nanonyme opened a new issue, #44: URL: https://github.com/apache/buildstream-plugins/issues/44
Spec from https://gitlab.com/BuildStream/bst-plugins-experimental/-/issues/42 Will behave like this: - `track`: Cargo.lock will be generated by the host's `cargo` IF `(generate_lock is true)` OR `(generate_lock is 'if-missing' and Cargo.lock doesn't exist)`. If generate_lock is false and Cargo.lock doesn't exist, raise an error. Then the existing logic for tracking cargo sources will happen. The ref will now encode everything necessary to reconstruct the vendored libraries, so the generated Cargo.lock is discarded - `fetch`: The sources are fetched according to the ref, as they are now - `stage`: The sources are staged according to the ref, as they are now - Buildstream will default to `generate_lock: false`, and projects can (if they wish) globally override that default to `generate_lock: if-missing` to make the `cargo` plugin work in all scenarios. Then `generate_lock: true` can be used if Cargo.lock needs to be overwritten/ignored for whatever reason (i.e. a hypothetical repo that hasn't been updated in a while and Cargo.lock specifies dependencies w/ known security issues, so you want to force it to use newer libraries) - If a project doesn't want to grow a dependency on `cargo` from the host to `track`, it can keep `generate_lock: false` as the default, and then maintain its own Cargo.lock files & stage them before the `cargo` source: ```yaml sources: - kind: git_tag url: whatever:foobar.git - kind: local path: files/cargo/foobar/Cargo.lock - kind: cargo generate_lock: false # <-- from project defaults ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
