Jets CI CodeBuild Private Repos

If you have private gems in your Gemfile. You can use bundle env variables like BUNDLE_GITHUB__COM to allow access to these private repos.

This also works for other private repos with other domains. Examples:



Here’s an example Gemfile with a private gem.


source ""
gem "my-private-gem", github: "ORG/REPO"

This is the same as:

source ""
gem "my-private-gem", git: ""

CI Runner

Set the CI project env var so that bundler use the BUNDLE_GITHUB__COM and the private


Jets.deploy.configure do = {

The CodeBuild CI project is used for continuous integration. This environment is different from the CodeBuild Remote Runner. It needs BUNDLE_GITHUB__COM since the CI deploy script does a bundle install before a jets deploy.

One way to help think about the CI runner is to prevent it’s your local dev machine.

Remote Runner

The CodeBuild Remote Runner needs BUNDLE_GITHUB__COM. You can set the env var.


Jets.bootstrap.configure do
  config.codebuild.project.env.vars = {

The remote runner uses Docker to build your app and it’s dependencies. It will pass BUNDLE_* env vars to the docker build command as build args. Something like this>

docker build --build-arg BUNDLE_GITHUB__COM=*** ...

This allows the bundle install that runs within the Docker build process to download private gems.

Security Note

You can safely use BUNDLE_* env variables. However, you should not add to your Gemfile. There is no need to. Bundler’s bundle is smart enough to use the credentials from the env variables without you explicitly adding them to your Gemfile.

In fact, if you add them to your Gemfile, even with String interpolate with ENV["BUNDLE_GITHUB__COM"], the generated Gemfile.lock will contain the secret credential. It’s a security issue. See discussion here: GitHub: Bundler should NOT include private credentials in Gemfile.lock from source urls in Gemfile #3609


If you’re getting an error like this.

Retrying git clone --bare --no-hardlinks --quiet --no-tags --depth 1 --single-branch -- /root/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/cache/bundler/git/my-private-gem-af4c5b2bc45df74546fcc8bfda9a241ec77f1123 due to error (2/4): Bundler::Source::Git::GitCommandError Git error: command git clone --bare --no-hardlinks --quiet --no-tags --depth 1 --single-branch -- /root/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/cache/bundler/git/my-private-gem-af4c5b2bc45df74546fcc8bfda9a241ec77f1123 in directory /root/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/cache/bundler/git/my-private-gem-af4c5b2bc45df74546fcc8bfda9a241ec77f1123 has failed. fatal: could not read Username for ‘’: No such device or address

This probably means that your Gemfile contains a gem from a private repo and your set up is not allowing bundler permission to download gem from the repo. You can fix this with the BUNDLE_GITHUB__COM env variable as describe above.