bundle-install
- Install the dependencies specified in your Gemfile
bundle install
[--binstubs[=DIRECTORY]]
[--clean]
[--deployment]
[--frozen]
[--full-index]
[--gemfile=GEMFILE]
[--jobs=NUMBER]
[--local]
[--no-cache]
[--no-prune]
[--path PATH]
[--quiet]
[--redownload]
[--retry=NUMBER]
[--shebang]
[--standalone[=GROUP[ GROUP...]]]
[--system]
[--trust-policy=POLICY]
[--with=GROUP[ GROUP...]]
[--without=GROUP[ GROUP...]]
Install the gems specified in your Gemfile(5). If this is the first
time you run bundle install (and a Gemfile.lock
does not exist),
Bundler will fetch all remote sources, resolve dependencies and
install all needed gems.
If a Gemfile.lock
does exist, and you have not updated your Gemfile(5),
Bundler will fetch all remote sources, but use the dependencies
specified in the Gemfile.lock
instead of resolving dependencies.
If a Gemfile.lock
does exist, and you have updated your Gemfile(5),
Bundler will use the dependencies in the Gemfile.lock
for all gems
that you did not update, but will re-resolve the dependencies of
gems that you did update. You can find more information about this
update process below under CONSERVATIVE UPDATING.
The --clean
, --deployment
, --frozen
, --no-prune
, --path
, --shebang
,
--system
, --without
and --with
options are deprecated because they only
make sense if they are applied to every subsequent bundle install
run
automatically and that requires bundler
to silently remember them. Since
bundler
will no longer remember CLI flags in future versions, bundle config
(see bundle-config(1)) should be used to apply them permanently.
--binstubs[=<directory>]
bin/
.
This lets you link the binstub inside of an application to the exact gem
version the application needs.
Creates a directory (defaults to ~/bin
) and places any executables from the
gem there. These executables run in Bundler's context. If used, you might add
this directory to your environment's PATH
variable. For instance, if the
rails
gem comes with a rails
executable, this flag will create a
bin/rails
executable that ensures that all referred dependencies will be
resolved using the bundled gems.
--clean
This option is deprecated in favor of the clean
setting.
--deployment
This option is deprecated in favor of the deployment
setting.
--redownload
--frozen
This option is deprecated in favor of the frozen
setting.
--full-index
--gemfile=<gemfile>
Gemfile.lock
and vendor/cache
relative
to this location.--jobs=[<number>]
, -j[<number>]
1
.--local
rubygems.org
. Instead, Bundler will use the
gems already present in Rubygems' cache or in vendor/cache
. Note that if an
appropriate platform-specific gem exists on rubygems.org
it will not be
found.--no-cache
vendor/cache
with the newly bundled gems. This
does not remove any gems in the cache but keeps the newly bundled gems from
being cached during the install.--no-prune
This option is deprecated in favor of the no_prune
setting.
--path=<path>
gem install ...
will
have gem installed there, too. Therefore, gems installed without a
--path ...
setting will show up by calling gem list
. Accordingly, gems
installed to other locations will not get listed.
This option is deprecated in favor of the path
setting.
--quiet
$?
).--retry=[<number>]
--shebang=<ruby-executable>
ruby
) to execute the scripts
created with --binstubs
. In addition, if you use --binstubs
together with
--shebang jruby
these executables will be changed to execute jruby
instead.
This option is deprecated in favor of the shebang
setting.
--standalone[=<list>]
bundle
and installs the bundle there. It
also generates a bundle/bundler/setup.rb
file to replace Bundler's own setup
in the manner required. Using this option implicitly sets path
, which is a
[remembered option][REMEMBERED OPTIONS].--system
--path
.
This option is deprecated in favor of the system
setting.
--trust-policy=[<policy>]
HighSecurity
, MediumSecurity
, LowSecurity
, AlmostNoSecurity
, or
NoSecurity
. For more details, please see the Rubygems signing documentation
linked below in SEE ALSO.--with=<list>
This option is deprecated in favor of the with
setting.
--without=<list>
This option is deprecated in favor of the without
setting.
Bundler's defaults are optimized for development. To switch to
defaults optimized for deployment and for CI, use the --deployment
flag. Do not activate deployment mode on development machines, as it
will cause an error when the Gemfile(5) is modified.
A Gemfile.lock
is required.
To ensure that the same versions of the gems you developed with
and tested with are also used in deployments, a Gemfile.lock
is required.
This is mainly to ensure that you remember to check your
Gemfile.lock
into version control.
The Gemfile.lock
must be up to date
In development, you can modify your Gemfile(5) and re-run
bundle install
to conservatively update
your Gemfile.lock
snapshot.
In deployment, your Gemfile.lock
should be up-to-date with
changes made in your Gemfile(5).
Gems are installed to vendor/bundle
not your default system location
In development, it's convenient to share the gems used in your application with other applications and other scripts that run on the system.
In deployment, isolation is a more important default. In addition, the user deploying the application may not have permission to install gems to the system, or the web server may not have permission to read them.
As a result, bundle install --deployment
installs gems to
the vendor/bundle
directory in the application. This may be
overridden using the --path
option.
By default, Bundler installs gems to the same location as gem install
.
In some cases, that location may not be writable by your Unix user. In
that case, Bundler will stage everything in a temporary directory,
then ask you for your sudo
password in order to copy the gems into
their system location.
From your perspective, this is identical to installing the gems directly into the system.
You should never use sudo bundle install
. This is because several
other steps in bundle install
must be performed as the current user:
Gemfile.lock
vendor/cache
, if necessaryOf these three, the first two could theoretically be performed by
chown
ing the resulting files to $SUDO_USER
. The third, however,
can only be performed by invoking the git
command as
the current user. Therefore, git gems are downloaded and installed
into ~/.bundle
rather than $GEM_HOME or $BUNDLE_PATH.
As a result, you should run bundle install
as the current user,
and Bundler will ask for your password if it is needed to put the
gems into their final location.
By default, bundle install
will install all gems in all groups
in your Gemfile(5), except those declared for a different platform.
However, you can explicitly tell Bundler to skip installing
certain groups with the --without
option. This option takes
a space-separated list of groups.
While the --without
option will skip installing the gems in the
specified groups, it will still download those gems and use them to
resolve the dependencies of every gem in your Gemfile(5).
This is so that installing a different set of groups on another machine (such as a production server) will not change the gems and versions that you have already developed and tested against.
Bundler offers a rock-solid guarantee that the third-party
code you are running in development and testing is also the
third-party code you are running in production. You can choose
to exclude some of that code in different environments, but you
will never be caught flat-footed by different versions of
third-party code being used in different environments.
For a simple illustration, consider the following Gemfile(5):
source 'https://rubygems.org'
gem 'sinatra'
group :production do
gem 'rack-perftools-profiler'
end
In this case, sinatra
depends on any version of Rack (>= 1.0
), while
rack-perftools-profiler
depends on 1.x (~> 1.0
).
When you run bundle install --without production
in development, we
look at the dependencies of rack-perftools-profiler
as well. That way,
you do not spend all your time developing against Rack 2.0, using new
APIs unavailable in Rack 1.x, only to have Bundler switch to Rack 1.2
when the production
group is used.
This should not cause any problems in practice, because we do not
attempt to install
the gems in the excluded groups, and only evaluate
as part of the dependency resolution process.
This also means that you cannot include different versions of the same gem in different groups, because doing so would result in different sets of dependencies used in development and production. Because of the vagaries of the dependency resolution process, this usually affects more than the gems you list in your Gemfile(5), and can (surprisingly) radically change the gems you are using.
When you run bundle install
, Bundler will persist the full names
and versions of all gems that you used (including dependencies of
the gems specified in the Gemfile(5)) into a file called Gemfile.lock
.
Bundler uses this file in all subsequent calls to bundle install
,
which guarantees that you always use the same exact code, even
as your application moves across machines.
Because of the way dependency resolution works, even a seemingly small change (for instance, an update to a point-release of a dependency of a gem in your Gemfile(5)) can result in radically different gems being needed to satisfy all dependencies.
As a result, you SHOULD
check your Gemfile.lock
into version
control, in both applications and gems. If you do not, every machine that
checks out your repository (including your production server) will resolve all
dependencies again, which will result in different versions of
third-party code being used if any
of the gems in the Gemfile(5)
or any of their dependencies have been updated.
When Bundler first shipped, the Gemfile.lock
was included in the .gitignore
file included with generated gems. Over time, however, it became clear that
this practice forces the pain of broken dependencies onto new contributors,
while leaving existing contributors potentially unaware of the problem. Since
bundle install
is usually the first step towards a contribution, the pain of
broken dependencies would discourage new contributors from contributing. As a
result, we have revised our guidance for gem authors to now recommend checking
in the lock for gems.
When you make a change to the Gemfile(5) and then run bundle install
,
Bundler will update only the gems that you modified.
In other words, if a gem that you did not modify
worked before
you called bundle install
, it will continue to use the exact
same versions of all dependencies as it used before the update.
Let's take a look at an example. Here's your original Gemfile(5):
source 'https://rubygems.org'
gem 'actionpack', '2.3.8'
gem 'activemerchant'
In this case, both actionpack
and activemerchant
depend on
activesupport
. The actionpack
gem depends on activesupport 2.3.8
and rack ~> 1.1.0
, while the activemerchant
gem depends on
activesupport >= 2.3.2
, braintree >= 2.0.0
, and builder >= 2.0.0
.
When the dependencies are first resolved, Bundler will select
activesupport 2.3.8
, which satisfies the requirements of both
gems in your Gemfile(5).
Next, you modify your Gemfile(5) to:
source 'https://rubygems.org'
gem 'actionpack', '3.0.0.rc'
gem 'activemerchant'
The actionpack 3.0.0.rc
gem has a number of new dependencies,
and updates the activesupport
dependency to = 3.0.0.rc
and
the rack
dependency to ~> 1.2.1
.
When you run bundle install
, Bundler notices that you changed
the actionpack
gem, but not the activemerchant
gem. It
evaluates the gems currently being used to satisfy its requirements:
activesupport 2.3.8
activemerchant
,
which is not being updatedrack ~> 1.1.0
Because you did not explicitly ask to update activemerchant
,
you would not expect it to suddenly stop working after updating
actionpack
. However, satisfying the new activesupport 3.0.0.rc
dependency of actionpack requires updating one of its dependencies.
Even though activemerchant
declares a very loose dependency
that theoretically matches activesupport 3.0.0.rc
, Bundler treats
gems in your Gemfile(5) that have not changed as an atomic unit
together with their dependencies. In this case, the activemerchant
dependency is treated as activemerchant 1.7.1 + activesupport 2.3.8
,
so bundle install
will report that it cannot update actionpack
.
To explicitly update actionpack
, including its dependencies
which other gems in the Gemfile(5) still depend on, run
bundle update actionpack
(see bundle update(1)
).
Summary
: In general, after making a change to the Gemfile(5) , you
should first try to run bundle install
, which will guarantee that no
other gem in the Gemfile(5) is impacted by the change. If that
does not work, run bundle update(1).