Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support rangeStrategy=update-lockfile for Cargo #22820

Closed
rarkins opened this issue Jun 16, 2023 · 7 comments
Closed

Support rangeStrategy=update-lockfile for Cargo #22820

rarkins opened this issue Jun 16, 2023 · 7 comments
Labels
manager:cargo Cargo/Rust/crates.io priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality)

Comments

@rarkins
Copy link
Collaborator

rarkins commented Jun 16, 2023

Describe the proposed change(s).

Support in-range dependency updates for Cargo manager

Describe why we need/want these change(s).

Cargo's semver approach is different from most others. For example if a value like 1.0.0 is specified then it means the same as ^1.0.0 in npm, i.e. >=1.0.0, <2.0.0. This means that in-range, lockfile-only updates should be the most common use case. Today we use bump but it means unnecessarily narrowing the package file
@rarkins rarkins added type:feature Feature (new functionality) priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others manager:cargo Cargo/Rust/crates.io status:ready labels Jun 16, 2023
@rarkins
Copy link
Collaborator Author

rarkins commented Jun 16, 2023

Cc @Turbo87

@rarkins
Copy link
Collaborator Author

rarkins commented Jun 16, 2023

Here is the docs for cargo update: https://doc.rust-lang.org/cargo/commands/cargo-update.html

Today we use this:

--workspace

Attempt to update only packages defined in the workspace. Other packages are updated only if they don’t already exist in the lockfile. This option is useful for updating Cargo.lock after you’ve changed version numbers in Cargo.toml.

We hopefully could use this for in-range updates:

--precise

When used with -p, allows you to specify a specific version number to set the package to. If the package comes from a git repository, this can be a git revision (such as a SHA hash or tag).

This was referenced Aug 3, 2023
Closed
Merged
@szlend
Copy link
Contributor

szlend commented Aug 15, 2023

I've been looking at what it would take to do this and it doesn't seem as simple as it looked on the surface. Correct me if I'm wrong, but what I could gather so far is:

  • To update a package in Cargo.lock in-range (without touching the version spec in Cargo.toml), we need to know the current version of the package, and the target version of the package. This is because you can have multiple versions of the same package in your dependency tree and you need to specify which one you're trying to update. We need to run something like cargo update ... --package <pkg>@<cur_ver> --precise <new_ver>. Using --workspace doesn't help with duplicates here.
  • Currently renovate only looks at Cargo.toml, so it has no idea what the current version of a package even is.

So I think this means we'd first need to redesign the version extraction logic so it also takes Cargo.lock into account.

@rarkins
Copy link
Collaborator Author

rarkins commented Aug 15, 2023

There is a precedent for this: other managers extract a lockedVersion value which is used to compute this.

@szlend
Copy link
Contributor

szlend commented Aug 20, 2023
edited
Loading

I think I have everything in place, I just can't seem to figure out a reliable way of getting the lockedVersion of a package without using cargo tree. I assume we shouldn't be execing commands in extractPackageFile because there's no way to get rust.constraints, right? I don't see any other manager doing that.

Edit: Using getSatisfyingVersion from versioning/cargo might do the trick.

@szlend
Copy link
Contributor

szlend commented Aug 20, 2023
edited
Loading

Work in-progress here: #23968.

I haven't tested it on an actual repo yet, but would appreciate feedback if there's anything missing or wrong on a high-level.

@szlend szlend mentioned this issue Aug 21, 2023
Closed
6 tasks
This was referenced Nov 23, 2023
Closed
Merged
@rami3l
Copy link
Contributor

rami3l commented Dec 6, 2023
edited
Loading

@rarkins Would you mind closing this issue? Thanks 🙏

@rarkins rarkins closed this as completed Dec 6, 2023
nicholasbishop added a commit to nicholasbishop/uefi-rs that referenced this issue Dec 11, 2023
@nicholasbishop
renovate: Change stategy to update-lockfile
a5168b4 
Support for this strategy was added recently:
renovatebot/renovate#22820. It seems that at the same
time the behavior of the "replace" strategy changed, causing PRs to be opened
with unnecessary changes to Cargo.toml.
@nicholasbishop nicholasbishop mentioned this issue Dec 11, 2023
Merged
2 tasks
nicholasbishop added a commit to nicholasbishop/ovmf-prebuilt that referenced this issue Dec 14, 2023
@nicholasbishop
renovate: Change stategy to update-lockfile
b0082e8 
Support for this strategy was added recently:
renovatebot/renovate#22820. It seems that at the same
time the behavior of the "replace" strategy changed, causing PRs to be opened
with unnecessary changes to Cargo.toml.
@nicholasbishop nicholasbishop mentioned this issue Dec 14, 2023
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
manager:cargo Cargo/Rust/crates.io priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cargo): support range=update-lockfile szlend/renovate
3 participants
@rarkins @szlend @rami3l