> This appears to be leaving out copying Gemfile.lock so you have no real idea what versions of dependencies are being installed here. This is not safe.
As someone who's only touched Ruby for a few years (and not even Ruby on Rails): I wouldn't have even known to look for a Gemfile.lock.
> As someone who's only touched Ruby for a few years
Well... Gemfile.lock has nothing to do with rails and all to do with Bundler, but if you've never used Bundler for dependency management it's possible that it's new to you.
I only have a couple of years of experience with rails and haven't touched it in 6 years, but I'd be very sceptical of any article that tries to teach how to build projects in rails and doesn't even get those basics right.
As someone who's only touched Ruby for a few years (and not even Ruby on Rails): I wouldn't have even known to look for a Gemfile.lock.
Perhaps the author doesn't know either.