Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.gitignore, config, nimble: use lock file #418

Merged
merged 6 commits into from
Aug 14, 2023
Merged

.gitignore, config, nimble: use lock file #418

merged 6 commits into from
Aug 14, 2023

Conversation

ee7
Copy link
Member

@ee7 ee7 commented Sep 7, 2021
edited
Loading

Before this commit, configlet pinned the version of each Nimble dependency by using the .nimble file. This was the best approach until recently, and was good enough for creating configlet releases, but it wasn't robust - Nimble wasn't designed to produce reproducible builds with that mechanism. For example, Nimble didn't check the hash of a package at build time to ensure that it was unmodified.

Now that we've updated to Nim 2.0 and vendored the parseopt3 dependency, let's use Nimble's new lock file mechanism. This should be robust.

Run nimble lock and nimble setup, and remove versions from the nimble file.

From the docs for nimble lock:

The nimble lock command will generate or update a package lock file named nimble.lock. This file is used for pinning the exact versions of the dependencies of the package. The file is intended to be committed and used by other developers to ensure that exactly the same version of the dependencies is used by all developers.

[...]

If a lock file nimble.lock`` exists, then on performing all Nimble commands which require searching for dependencies and downloading them in the case they are missing (like build, install, develop`), it is read and its content is used to download the same version of the project dependencies by using the URL, download method and VCS revision written in it. The checksum of the downloaded package is compared against the one written in the lock file. In the case the two checksums are not equal then it will be printed error message and the operation will be aborted. Reverse dependencies are added for installed locked dependencies just like for any other package being locally installed.

and the docs for nimble setup:

The nimble setup command creates a nimble.paths file containing file system paths to the dependencies. It also includes the paths file in the config.nims file (by creating it if it does not already exist) to make them available for the compiler. nimble.paths file is user-specific and MUST NOT be committed. The command also adds nimble.develop and nimble.paths files to the .gitignore file.`

Closes: #467

To-do:

  • Wait for a Nim release that adds support for the Nimble that supports lock files.
  • Either wait for Nim to ship with a Nimble that supports lock files, or manually install such a Nimble version in our CI workflows. Edit: Nim 2.0.0 should ship with a Nimble that supports lock files.
  • Bump package versions
  • Merge .github, config, json, nimble: bump Nim from 1.6.12 to 2.0.0 #723
  • Resolve problem with importing nimble packages when lock file present, when not using nimble build.
  • Consider if there's a better place to run nimble setup

Refs: d6d7283
Closes: #467

@ee7
Copy link
Member Author

ee7 commented Oct 21, 2021
edited
Loading

Unfortunately, the Nim 1.6.0 release doesn't include a Nimble version with the nimble lock functionality. A few issues were found, and the version of the bundled Nimble version was rolled back (see nim-lang/Nim@3d7c52f).

We could (maybe pretty easily) update the Nimble version that we use in the GitHub Actions environment, so that we have the nimble lock functionality there. But I won't do that immediately - this PR can sit a little longer, even though we merged #419.

@ee7 ee7 mentioned this pull request Nov 16, 2021
Merged
@ee7 ee7 force-pushed the build-add-nimble-lock-file branch from 73dccf1 to ce9f8db Compare November 25, 2021 18:26
@ee7
Copy link
Member Author

ee7 commented Dec 10, 2021

This looks promising: nim-lang/Nim@908fc2a

@ee7
Copy link
Member Author

ee7 commented Dec 15, 2021
edited
Loading

This looks promising: nim-lang/Nim@908fc2a

Nim 1.6.2 RC1 is now out, which is intended to support the Nimble that can use lockfiles. But it doesn't ship with it. See:

@ee7 ee7 mentioned this pull request Dec 17, 2021
Merged
@ee7 ee7 force-pushed the build-add-nimble-lock-file branch from ce9f8db to 477b76a Compare January 27, 2022 16:41
@ee7 ee7 changed the title build: add nimble lock file nimble: add nimble.lock file Oct 26, 2022
@ee7 ee7 force-pushed the build-add-nimble-lock-file branch from 477b76a to 1dd2198 Compare January 6, 2023 12:38
@ee7
Copy link
Member Author

ee7 commented Jan 6, 2023

Nim 2.0 should ship with a nimble version that supports lock files.

@ee7 ee7 force-pushed the build-add-nimble-lock-file branch from 1dd2198 to f3cfca9 Compare August 8, 2023 11:28
@ee7
Copy link
Member Author

ee7 commented Aug 8, 2023

With f3cfca9, nimble build works, but nimble test doesn't. I feel like it should.

@ee7 ee7 force-pushed the build-add-nimble-lock-file branch from f3cfca9 to d490263 Compare August 8, 2023 14:41
@ee7 ee7 mentioned this pull request Aug 8, 2023
Open
@ee7
Copy link
Member Author

ee7 commented Aug 10, 2023

The error here is unexpected to me. I'm not sure what I'm supposed to do.

To ask, I've opened nim-lang/Nim#22438.

@ee7
.gitignore, config, nimble: add and setup lock file
addbc16 
Run `nimble lock` and `nimble setup`, and remove versions from the
nimble file.

Closes: 467
@ee7 ee7 force-pushed the build-add-nimble-lock-file branch from d490263 to addbc16 Compare August 13, 2023 13:23
@ee7 ee7 changed the title nimble: add nimble.lock file .gitignore, config, nimble: add and setup lock file Aug 13, 2023
@ee7 ee7 marked this pull request as ready for review August 13, 2023 14:43
@ee7 ee7 requested a review from ErikSchierboom August 13, 2023 14:44
@ee7
Copy link
Member Author

ee7 commented Aug 13, 2023

Only 23 months for this one.

Please see:

ee7
ee7 commented Aug 13, 2023
View reviewed changes
ee7 added 2 commits August 13, 2023 17:30
@ee7
config: add comments back again
adb465d 
Otherwise, it seems that re-running `nimble setup` adds the whole
block (!) so e.g. `--noNimblePath` would be in this file twice.
@ee7
empty commit
ab0548d 
I tested the previous commit by tagging it, and pushing that tag to
exercism/configlet, which triggers the build workflow.

But it looks like it also triggered the fetch-configlet workflow, which
seems to fail on Windows [1]. Create an empty commit so that there's no
failing fetch-configlet check on the pull request.

[1] exercism#786
@ee7 ee7 merged commit be5675c into exercism:main Aug 14, 2023
@ee7 ee7 deleted the build-add-nimble-lock-file branch August 14, 2023 07:42
@ee7 ee7 changed the title .gitignore, config, nimble: add and setup lock file .gitignore, config, nimble: use lock file Aug 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ErikSchierboom ErikSchierboom Awaiting requested review from ErikSchierboom ErikSchierboom is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

build: use lock file
2 participants
@ee7 @ErikSchierboom