Update rust-toolchain

[1tgr]

Can Dependabot update the rust-toolchain file, if it exists?

It should at least update stable to latest stable, and ideally update nightly to latest nightly and beta to latest beta. Updating nightly to stable (eg an unstable feature got stabilised) should probably be a manual change.

[jbreitbart]

rustup now supports rust-toolchain files that look like

[toolchain]
channel = "nightly-2020-11-25"
components = [ "rustfmt", "rust-src", "llvm-tools-preview"]
targets = [ "x86_64-unknown-hermit" ]

take from https://github.com/hermitcore/rusty-hermit/blob/master/rust-toolchain

The project uses features only available in the nightly version of the rust compiler, but if we set the channel directly to 'nightly' the CI will download the latest version, which means it uses a different compiler/format checker/... every day. Just a few days ago there was a change in rustfmt, which resulted in every pull request to fail as the latest version of rustfmt wanted to format parts of the code differently.

If we could use dependabot to update the rust-toolchain file once a week that would be great 😄

// CC @stlankes

[stlankes]

Yes, the usage of dependabot will be great. Can you that? You are the dependabot expert...

[jurre]

I think technically it'll be possible, but it will require adding support at all levels of dependabot. I don't think we'll be able to prioritize it in the near future unfortunately.

Having said that, what would be some good resources to read up on rust-toolchain, what it does and how we could check for new versions etc?

[jbreitbart]

rust-toolchain is used by rustup. See [0] if you are looking for information on what rustup does. [1] is the link directly to the rust-toolchain file section. I am not aware of any exact specification on the file, but I think @ebroto added support for the TOML syntax to rustup, maybe he can provide some further details.

[0] https://rust-lang.github.io/rustup/index.html
[1] https://rust-lang.github.io/rustup/overrides.html#the-toolchain-file

[davepacheco]

This would be very useful!

[haraldreingruber-dedalus]

I also think this would be very interesting. Right now we use the lastest stable toolchain, which causes us every once in a while fixing new clippy warnings when they are added.... It would be nice to have a fixed version configured, and dependabot letting us know if a new version can be updated without any issues or not.

[JamieMagee]

I'm going to share some of the research I was able to find on datasources for updating rust-toolchain.toml:

Dependabot would need to update the channel property in rust-toolchain.toml. channel is formatted as¹:

<channel>[-<date>][-<host>]

<channel>       = stable|beta|nightly|<major.minor>|<major.minor.patch>
<date>          = YYYY-MM-DD
<host>          = <target-triple>

Semver versions can be found from the git tags in https://github.com/rust-lang/rust ². Full information on dated channels can be found at the following URLs:

• https://static.rust-lang.org/dist/channel-rust-stable.toml
• https://static.rust-lang.org/dist/channel-rust-beta.toml
• https://static.rust-lang.org/dist/channel-rust-nightly.toml

However, we only likely need the date itself, which can be found at:

• https://static.rust-lang.org/dist/channel-rust-stable-date.txt
• https://static.rust-lang.org/dist/channel-rust-beta-date.txt
• https://static.rust-lang.org/dist/channel-rust-nightly-date.txt

Another potential avenue for both semver and channel version data is the Rust manifest list³. It's a single source for all of this information.

Footnotes

1. https://rust-lang.github.io/rustup/concepts/toolchains.html ↩

2. https://github.com/rust-lang/rust/tags ↩

3. https://static.rust-lang.org/manifests.txt ↩

[RobJellinghaus]

Note that for internal consumption in Azure DevOps, we will need to be able to configure Dependabot to be able to use our internal msrustup toolchain installer (which supports Azure authentication), and to install the internal Microsoft toolchain which we require for production Rust binaries.

So Dependabot will need some configuration mechanism to allow the information sources you mention to be configured appropriately, such that public Dependabot would use the public rust-lang channels as you suggest, whereas Azure DevOps Dependabot would be configured to use internal channels to get the same information.

In general, "support configuration for using internal Microsoft Rust toolchain and toolchain installer" is its own feature, which overlaps with the general feature for installing toolchains dynamically within Dependabot. @abdulapopoola is going to connect me with that ongoing work.

[abdulapopoola]

Tagging @jakecoffman and @jurre , I suspect this will need proxy changes?