-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cargo package --workspace is not very useful #10948
Comments
This sounds very useful! |
I took a look. First time contributor to cargo so just trying to find the relevant parts of the codebase. It looks to me like
So I believe that here we is where we would need to implement @conradludgate 's proposed solution, and to do so in the order the crates depend on another. This is after a quick look at the code for the very first time ever, so I may be off base. I'm going to keep looking and try to confirm what I think. Also I'm on Zulip if people want to chat/mentor there EDIT: After this Zulip discussion, due to the limited bandwidth of cargo team members new features should be accepted first before opening a PR. I am going to work on some issues raised in that thread that already have momentum to try my first contribution |
One background knowledge: One thing a bit weird is that packaging a crate with all verifications but not publishing the path dependencies. If cargo permit that, it make me feel like we try to convince cargo that our build is verified but only locally. As aforementioned a At this time being, a good tool for releasing crates is cargo-release, created by sunny87 and epage. I haven't tried it but I believe it works. Perhaps @epage can give you more experiences on this topic :) |
BTW, this is somehow related to #9260 (comment). There are more discussions in the wild regarding a more sequential and smooth packaging/publishing process, though I cannot find them now. |
Cargo release is a good tool for workspaces. Unfortunately, we can't use it as-is since we don't have the ability to publish using cargo. However, its something we could fork and fix to work with our own registry |
@jneem and I are looking into this. Some of the aspects we are considering are:
If anybody has opinions on this, feel free to chime in. |
@torhovland taking on a task like this, you might want to coordinate more with the Cargo team. For example, we have Office Hours. One way this could possibly be split up is
For verification, we should be verifying the generated I wonder if we can inject patches rather than changing anything about the code. This can all be done in-memory, rather than writing it out to disk.
I have no preference between whether we package+verify one at a time or package all then verify all. We should likely do separate compilation per verify though. #5931 would speed up the compile times for this.
There are times to depend on old versions of packages.
This isn't relevant to this issue but the follow up one. Let's keep the conversations in each Issue focused and move this over to there. |
Thanks for your input, it's been noted.
Sure, we will show up there. The rough idea we have so far is:
|
Running into a chicken-and-egg problem with the lock files: When packaging, Cargo strips away all path dependencies and generates lock files by expecting to find dependent packages online. So that elements like this can be put into the lock file: [[package]]
name = "my-dep"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "780f1cebed1629e4753a1a38a3c72d30b97ec044f0aef68cb26650a3c5cf363c" But when generating a lock file using just a local path dependency, we do not get any So it seems that packaging and publishing are strongly coupled, and there's no way around packaging+publishing one crate at a time. Unless we introduced something like Any ideas? |
A possible solution is to let |
Assuming we could use the We could of course try to modify the lock file after serialisation, but that doesn't seem very nice. The alternative is to modify the resolver code so it can treat a crate as if it was pulled from a registry. |
We have two problem steps in
|
Add local registry overlays This PR adds (private to cargo internals) support for local registry overlays, in which you can locally pretend to add packages to remote registries; the local packages will have the same source ids as the remote registry that you're overlaying. There are two ways to set up these overlays: programmatically using `GlobalContext::local_overlays` and through the `__CARGO_TEST_PACKAGE_CONFUSION_VULNERABILITY_DO_NOT_USE_THIS` environment variable. You can't set up these overlays with `.cargo/config`. The motivation for this is [packaging workspaces](#10948). When we're packing a workspace, we'd like to be able to pretend (for lockfile generation and verification) that some workspace packages are already published even though they aren't.
#13947 adds support for this in nightly behind There is a compatibility issue to decide on for stabilization:
|
Re-opening to track stabilization |
This seems to be a relatively large feature in terms of lines of code. Should we have an unstable doc section under https://doc.rust-lang.org/nightly/cargo/reference/unstable.html for it? |
Document -Zpackage-workspace Adds some unstable documentation on the `-Zpackage-workspace` feature, as requested in [#10948](#10948 (comment)). This documentation assumes that #14433 gets merged.
Publish workspace Adds support for simultaneously publishing multiple (possibly inter-dependent) packages in a workspace, gated by the `-Zpackage-workspace` flag. Questions to be worked out through stabilization: - Are we ok stabilizing this and #10948 at the same time? Currently, they are behind the same flag - What is the desired behavior for the publish timeout? This PR uploads the crates in batches (depending on the dependency graph), and we only timeout if nothing in the batch is available within the timeout, deferring the rest to the next wait-for-publish. So for example, if you have packages `a`, `b`, `c` then we'll wait up to 60 seconds and if only `a` and `b` were ready in that time, we'll then wait another 60 seconds for `c`. - What is the desired behavior when some packages in a workspace have `publish = false`? This PR raises an error whenever any of the selected packages has `publish = false`, so it will error on `cargo publish --workspace` in a workspace with an unpublishable package. An alternative interface would implicitly exclude unpublishable packages in this case, but still error out if you explicitly select an unpublishable package with `-p package-name` (see #14356). This PR's behavior is the most conservative one as it can change from an error to implicit excludes later. This is part of #1169
While implementing support for this in
For Features are another messy case but no different than the rest of Cargo and I'm foisting that onto my users. |
Call for testing
Basic steps:Requirements:
Try In particular, consider
Please leave feedback on this issue |
This comment has been minimized.
This comment has been minimized.
I didn't extend this to multiple packages restricted to specific registries. It seems less likely to be a problem and more complex to gather and report. This was inspired by feedback left at rust-lang#10948
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
### What does this PR try to resolve? I didn't extend this to multiple packages restricted to specific registries. It seems less likely to be a problem and more complex to gather and report. This was inspired by feedback left at #10948 ### How should we test and review this PR? ### Additional information
Tracking
Unstable flag:
-Zpackage-workspace
Stabilizing this would also close
Implementation
--exclude
incargo publish
#14659Testing instructions: #10948 (comment)
Changes since original plan
--registry
and--index
flags tocargo package
to know what registry will be used for generating theCargo.lock
file as if the internal dependencies were already publishedcargo publish
is not atomic but it does verify all before publishOpen questions
cargo package
? See cargo package --workspace is not very useful #10948 (comment)a
,b
,c
then we'll wait up to 60 seconds and if onlya
andb
were ready in that time, we'll then wait another 60 seconds forc
.publish = false
? Publish workspace #14433 raises an error whenever any of the selected packages haspublish = false
, so it will error oncargo publish --workspace
in a workspace with an unpublishable package. An alternative interface would implicitly exclude unpublishable packages in this case, but still error out if you explicitly select an unpublishable package with-p package-name
(see-Zpackage-workspace
is not smart aboutpublish = false
#14356). Publish workspace #14433 behavior is the most conservative one as it can change from an error to implicit excludes later.Known issues
-Zpackage-workspace
#14396Problem
Let's say you have a workspace
If you have already published
a
to crates.io, thencargo package --workspace
will complete successfully.Now, you update
a
to0.1.1
, and updateb
to use that new minimum version. If you trycargo package --workspace
again, it will no longer work. You will get an error that0.1.1
was not found.This happens because
cargo package
makes a dummy package for your verification and it strips out all workspace and path information. This means it tries to retrieve thea 0.1.1
from the registry, which it fails to do.Proposed Solution
If you have a workspace where some package
b
depends on another packagea
, wherea
is both specified by a version AND a path, AND that path is within the workspace members, then the following will happen:will make the new dummy project to verify the crates, but it will leave in the path information for
a
withinb
.Notes
In my experience, I've never had a workspace where all crates are independent. There's always at least one that depends on another crate. When managing private registries, it's not uncommon to
cargo package
and upload the.crate
file manually.Currently, it's necessary to package each workspace member individually and upload them in the order they depend.
Ideally, we can run a single
after bumping all versions, then get all of the
.crate
files and upload them in a batch.The text was updated successfully, but these errors were encountered: