Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nix pre-commit and ci checks #298

Open
Tracked by #148
NickLarsenNZ opened this issue Jun 5, 2024 · 2 comments
Open
Tracked by #148

Nix pre-commit and ci checks #298

NickLarsenNZ opened this issue Jun 5, 2024 · 2 comments
Assignees

Comments

@NickLarsenNZ
Copy link
Member

NickLarsenNZ commented Jun 5, 2024

Currently, the nix lock files (for crate2nix and for the packages via niv) are only updated when one of the Nix users runs:

  • make regenerate-nix, and
  • niv update

This means that dependencies in Cargo.lock and Cargo.nix might be at different versions.

To resolve this, we can:

  • Add the update commands to the pre-commit hooks, and/or
  • Run the commands in CI and check for changes

Optionally, perhaps make regenerate-nix could also do the niv update so there is one command.

@nightkr
Copy link
Member

nightkr commented Jun 10, 2024

make regenerate-nix and niv update are fundamentally different commands.

make regenerate-nix converts the existing Cargo/etc lockfiles into Nix. It's idempotent, and exists to bring them back into sync. It will not update anything by itself. This is fine to do automatically.

niv update is like cargo update, it brings in whatever the latest version is of each (Niv) dependency. It should only be done with explicit user permission.

@NickLarsenNZ
Copy link
Member Author

NickLarsenNZ commented Jun 11, 2024

Yeah I understand that, but want to find a way to lower the burden on the developers.

We currently sometimes do cargo update, but much less frequently do we run niv update. Not necessarily a bad thing if the currently pinned niv packages work, but if we update more frequently we would likely pull in security updates (or, y'know, zero-days 🙃).

I think at minimum, I'd like to have CI (and pre-commit hooks) check that Cargo.nix is in line with Cargo.lock. We can work out the niv update process separately (I agree it should be intentional, but just done a bit more regularly).

What do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants