AEP for developer/packager workflow supporting changes #466
Conversation
mosteo
added
type: RFC
There was a problem hiding this comment.
I will toss around my own idea of the workflow I would like to have as a user.
So we can hopefully brainstorm on each others view.
I would prefer to not have an extra file for dependencies, but I am not closed
to the idea. In my opinion, we can make alr with edit alire.toml in a
way that preserve the file.
In my opinion we only need two files:
-
alire.toml(ormy_project.alire): contains everything about the current
state of the project. Basically the same as the manifest we have right now,
except that there is no notion of multiple releases. There is only one
release, the "current" one. We can have a field for the users to specify a
version number for "current".Dependencies are added/removed to/from this file, either automatically or
manually (see above).This files doesn't have any mandatory field because it can be a
work-in-progress, and this is not the file that will be contributed to the
index.It is version controlled and can be in the root dir of the project.
-
alire.lock: same purpose as right now. It is version controlled so it
can be in the root dir of the project as well.
When a packager wants to publish a version of the crate to the index, the
command alr publish 1.0.0 will gather the info from alire.toml and
alire.lock to produce a "release manifest": for instance
alire/releases/my_project-1.0.0.toml. This is the file that is contributed to
the index, and it is clear that it is machine-generated and not supposed to be
edited by hand.
alr publish can also produce an archive and its sha512, or ask for an origin URL.
If it is an archive, the sha512 is automatically computed and added to the "release manifest".
Once the packager has contributed the "release manifest" to an index, it can forget about
it. Working a new next release just means editing alire.toml, the code and
then doing another alr publish.
This means a big refactoring on how alire reads the index, because there is
now multiple toml files for a single crate.
doc/AEPs/aep-0002.md
Outdated
| direction. That is, make the manifest file a user-edited file only, and put it | ||
| under version control. | ||
|
|
||
| A problem that Cargo has not is that `alr with` is leveraged to comfortably |
There was a problem hiding this comment.
Cargo doesn't have any command to add a dependency, right?
cargo.toml is always edited manually.
For OPAM and Conan, looks like there is an install command but it doesn't change the "manifest".
So it would mean that the features provided by alr with are beyond what is commonly available.
The more common scheme is to add new dependencies by editing a file.
There was a problem hiding this comment.
Cargo doesn't have any command to add a dependency, right? cargo.toml is always edited manually.
Right.
For OPAM and Conan, looks like there is an install command but it doesn't change the "manifest".
Since we don't install, I think that goes beyond what we have right now anyway.
So it would mean that the features provided by alr with are beyond what is commonly available. The more common scheme is to add new dependencies by editing a file.
Right again. In Cargo at least, you edit and the next cargo command detects the edition and updates dependencies as needed. So it's always a two-step process.
doc/AEPs/aep-0002.md
Outdated
| under version control. | ||
|
|
||
| A problem that Cargo has not is that `alr with` is leveraged to comfortably | ||
| edit GPR files, making dependencies available in one step. Thus, there is a |
There was a problem hiding this comment.
This is a extra difficulty that we have maybe compared to other package manager, the fact that there is another tool and file format for build (gprbuild and gpr files).
This question of adding with statement in a gpr file doesn't exists for other package managers, AFAIK.
There was a problem hiding this comment.
This is true, although with the "section markers" you recently implemented I think we are now in an equivalent situation (the automatic section can be generated at any moment is convenient for us).
Great! Actually I think we have very close positions, just details to iron out.
Agreed. Having a section with markers should work, if we end needing a part of the file that is autogenerated.
The current local manifest is already like that; no more than one release should be found there. I forgot to mention that in the proposal, but the idea is as you say: locally, the manifest represents the current state. Only the index stores all "frozen" (for each version) copies of the manifest.
The version is currently taken from the table name that stores the release, but this would be even simpler if we move to a single file per release in the index.
My only note here is: if the information it contains can be moved directly into the index copy, it may save work for packagers and simplify our automation.
Actually, the lockfile should only be version-controlled for crates containing end-products (Cargo nomenclature, so binaries or static libraries), so their dependencies can be fixed for reproducibility. For non-end-product crates, the lockfile should not be distributed as it precludes conflict resolution. This is the same distinction made in Cargo (explained here and here). Another aspect to consider here is that the lockfile is platform-dependent, as dynamic expressions are resolved to obtain platform dependencies. For non-end crates, or platform-independent crates, this is a non-issue (for the former, there's no lockfile to distribute; for the latter, it is the same one for all platforms). For end-product crates, I suspect one would have to distribute several lockfiles for the different scenarios. And this involves solving for all foreseeable combinations in advance. I see this as a further separate issue though.
No disagreement on the skipped part about generating the index file.
Right, agreed.
I think this is a matter of implementation, but related to something I wanted to brought up sooner than later, so since you mention it, it's a good moment. I agree on the idea that we need either:
I think both are pretty equivalent, although separate files is probably simpler to manage. For now I would leave the lockfile out of the picture (although keeping an eye on future trouble). I have to scram rn so I cannot write the conclusions. More to come. |
One release should be found, but the reality is actually confusing for users. ["0.0.0"]
origin = "file://.."
["0.0.0".depends-on]
libhello = "*"And because release manifests have multiple versions: https://github.com/Fabien-Chouteau/ada-voxel-space-demo/blob/master/alire/ada_voxel_space_demo.toml Just to be sure we are on the same page. What I suggest is that we remove the release to top-level TOML object.
Nice, I do think that this will be better in the end.
Not sure what you have in mind here.
Makes sense 👍
I seems like the second solution is more complex with different ways to read manifests.
Sounds good. |
That's fair.
Understood. Indeed that indirection is bothersome and not necessary for the local manifest.
That's my understanding as well. Though, I'm not sure where the whole information is stored. There is some partial information that can be seen in the crates.io repo: see for example the rand crate. The description is missing there, for example.
I mean that there could be no need to regenerate the index copy from memory information if the local manifest can be included directly (even if we gather some pieces of information from different places). Not really a crucial point.
I'm inclined to think the same. Now, I don't think we have fundamental disagreements about the workflow but I feel we are starting to bite too much for a single issue, so I'm going to try to take a step back. The core ideas behind this proposal to me are:
Other big format changes in the index or manifest can be addressed separately, so I would discuss those in a follow-up issue. With the previous points in mind:
On the one hand, I see how removing As you said, we are in a particular situation because to use a new library we need to update three places: the GPR, the manifest, and the Ada code. As a whole, with (Side note: I've been rethinking about putting the lockfile into VCS as you said. I think it may work in our particular case, because it is not used for dependencies, so the Cargo rationale does not translate directly to Alire. I would like simplifying this point too, it's simpler if we can simply advice having both always in VCS.) |
I think that
I would go for 2. We are still in beta, we have time to rethink about
I do like |
|
Thanks for the feedback, Fabien. I have a clear view now on how to proceed. I think we can attain the three objectives with a relatively simple patch that removes regeneration of the manifest (unless there's no manifest, to serve as a transitional measure) and that uses e.g. a top-level As for the big index refactoring (single file per release) and related local manifest changes, I think that can be ironed out also separately. I don't think it needs to interfere with this one. I'll open an issue for these topics to clarify. |
mosteo
force-pushed
the
feat/publish-workflow
branch
from
ddaff73 to
d59e07a
Compare
|
As an alternative to what I just pushed (a private part in the manifest), I can see having two files like now, manifest + lockfile, but redefine them as the user manifest and the private Steps to implement this proposal piecemeal:
Follow-up changes raised in the discussion
|
doc/AEPs/aep-0002.md
Outdated
|
|
||
| The proposal relies on the following changes: | ||
|
|
||
| - `${crate}/alire/crate.toml` (manifest) is under version control and manually |
There was a problem hiding this comment.
I think we should move it to the root dir: ${crate}/alire.toml.
There was a problem hiding this comment.
And make it always alire in name, I guess. I think it's less confusing. And the lock file in tow, too (on both naming and placement).
doc/AEPs/aep-0002.md
Outdated
| Migration plan | ||
| -------------- | ||
|
|
||
| A problem with the current situation is that packaged releases do not currently |
There was a problem hiding this comment.
That means you want to use the manifest in the source package of a release for instance, rather than use the one already in the index?
There was a problem hiding this comment.
If I understand the context you quote correctly, yes, but this is only a concern for a root crate retrieved with alr get.
For the root crate we rely exclusively on the on-disk manifest. So, for alr get crates we currently regenerate the local manifest from the index information and from then on is as if the user had provided the manifest. So the idea is to actually use the one they provide at the time of packaging (that should match the one published).
Dependencies OTOH use the index information from which we find and retrieve them; any manifest they include is ignored (and we do not recreate one for them). (Except for dependencies linked from a directory; the local manifest is used because there's no corresponding index information.)
There was a problem hiding this comment.
use the one they provide at the time of packaging (that should match the one published)
That is my concern, we don't know if the manifest packaged in a release is going to be the same as the one in the index.
There was a problem hiding this comment.
This is also on my radar. Thoughts:
- Compare local and remote manifest and warn/err if they differ.
- We should check this too server-side for new submissions, so the logic could be reused.
- Use the index manifest by default after
alr get, until a manual edition to the local manifest is done.- Overkill if we have checks, simpler if we don't have.
As far as I see, this is only a concern for root crates retrieved via alr get. Otherwise the local manifest is the only source of metadata.
doc/AEPs/aep-0002.md
Outdated
| updating the manifest and the project file(s). Thus, there is a need to keep | ||
| `alr with` functionality without regenerating the manifest file, to respect | ||
| user's manual editions. To meet both ends, the proposal is to add a new | ||
| `[private]` top-level table, at the end of the manifest, properly identified |
There was a problem hiding this comment.
If we change depends-on to be a TOML array of table: [[depends-on]], alr with can just append to the manifest:
$ alr with gnatcoll
[[depends-on]]
gnatcoll = "*"$ alr with apdf
[[depends-on]]
gnatcoll = "*"
[[depends-on]]
apdf = "*"This makes alr with very simple to implement and doesn't require a special "do not touch" section in the manifest.
It also means that we cannot have alr with --del apdf, but I don't this it is a huge problem.
There was a problem hiding this comment.
Interesting idea. I need to think how that would impact current dynamic expressions.
I don't like that one can end with dependencies scattered over the manifest, and the "redundant" depends-on. OTOH I don't like having dependencies split between the manifest and the lockfile or private part either. This looks cleaner.
Instead of having an extra file, we rely on a private part within the manifest.
mosteo
force-pushed
the
feat/publish-workflow
branch
from
d59e07a to
e2a8d3c
Compare
|
I have updated the document to reflect the implemented changes. Since this is an internal document, I'm going ahead and merge but if you see any discrepancy that merits fixing please let me know. |
This is a proposal for changes without any code yet. Related to points raised in #240, and intended to clarify ideas before starting development on publishing automation.
Since I expected this to be somewhat long and not very manageable for changes, the description is given in the
doc/AEPs/aep-0002.md file.In summary, the proposal is to clarify how the manifest file is to be used/edited/versioned and to fully embrace the manifest to be edited by hand, mainly by packagers.
Although the description talks about a new
*.diffdelta file, I think this is doable by having a "tail" section in the current manifest that be autogenerated (e.g., thedev-dependsthat you @Fabien-Chouteau suggested in #240), while the rest is only hand-edited (so, like project files and"with"s). Thus, maintainers could move information from the autogenerated part into the hand-maintained part as part of the publishing process, and we don't need to complicate things outwards by having an extra file.If we decide the proposal can move forward, I would update it to reflect this unified toml file.