cargo vet certify unnecessarily reformats config.toml
#589
Comments
|
This seems reasonable at first glance. Certain certifications can necessitate changes in |
|
In general, all |
|
Would it be possible to somehow split |
|
Hmmm... I guess one other alternative may be to modify our tooling (i.e. |
|
/cc @danakj |
This seems rather undesirable. I see no harm in having a
I agree that rewriting |
After this commit `audits.toml`, `config.toml`, and `imports.lock` will
not be written if their contents wouldn't have changed ("contents" in a
business logic sense - ignoring comments and/or formatting differences).
Fixes mozilla#589
|
In terms of proposed code changes, I am thinking about something along the following lines:
Please comment if you have any concerns with the proposal above. In the meantime, let me open a pull request along those lines so that we have more concrete code changes to discuss. |
|
I don't think that this is the approach that we want to take. The automatic formatting, and especially the validation when running under
Overall, I would prefer to keep the existing behaviour of maintaining strict formatting requirements on files in the store to keep down this kind of churn, and keep supply chain file deltas easier to review. To my understanding, the main reason for this request is due to wanting to preserve the comment at the start of the Would that be sufficient for your use-case? This way we'd still be validating and ensuring that the TOML is correctly formatted and won't generate unnecessary deltas in the future due to manual edits when running with I noticed that in your linked chromium revision, there were also some comments inline in the TOML. Preserving something like that would unfortunately be much more difficult (which is one of the reasons why we have an explicit |
Hmmm... I guess this is indeed correct. Of course this assumes that we are able to use a
Ack. I think it's okay to replace these comments with handlebars-only comments inside our |
Another option here might be to run |
In the future we want `cargo vet` to be used by
`third_party/rust/PRESUBMIT.py` and when used in this mode, we want
`cargo vet` to be somewhat hermetic. This CL helps with that by
ensuring that `--locked --frozen` switches work when used as follows:
```
$ tools/crates/run_cargo_vet.py check \
--locked --frozen \
--no-minimize-exemptions --no-registry-suggestions \
--output-format=json
{
"conclusion": "success",
"vetted_fully": [
{
"name": "aho-corasick",
"version": "1.1.2"
},
...
```
The CL achieves the above by:
* Reintroducing a pre-populated `imports.lock` file.
- Having this in the repo means that code reviews will explicitly
include information about newly imported audits.
- Note that (per mozilla/cargo-vet#272)
`imports.lock` should hopefully see minimal churn, because it
should only cover imports that are actually used.
- In a sense, this CL reverts/reconsiders `imports.lock`-related parts
of https://crrev.com/c/5368308
* Tweaking `vet_config.toml.hbs` to produce `config.toml` with the exact
formatting expected by `cargo vet`.
- This has some downsides - e.g. we loose the
'@generated by tools/crates/gnrt vendor. Do not edit.' comment.
- This is necessary because even formatting-only discrepancies trigger
an error in `--locked` mode: "A file in the store is not correctly
formatted [...] run `cargo vet` without --locked to reformat files
in the store"
- This is somewhat related to
mozilla/cargo-vet#589
- In a sense, this CL makes obsolete the `config.toml`-related parts
of https://crrev.com/c/5368308. OTOH, detecting changes to
`config.toml` (including a comments-only change) is not harmful, so
let's leave the detection logic in place (in `run_cargo_vet.py).
Bug: 41494083
Change-Id: Ia5967fa8e8b13b885f703810ef84c5d79030dfae
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5368743
Reviewed-by: danakj <danakj@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1275813}
In my project the
supply-chain/config.tomlfile is auto-generated from project-specific metadata by a tool (*). The file has a copyright header and some other headers like# @generated by tools/crates/gnrt vendor. Do not edit.. These headers are clobbered by somecargo vetcommands.I understand that
cargo vet fmtwill reformat all the files, includingconfig.toml. OTOH, IMOcargo vet certify ...should only write toaudits.tomland should leaveconfig.tomlunchanged. Is that a reasonable expectation?(*) We use the
gnrttool to mapping project-specific categorization of crates intocargo vetrequirements like:The text was updated successfully, but these errors were encountered: