-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cargo update
prints Adding
+ Removing
lines when multiple versions of the same crate are updated
#9408
Comments
@rustbot claim |
Github action to periodically `cargo update` to keep dependencies current Opens a PR periodically with the results of `cargo update`. If an unmerged PR for the branch `cargo_update` already exists, it will edit then reopen it if necessary. ~~This also uses [`cargo-upgrades`](https://gitlab.com/kornelski/cargo-upgrades) to provide a list of available major upgrades in the PR body.~~ It includes the list of changes output by `cargo update` in the commit message and PR body. Note that this output is currently sub-optimal due to rust-lang/cargo#9408, but if updates are made more regularly that is less likely to show up. Example PR: pitaj#2 Example action run: https://github.com/pitaj/rust/actions/runs/5035731903 Prior discussion: https://rust-lang.zulipchat.com/#narrow/stream/242791-t-infra/topic/dependabot.20updates.3F Up for discussion: - What period do we want? Currently weekly - What user should it use? Currently "Github Actions" - Do we need the extra security of provided by executing `cargo update` and `cargo-upgrades` in a separate job? If not I can simplify it to not need artifacts. - PR message wording - PR should probably always be `rollup=always`? - What branch should it use? - What should it do if no updates are available? Currently fails the job on empty commit - Should the yml file live in `src/ci` instead of directly under workflows? - ~~Is using the latest nightly toolchain enough to ensure compatibility with `Cargo.lock` and `Cargo.toml`s in master?~~ Now pulls the bootstrap version from stage0.json r? infra
Github action to periodically `cargo update` to keep dependencies current Opens a PR periodically with the results of `cargo update`. If an unmerged PR for the branch `cargo_update` already exists, it will edit then reopen it if necessary. ~~This also uses [`cargo-upgrades`](https://gitlab.com/kornelski/cargo-upgrades) to provide a list of available major upgrades in the PR body.~~ It includes the list of changes output by `cargo update` in the commit message and PR body. Note that this output is currently sub-optimal due to rust-lang/cargo#9408, but if updates are made more regularly that is less likely to show up. Example PR: pitaj#2 Example action run: https://github.com/pitaj/rust/actions/runs/5035731903 Prior discussion: https://rust-lang.zulipchat.com/#narrow/stream/242791-t-infra/topic/dependabot.20updates.3F Up for discussion: - What period do we want? Currently weekly - What user should it use? Currently "Github Actions" - Do we need the extra security of provided by executing `cargo update` and `cargo-upgrades` in a separate job? If not I can simplify it to not need artifacts. - PR message wording - PR should probably always be `rollup=always`? - What branch should it use? - What should it do if no updates are available? Currently fails the job on empty commit - Should the yml file live in `src/ci` instead of directly under workflows? - ~~Is using the latest nightly toolchain enough to ensure compatibility with `Cargo.lock` and `Cargo.toml`s in master?~~ Now pulls the bootstrap version from stage0.json r? infra
Github action to periodically `cargo update` to keep dependencies current Opens a PR periodically with the results of `cargo update`. If an unmerged PR for the branch `cargo_update` already exists, it will edit then reopen it if necessary. ~~This also uses [`cargo-upgrades`](https://gitlab.com/kornelski/cargo-upgrades) to provide a list of available major upgrades in the PR body.~~ It includes the list of changes output by `cargo update` in the commit message and PR body. Note that this output is currently sub-optimal due to rust-lang/cargo#9408, but if updates are made more regularly that is less likely to show up. Example PR: pitaj#2 Example action run: https://github.com/pitaj/rust/actions/runs/5035731903 Prior discussion: https://rust-lang.zulipchat.com/#narrow/stream/242791-t-infra/topic/dependabot.20updates.3F Up for discussion: - What period do we want? Currently weekly - What user should it use? Currently "Github Actions" - Do we need the extra security of provided by executing `cargo update` and `cargo-upgrades` in a separate job? If not I can simplify it to not need artifacts. - PR message wording - PR should probably always be `rollup=always`? - What branch should it use? - What should it do if no updates are available? Currently fails the job on empty commit - Should the yml file live in `src/ci` instead of directly under workflows? - ~~Is using the latest nightly toolchain enough to ensure compatibility with `Cargo.lock` and `Cargo.toml`s in master?~~ Now pulls the bootstrap version from stage0.json r? infra
Github action to periodically `cargo update` to keep dependencies current Opens a PR periodically with the results of `cargo update`. If an unmerged PR for the branch `cargo_update` already exists, it will edit then reopen it if necessary. ~~This also uses [`cargo-upgrades`](https://gitlab.com/kornelski/cargo-upgrades) to provide a list of available major upgrades in the PR body.~~ It includes the list of changes output by `cargo update` in the commit message and PR body. Note that this output is currently sub-optimal due to rust-lang/cargo#9408, but if updates are made more regularly that is less likely to show up. Example PR: pitaj/rust#2 Example action run: https://github.com/pitaj/rust/actions/runs/5035731903 Prior discussion: https://rust-lang.zulipchat.com/#narrow/stream/242791-t-infra/topic/dependabot.20updates.3F Up for discussion: - What period do we want? Currently weekly - What user should it use? Currently "Github Actions" - Do we need the extra security of provided by executing `cargo update` and `cargo-upgrades` in a separate job? If not I can simplify it to not need artifacts. - PR message wording - PR should probably always be `rollup=always`? - What branch should it use? - What should it do if no updates are available? Currently fails the job on empty commit - Should the yml file live in `src/ci` instead of directly under workflows? - ~~Is using the latest nightly toolchain enough to ensure compatibility with `Cargo.lock` and `Cargo.toml`s in master?~~ Now pulls the bootstrap version from stage0.json r? infra
These messages are outputted by diffing the resolved dependency tree before and after. We make the assumption that we can report The challenge is knowing how to line up adds and removes when there are multiple versions of a package in the tree. Maybe we can make the assumption that, so long as they are semver compatible, that its an upgrade? I worry there are corner cases with that where version unification doesn't happen, like two git sources with different hashes, and would want further input from someone like @Eh2406 to know if there are a set of restrictions where this could be done and if there are any future plans that could further complicate it (like would we ever extend build-std's independent resolve graphs for other big projects like gitoxide or bevy and would that cause problems?). |
This is a two-way dore. If this is not compatible with some other change we want to make we can back this out. The heuristic seems reasonable to me. (I am not remembering how GIT is handled in enough detail to know what exceptions need to be made there, but we can add a "and all versions are from a registry source" if needed.) It is also similar to Alex's suggestions in #9884 A bigger question is what happens to the message when |
Agreed its a two way door. More so my concern is we are duplicating knowledge and either the hassle for tracking it or how acceptable we find "bugs" in this as we don't take this into account. As for the breaking update, that would just not be subject to this (goes back to Adding and Removing) and we'd just tweak the algorithm more to cover more cases, if desired enough. |
Problem
The more concise
Updating
lines are not printed if multiple versions of the same crate are updated in one commandSetup
Current
Expectation
Notes
Output of
cargo version
:cargo 1.53.0-nightly (65d57e6f3 2021-04-04)
The text was updated successfully, but these errors were encountered: