Vendor variable in lockfile #237
Conversation
This prevents `opam` from installing packages that are supposed to be pulled by `opam-monorepo pull`
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
|
@NathanReb The fact that I needed to adjust the parsing part unfortunately means that to accept the new lock files it has to include this code, so it is incompatible with older |
There was a problem hiding this comment.
This looks good to me but while trying this out I think our list of base packages is out of date.
I'll open a PR right now with an update so we can rebase this and testing it again!
The code looks good! In the future it might be worth to do the split between opam and duniverse packages elsewhere but I think for now this works well!
|
I took a look at this and I think it's not only about updating the base packages list. This list is complemented by a check that packages are not "virtual" in other places in the code. Virtual packages are packages that have no I think we probably want the same filtering here. This is more easily done on |
Leonidas-from-XIV
force-pushed
the
vendor-variable-in-lockfile
branch
from
53c31db
to
d6a7df4
Compare
Leonidas-from-XIV
force-pushed
the
vendor-variable-in-lockfile
branch
from
d1f24a5
to
ce68f75
Compare
|
That's a good point, in the hybrid mode PR I had already converted |
There was a problem hiding this comment.
I think the new Depends type make things quite a bit more confusing than they need to be for now.
The previous state of the PR was very clean and straightforward. Do you think you could simplify it as suggested in the comment?
That is keep the previous data type and flow, add for each item in the Depends.t a boolean to determine whether it's vendored or not. The types are a merely a representation of the lockfile content and not meant to be further interpreted. If more is needed, we should use to_duniverse which is a much better structured representation of the vendored dependencies.
The change to use OpamPackage types is welcome but keeping it in a separate PR next time would be best, it really eases the review. A lot of changes here are now unrelated to this feature.
lib/lockfile.ml
Outdated
| @@ -131,35 +131,96 @@ module Root_packages = struct | |||
| end | |||
|
|
|||
| module Depends = struct | |||
| type t = (string * string) list | |||
| type t = { | |||
| dependencies : (OpamPackage.Name.t * OpamPackage.Version.t) list; | |||
There was a problem hiding this comment.
I think this should rather be a list of records, each record being a package and a vendor boolean.
This quite complexified the code compared to what it used to be.
Also note that OpamPackage.Name.t * OpamPackage,Version.t is OpamPackage.t
There was a problem hiding this comment.
You're right, a better representation of vendor removes a lot of complicated logic.
The Name.t * Version.t thing is a good point, I thought there was more to that datatype. I replaced that by using OpamPackage.t directly, at which point the Opam.t type became just an alias for OpamPackage.t with only identity-functions and functions forwarded to OpamPackage.* with the only code being pp (unused) and raw_pp (moved to Opam.Pp).
The `Opam` module did not have much functionality left after being converted into holding an `OpamPackage.t` so moving it out allowed to remove a lot of code.
Leonidas-from-XIV
force-pushed
the
vendor-variable-in-lockfile
branch
from
2748f7d
to
2e3d921
Compare
CHANGES: ### Added - Add opam extensions `x-opam-monorepo-opam-repositories` and `x-opam-monorepo-global-opam-vars` to make `lock` fully reproducible. (tarides/opam-monorepo#250, tarides/opam-monorepo#253, @NathanReb) - Show an error message when the solver can't find any version that satisfies the requested version constraint in the user's OPAM file (tarides/opam-monorepo#215, tarides/opam-monorepo#248, @Leonidas-from-XIV) - Allow packages to be marked as being provided by Opam and not to be pulled by `opam-monorepo`. To control this a new optional Opam file field, `x-opam-monorepo-opam-provided` is introduced. Its value is a list of package names that are to be excluded from being pulled (tarides/opam-monorepo#234, @Leonidas-from-XIV) - Show an error message when the OCaml version of the lock file does not match the OCaml version of the switch (tarides/opam-monorepo#267, tarides/opam-monorepo#268, @Leonidas-from-XIV) - Generate a `duniverse/README.md` file to explain the basics of `opam-monorepo` in the vendored directory (tarides/opam-monorepo#272, tarides/opam-monorepo#274, @Leonidas-from-XIV) - Add a `--prefer-cross-compile` flag for the solver to select cross-compiling versions of packages when available. This is determined through the presence of the `"cross-compile"` tag in the opam metadata. ### Changed - Bump lockfile version to 0.3 (tarides/opam-monorepo#285, @NathanReb) - Mark packages to be pulled by opam-monorepo with the `vendor` variable so using OPAM with `opam install --deps-only --locked .` will not install packages that will be installed with `opam-monorepo pull` (tarides/opam-monorepo#237, @Leonidas-from-XIV) ### Deprecated ### Fixed - Fix a bug where a package which had a single version that built with dune and got selected by the solver would be reported has having no version building with dune. (tarides/opam-monorepo#245, @Leonidas-from-XIV) - Fix the solver so it does not select beta versions of the compiler unless forced to by version constraints or `--ocaml-version`. (tarides/opam-monorepo#269, @NathanReb) ### Removed - Drop support for lockfile versions 0.2 and lower (tarides/opam-monorepo#285, @NathanReb) ### Security
CHANGES: ### Added - Add opam extensions `x-opam-monorepo-opam-repositories` and `x-opam-monorepo-global-opam-vars` to make `lock` fully reproducible. (tarides/opam-monorepo#250, tarides/opam-monorepo#253, @NathanReb) - Show an error message when the solver can't find any version that satisfies the requested version constraint in the user's OPAM file (tarides/opam-monorepo#215, tarides/opam-monorepo#248, tarides/opam-monorepo#290 @Leonidas-from-XIV) - Allow packages to be marked as being provided by Opam and not to be pulled by `opam-monorepo`. To control this a new optional Opam file field, `x-opam-monorepo-opam-provided` is introduced. Its value is a list of package names that are to be excluded from being pulled (tarides/opam-monorepo#234, @Leonidas-from-XIV) - Show an error message when the OCaml version of the lock file does not match the OCaml version of the switch (tarides/opam-monorepo#267, tarides/opam-monorepo#268, @Leonidas-from-XIV) - Generate a `duniverse/README.md` file to explain the basics of `opam-monorepo` in the vendored directory (tarides/opam-monorepo#272, tarides/opam-monorepo#274, @Leonidas-from-XIV) - Add a `--prefer-cross-compile` flag for the solver to select cross-compiling versions of packages when available. This is determined through the presence of the `"cross-compile"` tag in the opam metadata. ### Changed - Bump lockfile version to 0.3 (tarides/opam-monorepo#285, @NathanReb) - Mark packages to be pulled by opam-monorepo with the `vendor` variable so using OPAM with `opam install --deps-only --locked .` will not install packages that will be installed with `opam-monorepo pull` (tarides/opam-monorepo#237, @Leonidas-from-XIV) ### Fixed - Fix a bug where a package which had a single version that built with dune and got selected by the solver would be reported has having no version building with dune. (tarides/opam-monorepo#245, @Leonidas-from-XIV) - Fix the solver so it does not select beta versions of the compiler unless forced to by version constraints or `--ocaml-version`. (tarides/opam-monorepo#269, @NathanReb) ### Removed - Drop support for lockfile versions 0.2 and lower (tarides/opam-monorepo#285, @NathanReb)
This is a prerequisite PR to the hybrid mode, it sets the
vendorvariable on all packages that we intend to vendor.I tried running it on
opam-monorepoand while there is a denylist of packages inConfig.base_packagesit seems to still want to pull packages likeocaml-config. I wonder if this is correct or whether we'd need to add more exceptions to it (like when the package version is"base"for example).