna deal with things like git, or forking, or any of that stuff.

3) From a development team point of view, you can say that all gems being used must be packaged and local to the app. You wouldn't have to worry about developers installing different versions, touching their environments, etc. This reason is kinda weak in my eyes, but I've seen this logic once or twice.

In the end, unless you have a use case where you're actively hunting for this ability, I'd stay away from it.