-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reproducible build [Documentation] #5776
Comments
Looking for my 'nawabs' project? :-) |
This is of paramount importance to me as well. There are two things that can be improved by documentation/culture alone:
I think that every documentation (official nim documentation, the nimble github page, tutorials...) should strive to emphasize the use of nimble files (as opposed to global installs). It takes a few second to bump version because it is just a git tag and a line in the nimble file - let us take advantage of this! @Araq I looked at nawabs and it seems interesting, but it is not yet clear to me what the workflow is like. Is there a minimal example project? In particular, it is not clear to me how and where to specify dependencies for a project. Say I am writing a web app with jester - how would I make the jester dependency appear in the workspace? |
Does it handle recursive dependencies? There are essential when the ecosystem grows. Many package managers handle recursive dependencies, then generate a lock file that lists the resulting dependencies at a particular commit, so that rebuilding will give the same result |
This is something that Nimble needs to gain support for via lock files (relevant issue nim-lang/nimble#127).
I disagree.
Yes, a version bump should always accompany a git tag. You can also depend on commit hashes, but that has the potential to open its own can of worms. |
Can you explain why? The issue I see with using - say - Namely, I start writing some web applications using jester. A few months from now, jester gets a new feature. I update to use the new feature, and everything looks ok. Until I try to build some old project, that maybe is incompatible with that version of jester. Now what? In fact, I don't even know anymore what was the correct jester version to use. Now, for a single dependency which tries hard not to break backward compatibility, this could be easily fixed, but with more dependencies, things can go easily wrong. Also, consider that I may know of this problem and avoid updating jester for this. But then, I install some other library which depends on a newer version of jester, and my efforts are vanified (not to pick on jester, it is just an example). Also, without a single place to list dependencies, it will be harder to rebuild it when I change my laptop (what Nim libraries did I have installed globally?) For all these reasons, I find relying on globally installed libraries a bad practice (especially since there is a simple alternative). And I would avoid even mentioning this way to beginners, lest they learn an impractical way of working with dependencies which will give rise to a brittle ecosystem. Since you disagree, I would be interested in knowing what advantages do you see in using |
The issues you describe should disappear once lock files are implemented for Nimble. You seem to imply that it is possible to avoid Certainly when developing a package or application you should be using |
Yes I looked up the documentation on nimble:
Then I found some information in "How I start":
That's all documentation I found. And the issue is that this is not enoguh. Nimble needs it's own chapter here: https://nim-lang.org/documentation.html |
@krux02 have you read this? https://github.com/nim-lang/nimble#nimble- |
It processes |
@Araq thank you, that was not clear! @dom96 I think that one issue is that About the lock file and so on: I agree that having a lock file is useful, but not relying on global libs is a first step at least. I agree that installing executable may involve installing library dependencies globally, I am just saying that relying on said global libraries should not be encouraged for development. For instance, out of the latest 10 libraries published on nimble (one of which is my own), the following 4 suggest a global |
can you add a link to both nawbs and nimble documentation to the documentation root page here: |
@andreaferretti ahh, I see what you mean and I agree. Package readmes/websites should suggest adding the package name to your project's .nimble file as a dependency and not to install it. |
The first. And IMO nawabs shouldn't be mentioned. |
This is not a Nim feature request. |
Agreed, this is not a Nim feature request, but here we are, more than two years later, and no clear sign of progress. Is nawabs still the way you recommend? Lock files are still not on nimble, Status has issues preventing them to use nimble, we have a competing proposal, and just today I tried using a project (still in development, I didn't expect to make it work smoothly) where I was unable to track dependencies. I think we should do something, anything, before the ecosystem becomes too brittle |
No, it hasn't kept up with Nimble's development. I'm considering to revive it. ;-)
Agreed, here is what I do: I make my project.nim.cfg contain
But that's only a part of the solution, of course. |
Let's implement lock files. It honestly shouldn't be that difficult to implement a basic version of them. All these other proposals are just wasting more time. We've somehow gone from local project dependencies to "let's have a command that appends It just boggles my mind. |
Nimble and Atlas both support lockfiles now. |
This is just a Documentation request, because I am not 100% sure how to get this goal. My project here has problems with reproducibility, and I don't know how to ensure that the project can always be build by other people in the same way as it can be build on my system. Things that make it hard for me are that I constantly use the latest development version of Nim, and I submit patches to the libraries I use. This means the latest version with a version tag on nimble will often not be enough to build the master branch of my project.
I would be nice, if the documentation page would link to a chapter about the build system and how to create a reproducible project/library. Also on how to ensure that a project is reproducible and not only working on the current system but not on other system.
The text was updated successfully, but these errors were encountered: