Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): Remove unused dependencies, and check for them in CI #6216

Merged
merged 7 commits into from
Feb 26, 2023
Merged

fix(deps): Remove unused dependencies, and check for them in CI #6216

merged 7 commits into from
Feb 26, 2023

Conversation

teor2345
Copy link
Contributor

@teor2345 teor2345 commented Feb 24, 2023
edited
Loading

Motivation

Having unused dependencies makes Zebra less secure. It also increases build time and binary size.

We deleted a lot of code recently, but we didn't delete the dependencies that were only used by that code. We also copy-pasted some dependencies that weren't actually needed.

Closes #6215

Complex Code or Requirements

This has a bit of shell script in it, but it doesn't do anything unusual.

Solution

  • remove unused dependencies detected by cargo-machete
  • add a CI job to detect unused dependencies
    • add a patch workflow so we can make this job part of the branch protection rules

This PR should appear in the changelog because it removes dependencies, which is visible to users.

Review

This is a low priority change. It can go in after the release.

Reviewer Checklist

  • Will the PR name make sense to users?
    • Does it need extra CHANGELOG info? (new features, breaking changes, large changes)
  • Are the PR labels correct?
  • Does the code do what the ticket and PR says?
    • Does it change concurrent code, unsafe code, or consensus rules?
  • How do you know it works? Does it have tests?

Follow Up Work

After this PR merges, an admin should make the new job part of the branch protection rules.

@teor2345 teor2345 added C-bug Category: This is a bug A-dependencies Area: Dependency file updates A-devops Area: Pipelines, CI/CD and Dockerfiles P-Low ❄️ C-security Category: Security issues labels Feb 24, 2023
@teor2345 teor2345 requested a review from a team as a code owner February 24, 2023 06:39
@teor2345 teor2345 self-assigned this Feb 24, 2023
@teor2345 teor2345 requested a review from a team as a code owner February 24, 2023 06:39
@teor2345 teor2345 requested review from arya2 and removed request for a team February 24, 2023 06:39
@github-actions github-actions bot added the C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG label Feb 24, 2023
@teor2345 teor2345 changed the title Check unused deps fix(deps): Remove unused dependencies, and check for them in CI Feb 24, 2023
@teor2345 teor2345 removed C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG C-removed labels Feb 24, 2023
@github-actions github-actions bot added C-removed C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG labels Feb 24, 2023
@teor2345 teor2345 removed C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG C-removed labels Feb 24, 2023
@github-actions github-actions bot added C-removed C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG labels Feb 24, 2023
@teor2345 teor2345 mentioned this pull request Feb 24, 2023
Merged
6 tasks
@teor2345
Copy link
Contributor Author

This seems to work:

-- full cargo machete output, including ignored dependencies --
Analyzing dependencies of crates in this directory...
 INFO  cargo_machete > /home/runner/work/zebra/zebra/Cargo.toml is a virtual manifest for a workspace
cargo-machete found the following unused dependencies in /home/runner/work/zebra/zebra:
Done!
zebra-test -- /home/runner/work/zebra/zebra/zebra-test/Cargo.toml:
	tinyvec
zebra-network -- /home/runner/work/zebra/zebra/zebra-network/Cargo.toml:
	humantime-serde
zebrad -- /home/runner/work/zebra/zebra/zebrad/Cargo.toml:
	gumdrop
	humantime-serde
	tinyvec
zebra-utils -- /home/runner/work/zebra/zebra/zebra-utils/Cargo.toml:
	tinyvec
-- unused dependencies are below this line, full output is above --
No unused dependencies found.

https://github.com/ZcashFoundation/zebra/actions/runs/4260322630/jobs/7413377013#step:5:20

@codecov
Copy link

codecov bot commented Feb 24, 2023

Codecov Report

Merging #6216 (ee5f3d3) into main (84d0346) will increase coverage by 0.03%.
The diff coverage is n/a.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6216      +/-   ##
==========================================
+ Coverage   77.94%   77.97%   +0.03%     
==========================================
  Files         304      304              
  Lines       39349    39349              
==========================================
+ Hits        30672    30684      +12     
+ Misses       8677     8665      -12

arya2
arya2 approved these changes Feb 24, 2023
View reviewed changes
Copy link
Contributor

@arya2 arya2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thank you!

.github/workflows/continous-integration-os.yml Show resolved Hide resolved
@teor2345 teor2345 removed the C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG label Feb 26, 2023
mergify bot added a commit that referenced this pull request Feb 26, 2023
@mergify
Merge of #6216
15496e3
@mergify mergify bot mentioned this pull request Feb 26, 2023
Closed
@mergify mergify bot merged commit 98c634b into main Feb 26, 2023
@mergify mergify bot deleted the check-unused-deps branch February 26, 2023 23:42
@oxarbitrage oxarbitrage mentioned this pull request Mar 23, 2023
Merged
36 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arya2 arya2 arya2 approved these changes

Assignees

@teor2345 teor2345

Labels
A-dependencies Area: Dependency file updates A-devops Area: Pipelines, CI/CD and Dockerfiles C-bug Category: This is a bug C-security Category: Security issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add a GitHub action that detects unused dependencies
2 participants
@teor2345 @arya2