[rb] Use prebuilt Ruby

[p0deje]

User description

🔗 Related Issues

💥 What does this PR do?

🔧 Implementation Notes

💡 Additional Considerations

🔄 Types of changes

• Cleanup (formatting, renaming)
• Bug fix (backwards compatible)
• New feature (non-breaking change which adds functionality and tests!)
• Breaking change (fix or feature that would cause existing functionality to change)

---

PR Type

Enhancement, Bug fix

---

Description

• Use prebuilt Ruby with rv-ruby checksums for multiple platforms

• Add workaround for rules_ruby incompatibility with jruby/truffleruby

• Update rules_ruby git override to specific commit

• Pin Psych gem to 5.0.1 and exclude from bundle fetch

• Remove date gem checksums (handled by prebuilt Ruby)

---

Diagram Walkthrough

flowchart LR
  A["rules_ruby git override"] --> B["Prebuilt Ruby support"]
  B --> C["rv_checksums for platforms"]
  D["jruby/truffleruby detection"] --> E["Disable prebuilt Ruby"]
  F["Psych 5.0.1 pinning"] --> G["Exclude from bundle fetch"]
  C --> H["Enhanced Ruby toolchain"]
  E --> H
  G --> H

Loading

File Walkthrough

	Relevant files
Bug fix	bazel.yml Add jruby/truffleruby prebuilt Ruby workaround                      .github/workflows/bazel.yml Add conditional step to disable prebuilt Ruby for jruby and truffleruby Use sed to remove excluded_gems and rv_version from MODULE.bazel Workaround for rules_ruby incompatibility with alternative Ruby implementations +6/-0
Configuration changes	MODULE.bazel Configure prebuilt Ruby and update gem dependencies            MODULE.bazel Add git_override for rules_ruby pointing to specific commit Add rv_checksums for linux-arm64, linux-x86_64, macos-arm64, macos-x86_64 Add excluded_gems parameter with psych to bundle_fetch Update psych from 5.3.1 to 5.0.1 (both mri and java variants) Remove date gem checksums (3.5.1 for both mri and java) +15/-4
Dependencies	Gemfile Pin Psych gem version with documentation                                  rb/Gemfile Add comment explaining Psych 5.0.1 pinning rationale Pin Psych gem to 5.0.1 to match Ruby 3.2.9 standard library +4/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Supply chain override Description: The new git_override for rules_ruby fetches build tooling directly from https://github.com/bazel-contrib/rules_ruby by commit, which is a supply-chain risk if the upstream repository/commit is later found compromised and should be verified/approved per dependency governance. MODULE.bazel [37-41] Referred Code git_override( module_name = "rules_ruby", commit = "e8074d6e5e0caa6ab70d2a6c0644c8cd6f62cb8b", remote = "https://github.com/bazel-contrib/rules_ruby", )
Ticket Compliance
🟡	🎫 #1234
🟡	🎫 #5678
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Sed portability risk: The new sed -i commands used to edit MODULE.bazel may fail or behave differently across runner environments (e.g., GNU vs BSD sed), which could cause non-graceful CI failures without a fallback path. Referred Code # Workaround for rules_ruby not handling rv-ruby and jruby/truffleruby properly - name: Disable prebuilt Ruby if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby') run: | sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	✅ Fix incorrect sed commands Suggestion Impact: Instead of correcting the sed commands as suggested, the commit removed the entire "Disable prebuilt Ruby" workaround step (including the incorrect sed commands), eliminating the buggy behavior altogether. code diff: - # Workaround for rules_ruby not handling rv-ruby and jruby/truffleruby properly - - name: Disable prebuilt Ruby - if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby') - run: | - sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel - sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel Fix the sed commands to correctly remove the excluded_gems line and the multi-line rv_checksums block from MODULE.bazel. The current commands target a non-existent rv_version parameter and would not correctly remove the multi-line rv_checksums block. .github/workflows/bazel.yml [121-123] run: | sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel - sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel + sed -i '/^[[:space:]]*rv_checksums = {/,/^[[:space:]]*},/d' MODULE.bazel [Suggestion processed] Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies a critical bug where the sed command targets the wrong parameter (rv_version instead of rv_checksums) and would fail to remove the multi-line block, causing build failures. The proposed fix is accurate and essential for the workflow's correctness.	High
High-level	✅ Avoid modifying build files in CI Suggestion Impact: The workflow step "Disable prebuilt Ruby" that ran sed commands against MODULE.bazel was removed from .github/workflows/bazel.yml, aligning with the suggestion to avoid modifying build files in CI. The diff does not show any corresponding move of the logic into Bazel rules, only removal of the CI modification. code diff: - # Workaround for rules_ruby not handling rv-ruby and jruby/truffleruby properly - - name: Disable prebuilt Ruby - if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby') - run: | - sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel - sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel Instead of using sed in the CI workflow to modify MODULE.bazel for certain Ruby versions, this logic should be moved into the Bazel rules. This creates a more robust and declarative build process. Examples: .github/workflows/bazel.yml [118-123] # Workaround for rules_ruby not handling rv-ruby and jruby/truffleruby properly - name: Disable prebuilt Ruby if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby') run: | sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel Solution Walkthrough: Before: # .github/workflows/bazel.yml - name: Disable prebuilt Ruby if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby') run: | sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel # MODULE.bazel (as checked in) ruby.toolchain( ... rv_checksums = { ... }, ... ) ruby.bundle_fetch( ... excluded_gems = ["psych"], ... ) After: # .github/workflows/bazel.yml # The "Disable prebuilt Ruby" step is removed. # MODULE.bazel (remains declarative and unchanged by CI) ruby.toolchain( ... rv_checksums = { ... }, ... ) ruby.bundle_fetch( ... excluded_gems = ["psych"], ... ) # The logic is moved into the bazel rules (e.g. a patched rules_ruby) # which would conditionally ignore `rv_checksums` and `excluded_gems` # based on the ruby version (e.g., jruby/truffleruby). Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a brittle practice of modifying build files (MODULE.bazel) during CI and proposes a more robust, declarative solution, which significantly improves long-term maintainability.	Medium
Update