This might be an obvious question but I’m having trouble googling for a best practice. I’m using Rails 3.0 and Bundler.

I started developing a Rails app on my work laptop. I added gem names to my gem file and ran bundle install. When I did this I didn’t pay much attention to what version of the gems I needed, I just let Bundler install the latest versions. Everything was working fine.

I pushed this app up to Heroku and it just worked.

1. Is Heroku using the gem versions defined in my Gemfile.lock file? Or is it fetching the latest versions using the Gemfile and installing those?

   Then I got a new laptop. So I decide to clone the git repo on that laptop as well. I installed RVM, cloned the repo from GitHub and then ran bundle install locally. The problem was that because I didn’t specify the gem versions in the Gemfile, running bundle install downloaded the latest gem versions. I made some CSS changes and pushed up to Heroku, and was surprized to find the app broken. Apparently the paperclip gem now requires some other aws gem or something or other.

   So I looked through the git logs on Gemfile.lock, found the previous working version of paperclip and put that version number in the Gemfile. Repushed to heroku and it’s working again.

2. How do I avoid this problem from happening? Should I always be putting the gem version number in my Gemfile? Should I be vendoring my gems (which I’ve not done before, how to do it)?