Merge pull request #8483 from rubygems/deivid-rodriguez/fail-hard-when-lockfile-is-missing-deps-in-frozen-mode

Raise error when lockfile is missing deps in frozen mode

(cherry picked from commit 126cfe2)

Author: deivid-rodriguez

bundler/lib/bundler/definition.rb

@@ -638,6 +638,8 @@ def materialize(dependencies)
       specs = begin
         resolve.materialize(dependencies)
       rescue IncorrectLockfileDependencies => e
+        raise if Bundler.frozen_bundle?
+
         spec = e.spec
         raise "Infinite loop while fixing lockfile dependencies" if incorrect_spec == spec
 

bundler/lib/bundler/errors.rb

@@ -254,6 +254,10 @@ def initialize(spec)
       @spec = spec
     end
 
+    def message
+      "Bundler found incorrect dependencies in the lockfile for #{spec.full_name}"
+    end
+
     status_code(41)
   end
 end

bundler/spec/lock/lockfile_spec.rb

@@ -1587,6 +1587,32 @@
     L
   end
 
+  it "raises a clear error when frozen mode is set and lockfile is missing deps, and does not install any gems" do
+    lockfile <<-L
+      GEM
+        remote: https://gem.repo2/
+        specs:
+          myrack_middleware (1.0)
+
+      PLATFORMS
+        #{lockfile_platforms}
+
+      DEPENDENCIES
+        myrack_middleware
+
+      BUNDLED WITH
+         #{Bundler::VERSION}
+    L
+
+    install_gemfile <<-G, env: { "BUNDLE_FROZEN" => "true" }, raise_on_error: false
+      source "https://gem.repo2"
+      gem "myrack_middleware"
+    G
+
+    expect(err).to eq("Bundler found incorrect dependencies in the lockfile for myrack_middleware-1.0")
+    expect(the_bundle).not_to include_gems "myrack_middleware 1.0"
+  end
+
   it "automatically fixes the lockfile when it's missing deps, they conflict with other locked deps, but conflicts are fixable" do
     build_repo4 do
       build_gem "other_dep", "0.9"