Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Relax constraints on dependencies to minimal semver #6

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

huonw
Copy link

@huonw huonw commented Jan 14, 2023

This relaxes the semver constraints on the dependencies to be the minimal that compiles. This allows more flexible integration of gha-toolkit into existing codebases, that may already use some of the dependencies, at lower versions.

For example, I'm experimenting with integrating gha-toolkit into https://github.com/pantsbuild/pants, which already depends on reqwest 0.11.11 and thiserror 1.0.30 (among others). Before this PR, gha-toolkit previously required reqwest >= 0.11.13 and thiserror >= 1.0.37, which means those dependencies would have to be duplicated. This works fine with cargo, but costs compile time and potential confusion.

I've chosen the version constraints here by:

  1. stripping the existing constraints down to the minimal semver (e.g. 0.11 for reqwest)
  2. running cargo +nightly update -Z minimal-versions to have cargo lock to the minimal versions
  3. running cargo build, noticing errors and then bumping an appropriate minimal version constraint (for instance, #[error(transparent)] requires https://github.com/dtolnay/thiserror/releases/tag/1.0.7, so I had to increase the thiserror = "1" constraint to thiserror = "1.0.7")
  4. repeated from step 2, until it compiled

This change shouldn't affect any existing users of the library, since this is strictly more permissive: a locked set of dependencies for users of gha-toolkit 0.3.1 will also satisfy these new constraints.

(Thank you for gha-toolkit!)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant