-
-
Notifications
You must be signed in to change notification settings - Fork 484
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sentry-rails dependency on rails is too big #1362
Comments
it's on the way 🙂 #1352 |
@st0012 Thanks. I looked quickly, but missed that issue and PR. Great to hear. This is an immediate problem due to the mimemagic/activestorage licensing issue I mentioned in the issue body. |
Curious what the timeline on this is? Is there any chance that this could be released today? Right now we can either remove sentry-rails and our sentry reporting from our application, or we can't release due the mimemagic/activestorage issue. |
I am here for the same reason. While trying to work around the mimemagic yanking mess, I was about to replace in our app' Gemfile: gem "rails", "~> 6.0.3" with rails_version = "6.0.3"
gem "actionpack", "~> #{rails_version}"
gem "activejob", "~> #{rails_version}"
gem "activemodel", "~> #{rails_version}"
gem "activerecord", "~> #{rails_version}"
gem "railties", "~> #{rails_version}" only to then realize that My intuition tells me you could just replace the |
I reviewed @st0012's PR, which looked good to me, and then linked in his branch with: gem "sentry-rails", git: "https://github.com/getsentry/sentry-ruby.git", branch: "minimize-sentry-rails-requirement", glob: "sentry-rails/*.gemspec" It's not a fantastic solution, but it let me move on with my day. |
@nirvdrum did you find any issue when using it? I didn't release it right away because I was (and still am) worrying about if there's any issue it introduces. |
@st0012 So far, so good. I haven't tested extensively though. The Rails app booted and our extensive test suite passed. I need to induce some errors and see if the reporting still works. |
fyi it's now on the master branch now. I'll make a pre-release version today and keep you notified here. |
|
First, scan [Dependency on mimemagic 0.3.x no longer valid](rails/rails#41750) for context! In summary, **rails** depends on **activestorage** which depends on **marcel** which depends on **mimemagic**. Yesterday, the author of **mimemagic** was informed it was in violation of the GPL license. So, they chose to - yank all versions up to and including 0.3.5 from rubygems - release a new version under the GPL - archive the project for all further changes/issues/pr's etc Via the dependency chain Rails relies on **mimemagic 0.3.5** so new installs of Rails are now broken. It also can't just pull in the new version due to the clash with the GPL license. Efforts are afoot to resolve the issue. - A [fork of mimemagic](https://github.com/jellybob/mimemagic) which relies on the GPL source data being already installed and read at run time - Updating **marcel** to use [MiniMime](rails/marcel#25) and [ruby-magic](rails/marcel#26) instead of **mimemagic** Till the community has settled on a solution though, we need a fix in the short term. Ours is based on - What the Dept. for Education team have done in [early-careers-framework](DFE-Digital/early-careers-framework#178) - What Sentry are doing [in their app](getsentry/sentry-ruby#1362) Instead of referencing `rails` in the `Gemfile` they are referencing just the parts needed and excluding `activestorage` and anything with a dependency on it. This change does exactly the same thing.
hey everyone 👋 since I haven’t seen any issue report for the pre release, I’ll assume it works fine and make a 4.3.3 release today 🙂 |
close because version |
First, scan [Dependency on mimemagic 0.3.x no longer valid](rails/rails#41750) for context! In summary, **Rails** depends on **activestorage** which depends on **marcel** which depends on **mimemagic**. Yesterday, the author of **mimemagic** was informed it was in violation of the [GPL license](https://choosealicense.com/licenses/gpl-3.0/). So, they chose to - yank all versions up to and including 0.3.5 from rubygems - release a new version under the GPL - archive the project for all further changes/issues/pr's etc Via the dependency chain **Rails** relies on **mimemagic 0.3.5** so new installs of **Rails** are now broken. It also can't just pull in the new version due to the clash with the GPL license. Efforts are afoot to resolve the issue. - A [fork of mimemagic](https://github.com/jellybob/mimemagic) which relies on the GPL source data being already installed and read at run time - Updating **marcel** to use [MiniMime](rails/marcel#25) and [ruby-magic](rails/marcel#26) instead of **mimemagic** Till the community has settled on a solution though, we need a fix in the short term. Ours is based on - What the Dept. for Education team have done in [early-careers-framework](DFE-Digital/early-careers-framework#178) - What Sentry are doing [in their app](getsentry/sentry-ruby#1362) Instead of referencing `rails` in the `Gemfile` they are referencing just the parts needed and excluding `activestorage` and anything with a dependency on it. This change does exactly the same thing.
Describe the bug
The sentry-rails gem has a dependency on rails itself. This forces loading the entirety of Rails, which is unnecessary in many applications (e.g., API mode). The immediate issue is it's forcing the loading of Active Storage, which is in the middle of dealing with a major licensing issue. Since we're not using Active Storage, we could avoid the licensing issue by not loading it in the first place, but sentry-rails is forcing it.
I'd suggest only depending on the parts that sentry-rails actually needs to load itself. I think you could go a step further and remove the dependency entirely. If someone is adding sentry-rails to a non-Rails application, a runtime exception due to not being able to load a Rails class ought to be sufficient. I don't think this needs to be enforced by the gemspec.
To Reproduce
Add sentry-rails to a Rails API-only project and only load the components you need. E.g.,
Expected behavior
I'd expect only the Rails dependencies I've specified have been loaded.
Actual behavior
sentry-rails forces a dependency on every component of Rails.
Environment
Raven Config
This is not necessary but could be helpful.
The text was updated successfully, but these errors were encountered: