.gitignore, config, nimble: use lock file (#418)

Before this commit, configlet pinned the version of each Nimble dependency by using the .nimble file. This was the best approach until recently, and was good enough for creating configlet releases, but it wasn't robust [1] - Nimble wasn't designed to produce reproducible builds with that mechanism. For example, Nimble didn't check the hash of a package at build time to ensure that it was unmodified. Now that we've updated to Nim 2.0 [2] and vendored the parseopt3 dependency [3], let's use Nimble's new lock file mechanism. This should be robust. Run `nimble lock` and `nimble setup`, and remove versions from the nimble file. From the docs for `nimble lock` [4]: The `nimble lock` command will generate or update a package lock file named `nimble.lock`. This file is used for pinning the exact versions of the dependencies of the package. The file is intended to be committed and used by other developers to ensure that exactly the same version of the dependencies is used by all developers. [...] If a lock file `nimble.lock`` exists, then on performing all Nimble commands which require searching for dependencies and downloading them in the case they are missing (like `build`, `install`, `develop`), it is read and its content is used to download the same version of the project dependencies by using the URL, download method and VCS revision written in it. The checksum of the downloaded package is compared against the one written in the lock file. In the case the two checksums are not equal then it will be printed error message and the operation will be aborted. Reverse dependencies are added for installed locked dependencies just like for any other package being locally installed. and `nimble setup` [5]: The `nimble setup` command creates a `nimble.paths` file containing file system paths to the dependencies. It also includes the paths file in the `config.nims` file (by creating it if it does not already exist) to make them available for the compiler. `nimble.paths` file is user-specific and MUST NOT be committed. The command also adds `nimble.develop` and `nimble.paths` files to the `.gitignore` file.` Closes: #467 [1] d6d7283 ("build: pin versions of Nimble packages", 2021-11-25) [2] fa7d0bb (".github, config, json, nimble: bump Nim from 1.6.12 to 2.0.0", 2023-08-08) [3] 7471af3 ("nimble, patches, cli: vendor parseopt3 dependency", 2023-08-08) [4] https://github.com/nim-lang/nimble/blob/412af022a441/readme.markdown#nimble-lock [5] https://github.com/nim-lang/nimble/blob/412af022a441/readme.markdown#nimble-setup
exercism · Aug 14, 2023 · be5675c · be5675c
1 parent 5e6ddd8
commit be5675c
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -22,3 +22,7 @@
 # Ignore temporary repos
 tests/.test_elixir_track_repo/
 tests/.test_nim_track_repo/
+
+# Ignore user-specific Nimble files
+nimble.develop
+nimble.paths
diff --git a/config.nims b/config.nims
@@ -28,3 +28,11 @@ if defined(release):
     elif defined(clang):
       switch("clang.exe", "musl-clang")
       switch("clang.linkerexe", "musl-clang")
+
+# Tell Nim the paths to Nimble packages. We need this because we ran `nimble lock`.
+# The below lines are added by `nimble setup`.
+# begin Nimble config (version 2)
+--noNimblePath
+when withDir(thisDir(), system.fileExists("nimble.paths")):
+  include "nimble.paths"
+# end Nimble config
diff --git a/configlet.nimble b/configlet.nimble
@@ -17,9 +17,11 @@ bin           = @["configlet"]
 
 # Dependencies
 requires "nim >= 2.0.0"
-requires "jsony#ea811bec7fa50f5abd3088ba94cda74285e93f18"       # 1.1.5  (2023-02-09)
-requires "parsetoml#6e5e16179fa2db60f2f37d8b1af4128aaa9c8aaf"   # 0.7.1  (2023-08-06)
-requires "supersnappy#e4df8cb5468dd96fc5a4764028e20c8a3942f16a" # 2.1.3  (2022-06-12)
+requires "jsony"
+requires "parsetoml"
+requires "supersnappy"
 
 task test, "Runs the test suite":
+  if not fileExists("nimble.paths"):
+    exec "nimble setup"
   exec "nim r ./tests/all_tests.nim"
diff --git a/nimble.lock b/nimble.lock
@@ -0,0 +1,36 @@
+{
+  "version": 2,
+  "packages": {
+    "supersnappy": {
+      "version": "2.1.3",
+      "vcsRevision": "e4df8cb5468dd96fc5a4764028e20c8a3942f16a",
+      "url": "https://github.com/guzba/supersnappy",
+      "downloadMethod": "git",
+      "dependencies": [],
+      "checksums": {
+        "sha1": "36a05ee6befe3764ed8e2a6fb5d0882c2fd090f8"
+      }
+    },
+    "jsony": {
+      "version": "1.1.5",
+      "vcsRevision": "ea811bec7fa50f5abd3088ba94cda74285e93f18",
+      "url": "https://github.com/treeform/jsony",
+      "downloadMethod": "git",
+      "dependencies": [],
+      "checksums": {
+        "sha1": "6aeb83e7481ca8686396a568096054bc668294df"
+      }
+    },
+    "parsetoml": {
+      "version": "0.7.1",
+      "vcsRevision": "6e5e16179fa2db60f2f37d8b1af4128aaa9c8aaf",
+      "url": "https://github.com/NimParsers/parsetoml.git",
+      "downloadMethod": "git",
+      "dependencies": [],
+      "checksums": {
+        "sha1": "586fe63467a674008c4445ed1b8ac882177d7103"
+      }
+    }
+  },
+  "tasks": {}
+}