Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix auto cargo updates #67

Merged
merged 1 commit into from
May 24, 2024
Merged

Fix auto cargo updates #67

merged 1 commit into from
May 24, 2024

Conversation

willbush
Copy link
Member

@willbush willbush commented May 20, 2024
edited
Loading

I was messing around with cargo audit and cargo outdated and realized I broke the auto-update of cargo.

When I switched from using cargo update to cargo upgrade #61, I didn't realize that cargo upgrade doesn't update the Cargo.lock file.

I only noticed because cargo audit was reporting a yanked version of libc and running cargo update fixed it.

I added running cargo outdated as a sanity check that things are updating correctly.

@willbush willbush requested a review from a team as a code owner May 20, 2024 02:47
@willbush
Copy link
Member Author

willbush commented May 20, 2024
edited
Loading

example output

cargo changes

cargo upgrade

    Updating 'https://github.com/rust-lang/crates.io-index' index
    Checking nixpkgs-check-by-name's dependencies
name      old req compatible latest  new req
====      ======= ========== ======  =======
serde     1.0.201 1.0.202    1.0.202 1.0.202
itertools 0.12.1  0.12.1     0.13.0  0.13.0
   Upgrading recursive dependencies
    Updating either v1.11.0 -> v1.12.0
    Updating proc-macro2 v1.0.81 -> v1.0.83
    Updating syn v2.0.60 -> v2.0.65
note: Re-run with `--verbose` to show more dependencies
  latest: 13 packages

cargo update

    Updating crates.io index
    Updating anyhow v1.0.82 -> v1.0.86
    Updating errno v0.3.8 -> v0.3.9
    Updating libc v0.2.154 -> v0.2.155
    Updating linux-raw-sys v0.4.13 -> v0.4.14
    Updating ryu v1.0.17 -> v1.0.18

cargo outdated

All dependencies are up to date, yay!

cargo audit

    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 626 security advisories (from /home/will/.cargo/advisory-db)
    Updating crates.io index
    Scanning ./Cargo.lock for vulnerabilities (82 crate dependencies)
npins changes 
[INFO ] Updating 'nixpkgs' …
Changes:
-    url: https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre626139.abd6d48f8c77/nixexprs.tar.xz
+    url: https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre628535.f9256de8281f/nixexprs.tar.xz
-    hash: 1zl76mia6iav9byczjxw3lhr6hv7an4nk2kh440gpr9lqx2j446k
+    hash: 11lg3hq9hz2hmk615c65vjsg1j122661k1n3by5wr5fyrzr4yp4a
[INFO ] Updating 'treefmt-nix' …
Changes:
-    revision: c6aaf729f34a36c445618580a9f95a48f5e4e03f
+    revision: 2fba33a182602b9d49f0b2440513e5ee091d838b
-    url: https://github.com/numtide/treefmt-nix/archive/c6aaf729f34a36c445618580a9f95a48f5e4e03f.tar.gz
+    url: https://github.com/numtide/treefmt-nix/archive/2fba33a182602b9d49f0b2440513e5ee091d838b.tar.gz
-    hash: 18491j2law88zdkfxrpg2snbcig34pfcg7ykgjwf6ahbdq313zj2
+    hash: 163ra7ck07maamg20ppqlsn8mjrf6jrn0g81334pvsfa1wr8g6n0
[INFO ] Update successful.

@willbush
Fix auto cargo updates
c16cfdb 
I was messing around with `cargo audit` and `cargo outdated` and realized I
broke the auto-update of cargo.

When I switched from using `cargo update` to `cargo upgrade`, I didn't realize
that `cargo upgrade` doesn't update the `Cargo.lock` file.

I only noticed because `cargo audit` was reporting a yanked version of libc and
running `cargo update` fixed it.

I added running `cargo outdated` as a sanity check that things are updating
correcty.
@willbush
Copy link
Member Author

@infinisil think we should change this to be an array? I think the order the steps are written to the script are indeterminate (npins update may run last for example).

@willbush
Copy link
Member Author

willbush commented May 20, 2024
edited
Loading

Recently found on some private Rust repos I maintain that dependabot doesn't "just update everything" like I thought. This bespoke script to run cargo commands is starting to look more appealing to me.

@philiptaron
Copy link
Contributor

@infinisil think we should change this to be an array? I think the order the steps are written to the script are indeterminate (npins update may run last for example).

lib.attrValues (which is really builtins.attrValues) says this:

Returns the values of the attributes in the set set in the order corresponding to the sorted attribute names.

Since it's sorted, the order is assured.

philiptaron
philiptaron approved these changes May 24, 2024
View reviewed changes
Copy link
Contributor

@philiptaron philiptaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/NixOS/nixpkgs-check-by-name/actions/runs/9152877109

Looks good ✅

@philiptaron philiptaron merged commit 4d52ff6 into NixOS:main May 24, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philiptaron philiptaron philiptaron approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@willbush @philiptaron