-
-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Accurate deps #498
Accurate deps #498
Conversation
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
…sed in production - they will cause the build to fail on a newer compiler if new warnings or lints are added. The right way to do this is configure CI. Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
… a bad idea Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
…ts, since we do not control cargo-metadata Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
…ly at present Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
…utputting the toplevel package in resolve Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
…d all_dependencies(), it is required for correctness Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
…et, which was ignored by cargo Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
…r packages Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
af5ace9
to
a592eee
Compare
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
This PR switches to the API-stable cargo metadata as opposed to the previous direct dependency on unstable internal APIs of Cargo It is mostly bug-compatible, with the actual fixes to come in subsequent PRs. # Benefits - Far smaller binary size - Shorter compile times - Reliance only on stable APIs will require far less maintenance going forward - Download crates in parallel #489 (we got it for free by switching to cargo metadata) # Fixes One of the tests was creating an invalid dependency that was getting ignored by Cargo, but still included in the SBOM. This is now fixed, and I've updated the test to create a proper dependency. # Behavior changes The previous code was inconsistent on what kinds of dependencies it includes. It previously included normal only (not build!) in top-level only mode, and all kinds (even dev!) in all deps mode. Now all kinds of dependencies are included always - it's still wrong, but at least it's consistent. Proper filtering by mode and package is implemented in a subsequent PR: #498 Regressions Reading configuration from Cargo.toml is not fully wired up, although its tests pass. I've skipped it for now and left a comment because this behavior seems to be a bad idea in the first place: #495
Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only minor stuff again. I tested it against itself and it worked just fine, tests ran as well.
I'll run it against one of our projects now to double check but don't expect any issues.
Co-authored-by: Lars Francke <lars.francke@stackable.tech> Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
I'm sure there is a clippy lint for this Co-authored-by: Lars Francke <lars.francke@stackable.tech> Signed-off-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
d134b16
to
14e1026
Compare
Tested it against two of our own projects and it seems to fix #444 |
Depends on #496, please review that first!