-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: Use Cargo.lock for all crates #1891
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Benchmark for 62e5b56Click to view benchmark
|
Docker tags |
iamyulong
approved these changes
Sep 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds full Cargo.lock support to radix engine and scrypto, with the aim to (A) improve reproducibility of builds and (B) to reduce the attack surface for supply chain attacks.
Cargo.lock
which was previously in the.gitignore
--locked
parameter toscrypto build
, and aSCRYPTO_CARGO_LOCKED
environment variable - which can be set in CI to ensure that all builds inside tests require a cargo lock.SCRYPTO_CARGO_LOCKED=1
in CI to ensure all of our tests are using fixed versionsradix-clis
into the main workspace, as the only reason for separating it is no longer validscrypto new-package
, aligned with the engine'sCargo.lock
- and the tests check that it can be build with--locked
after creation, to verify the Cargo.lock file is complete.Cargo.lock
files were aligned as best as possible:Cargo.lock
as a basisCargo.lock
which pruned itWorkaround for spurious errors on git checkout when passing across this PR merge:
Testing
I've tested the
SCRYPTO_BUILD_USE_CARGO_LOCK
parameter locally. Otherwise, mostly I want to see existing CI passing.Update Recommendations
Developers may need to delete a
Cargo.lock
locally in order to merge/update their git repos across this point.