Skip to content

[rb] Use portable Ruby#16936

Merged
p0deje merged 4 commits intotrunkfrom
rv-ruby
Feb 27, 2026
Merged

[rb] Use portable Ruby#16936
p0deje merged 4 commits intotrunkfrom
rv-ruby

Conversation

@p0deje
Copy link
Member

@p0deje p0deje commented Jan 17, 2026
edited
Loading

User description

Switch to the new version of rules_ruby that allows downloading portable Ruby versions. No need to wait for compilation anymore!

🔗 Related Issues

💥 What does this PR do?

🔧 Implementation Notes

💡 Additional Considerations

🔄 Types of changes

  • Cleanup (formatting, renaming)
  • Bug fix (backwards compatible)
  • New feature (non-breaking change which adds functionality and tests!)
  • Breaking change (fix or feature that would cause existing functionality to change)

PR Type

Enhancement, Bug fix

Description

  • Use prebuilt Ruby with rv-ruby checksums for multiple platforms

  • Add workaround for rules_ruby incompatibility with jruby/truffleruby

  • Update rules_ruby git override to specific commit

  • Pin Psych gem to 5.0.1 and exclude from bundle fetch

  • Remove date gem checksums (handled by prebuilt Ruby)

Diagram Walkthrough

flowchart LR
  A["rules_ruby git override"] --> B["Prebuilt Ruby support"]
  B --> C["rv_checksums for platforms"]
  D["jruby/truffleruby detection"] --> E["Disable prebuilt Ruby"]
  F["Psych 5.0.1 pinning"] --> G["Exclude from bundle fetch"]
  C --> H["Enhanced Ruby toolchain"]
  E --> H
  G --> H
Loading

File Walkthrough
Relevant files
Bug fix
bazel.yml
Add jruby/truffleruby prebuilt Ruby workaround                     

.github/workflows/bazel.yml

  • Add conditional step to disable prebuilt Ruby for jruby and
    truffleruby
  • Use sed to remove excluded_gems and rv_version from MODULE.bazel
  • Workaround for rules_ruby incompatibility with alternative Ruby
    implementations
 +6/-0     
Configuration changes
MODULE.bazel
Configure prebuilt Ruby and update gem dependencies           

MODULE.bazel

  • Add git_override for rules_ruby pointing to specific commit
  • Add rv_checksums for linux-arm64, linux-x86_64, macos-arm64,
    macos-x86_64
  • Add excluded_gems parameter with psych to bundle_fetch
  • Update psych from 5.3.1 to 5.0.1 (both mri and java variants)
  • Remove date gem checksums (3.5.1 for both mri and java)
 +15/-4   
Dependencies
Gemfile
Pin Psych gem version with documentation                                 

rb/Gemfile

  • Add comment explaining Psych 5.0.1 pinning rationale
  • Pin Psych gem to 5.0.1 to match Ruby 3.2.9 standard library
 +4/-0     

@selenium-ci selenium-ci added C-rb Ruby Bindings B-build Includes scripting, bazel and CI integrations labels Jan 17, 2026
@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Jan 17, 2026
edited
Loading

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
Supply chain override

Description: The new git_override for rules_ruby fetches build tooling directly from
https://github.com/bazel-contrib/rules_ruby by commit, which is a supply-chain risk if the
upstream repository/commit is later found compromised and should be verified/approved per
dependency governance. MODULE.bazel [37-41]

Referred Code 
git_override(
    module_name = "rules_ruby",
    commit = "e8074d6e5e0caa6ab70d2a6c0644c8cd6f62cb8b",
    remote = "https://github.com/bazel-contrib/rules_ruby",
)
Ticket Compliance
🟡
🎫 #1234
🟡
🎫 #5678
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Sed portability risk: The new sed -i commands used to edit MODULE.bazel may fail or behave differently across
runner environments (e.g., GNU vs BSD sed), which could cause non-graceful CI failures
without a fallback path.

Referred Code 
# Workaround for rules_ruby not handling rv-ruby and jruby/truffleruby properly
- name: Disable prebuilt Ruby
  if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby')
  run: |
    sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel
    sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel

Learn more about managing compliance generic rules or creating your own custom rules

  • Update
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Jan 17, 2026
edited
Loading

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Fix incorrect sed commands
Suggestion Impact:Instead of correcting the sed commands as suggested, the commit removed the entire "Disable prebuilt Ruby" workaround step (including the incorrect sed commands), eliminating the buggy behavior altogether.

code diff:

-      # Workaround for rules_ruby not handling rv-ruby and jruby/truffleruby properly
-      - name: Disable prebuilt Ruby
-        if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby')
-        run: |
-          sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel
-          sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel

Fix the sed commands to correctly remove the excluded_gems line and the
multi-line rv_checksums block from MODULE.bazel. The current commands target a
non-existent rv_version parameter and would not correctly remove the multi-line
rv_checksums block.

.github/workflows/bazel.yml [121-123]

 run: |
   sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel
-  sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel
+  sed -i '/^[[:space:]]*rv_checksums = {/,/^[[:space:]]*},/d' MODULE.bazel

[Suggestion processed]

Suggestion importance[1-10]: 9

__

Why: This suggestion correctly identifies a critical bug where the sed command targets the wrong parameter (rv_version instead of rv_checksums) and would fail to remove the multi-line block, causing build failures. The proposed fix is accurate and essential for the workflow's correctness.

High
High-level
Avoid modifying build files in CI
Suggestion Impact:The workflow step "Disable prebuilt Ruby" that ran sed commands against MODULE.bazel was removed from .github/workflows/bazel.yml, aligning with the suggestion to avoid modifying build files in CI. The diff does not show any corresponding move of the logic into Bazel rules, only removal of the CI modification.

code diff:

-      # Workaround for rules_ruby not handling rv-ruby and jruby/truffleruby properly
-      - name: Disable prebuilt Ruby
-        if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby')
-        run: |
-          sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel
-          sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel

Instead of using sed in the CI workflow to modify MODULE.bazel for certain Ruby
versions, this logic should be moved into the Bazel rules. This creates a more
robust and declarative build process.

Examples:

.github/workflows/bazel.yml [118-123] 
      # Workaround for rules_ruby not handling rv-ruby and jruby/truffleruby properly
      - name: Disable prebuilt Ruby
        if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby')
        run: |
          sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel
          sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel

Solution Walkthrough:

Before:

# .github/workflows/bazel.yml
- name: Disable prebuilt Ruby
  if: startsWith(inputs.ruby-version, 'jruby') || startsWith(inputs.ruby-version, 'truffleruby')
  run: |
    sed -i '/^[[:space:]]*excluded_gems/d' MODULE.bazel
    sed -i '/^[[:space:]]*rv_version/d' MODULE.bazel

# MODULE.bazel (as checked in)
ruby.toolchain(
    ...
    rv_checksums = { ... },
    ...
)
ruby.bundle_fetch(
    ...
    excluded_gems = ["psych"],
    ...
)

After:

# .github/workflows/bazel.yml
# The "Disable prebuilt Ruby" step is removed.

# MODULE.bazel (remains declarative and unchanged by CI)
ruby.toolchain(
    ...
    rv_checksums = { ... },
    ...
)
ruby.bundle_fetch(
    ...
    excluded_gems = ["psych"],
    ...
)

# The logic is moved into the bazel rules (e.g. a patched rules_ruby)
# which would conditionally ignore `rv_checksums` and `excluded_gems`
# based on the ruby version (e.g., jruby/truffleruby).
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly identifies a brittle practice of modifying build files (MODULE.bazel) during CI and proposes a more robust, declarative solution, which significantly improves long-term maintainability.

Medium
  • Update

Copilot AI review requested due to automatic review settings February 20, 2026 16:18
Copilot AI reviewed Feb 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Bazel/Ruby toolchain configuration to use a portable (prebuilt) Ruby setup via rules_ruby, while also aligning multiple BUILD/Starlark files with Bzlmod-style explicit loads for Java/C++ rules.

Changes:

  • Configure the Ruby Bazel extension to use portable_ruby, pin rules_ruby via git_override, and add a missing jar_checksums entry for Bundler/JRuby jar resolution.
  • Update multiple Bazel BUILD/Starlark files to load java_* / cc_* rules from @rules_java / @rules_cc (and replace one native.java_binary call).
  • Update Ruby CI workflow inputs and the Ruby lockfile’s BUNDLED WITH metadata.

Reviewed changes

Copilot reviewed 19 out of 20 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
MODULE.bazel Pins rules_ruby, switches Ruby toolchain to portable_ruby, and adds jar_checksums for bundler fetch.
rb/Gemfile.lock Updates BUNDLED WITH Bundler version metadata.
.github/workflows/ci-ruby.yml Passes an explicit ruby-version input for the “Local Tests” job.
BUILD.bazel Loads java_binary from @rules_java for the top-level server target.
scripts/BUILD.bazel Loads/uses java_binary from @rules_java for google-java-format.
javascript/private/test_suite.bzl Loads java_binary from @rules_java and replaces native.java_binary with java_binary.
javascript/grid-ui/BUILD.bazel Loads/uses java_import from @rules_java for UI jar packaging.
javascript/grid-ui/public/BUILD.bazel Loads/uses java_import from @rules_java for the public UI jar.
java/BUILD.bazel Loads/uses java_library and java_plugin from @rules_java.
java/private/BUILD.bazel Loads/uses java_binary from @rules_java for SpotBugs CLI.
java/private/module.bzl Loads java_common and JavaInfo from @rules_java for module/jar handling.
java/private/common.bzl Loads JavaInfo from @rules_java for Maven/Java provider access.
java/private/dist_info.bzl Loads JavaInfo from @rules_java for dist metadata aspect logic.
java/test/org/openqa/selenium/netty/server/BUILD.bazel Loads java_library from @rules_java for test targets.
java/test/org/openqa/selenium/grid/router/BUILD.bazel Loads java_library from @rules_java for test support targets.
java/test/org/openqa/selenium/firefox/BUILD.bazel Loads java_library from @rules_java for test support targets.
cpp/linux-specific/BUILD.bazel Loads cc_binary from @rules_cc.
common/remote-build/cc/cc_toolchain_config.bzl Loads cc_common from @rules_cc for toolchain config creation.
common/remote-build/cc/armeabi_cc_toolchain_config.bzl Loads cc_common from @rules_cc for toolchain config creation.
common/remote-build/cc/BUILD Loads cc_library from @rules_cc.

@p0deje p0deje changed the title [rb] Use prebuilt Ruby [rb] Use portable Ruby Feb 26, 2026
Copilot AI review requested due to automatic review settings February 26, 2026 14:58
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 19 out of 20 changed files in this pull request and generated 6 comments.

shs96c
shs96c reviewed Feb 26, 2026
View reviewed changes
Copy link
Member

@shs96c shs96c left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The copilot reviews are right about the loading of the java_library rule, and you need to run buildifier over this to reorder imports.

Copilot AI review requested due to automatic review settings February 26, 2026 21:29
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 19 out of 20 changed files in this pull request and generated 7 comments.

@p0deje p0deje merged commit 5c23c7d into trunk Feb 27, 2026
56 of 57 checks passed
@p0deje p0deje deleted the rv-ruby branch February 27, 2026 15:06
AutomatedTester pushed a commit that referenced this pull request Mar 11, 2026
@p0deje @aguspe @AutomatedTester
[rb] Use portable Ruby (#16936)
4fc491a 
* [rb] Switch to portable Rubies
* [java] Load `java_library` from repo
* [java] Load `java_binary` from repo

---------

Co-authored-by: Augustin Gottlieb <33221555+aguspe@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shs96c shs96c shs96c left review comments

Copilot code review Copilot Copilot left review comments

@aguspe aguspe aguspe approved these changes

Assignees

No one assigned

Labels

B-build Includes scripting, bazel and CI integrations C-rb Ruby Bindings Review effort 3/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@p0deje @shs96c @aguspe @selenium-ci