Make restore command check if dependencies and lock file are in sync #1750
Comments
forki
changed the title
That's not going to happen automatically. The lock file is the single truth and the most important file in the system. All changes will remain explicit via install or update commands. I change the title of this issue since I think we can make restore check if something changed in the deps file. If that happend then we can let restore fail. I think this is a sensible way to detect inconsistencies. |
|
@forki you mean deps vs lock file inconsistency? |
|
yes. |
|
I do agree ... almost all points here so when you "paket restore" at least in your shell or IDE you have some tips to let you know something is probably bad |
|
No. Paket has outdated for that. We don't want to do version checking and stuff like that when doing a paket restore. |
|
No, I don't want to do version checking like outdated does. |
|
Well then is there an existing command to run this check ? |
|
I mean, paket solves issue about multi "packages" version in multiple "packages.config" but is not smart enought to tell (or let you know if there's a command for that) if the 2 file of paket "lock" and "dependencies" have different version. "We fix the multipe version issue, but know you're not sure of the version you use depending on the file you're looking at" |
|
Well, that seems to be to be a bit of user education. If you as a user change the requirements for a package (like adding the 2.0 version constraint that you did above) you must tell paket to recompute the dependency graph. This works the same for when you add a new package, remove a package, change an install option (like target framework version). |
|
@tebeco Please read up here: http://fsprojects.github.io/Paket/dependencies-file.html |
You need to look into the lock file. That's the file that fixes all versions and contains the valid resolution. |
|
So in the latest Paket 3.2 alpha we have the following check in paket restore:
|
|
So now a spark shine, Or in paket.config (or both) All the pipeline would be the same as today, it would just give hints about potential technical debts |
|
Paket.VisualStuio will fail on restore with the correct message. I think that's fine and will tell you that something is fucky. |
|
Ok, but please make that opt-out or opt-in. I actually depend on this behavior from time to time when debugging hard to find dependency issues or to find when an incompatibility was introduced. What I do: I update the |
|
Your use case is still possible as long as the manually changed versions But you are right we definitely should add a parameter which just brutally
|
|
Agreed, I've done this from time to time as well. |
|
@forki -unsafe? -manualLock?-ignoreDepsFile? |
|
(also we need to give people a way out for when our changedetection is
|
|
I think it should be something around "ignore checks". Or we reuse - f
|
|
I suggested |
|
Thinking about it overloading |
|
@tebeco What nobody has said jet: You should really add the lockfile to your source control if it isn't (and your report sounds like it isn't). That way you get exactly the same version as the one running This issue shows that throwing an error is probably the better default behavior (but imho its wrong because restore should not need to read |
|
@matthid the lock file is on git and the paket update did not get updated so no push was done on it. I can't explain that but anyway I think that an optional settings that could warm the user about out synch may be a good idea to track version issue I'm not saying it should be by default, but for example as an option in either the IDE / one of the option if paket.dependemcies (header block) or paket.config in the roaming (or all of it) |
|
going with '--ignore-checks' |
|
Just to weight in, except if there are hidden consequences (I don't think there is any risk but i'm thinking about edge cases like https://blogs.msdn.microsoft.com/oldnewthing/20110504-00/?p=10743/ ) the principle seem right to me. It would stop bad situations on the build server right at the start when |
|
Hmmh, I get that very error message after the automatic update to paket 3.2.0.0. I have some version constraints for transitive dependencies in there, but not to complex ones. |
|
Deleting the lock file and doing an install afterwards produced the same lock file again. And I have the error message as well. I am a bit clueless how to resolve the problem. Are there changes in the package resolution strategy that could cause the error message as well? |
|
Can you please send me the lock file and deps file?
|
|
Wow that is quick 👍 You can find the lock and deps file at: Just trying out now, if AppVeyor can build it. |
|
Well AppVeyor creates the same error message and I think I have package caching disabled. https://ci.appveyor.com/project/Martin-Bohring/fixiespec/build/0.0.1.203 |
|
please retry with latest version. |
|
Wow, that is a turn around time like magic. 💯 What was the issue? |
|
auto-detect was triggering the outdated check |
|
I see framwork auto detection. Than you very much for that super quick response |
|
I am afraid something is broken for my projects. When I tried to rebuild previous successfully build projects in appveyor or travis, I get the sync error. I have to delete and rebuild the lock file push the changed file and it is fixed. But I have quite a lot or projects. So, I am not really happy with this. |
|
This is why I asked of visual studio extension could do a force install when the solution is opened (juste like nuget does) And let it optional in settings ;) |
|
But I do have a paket.lock file in my repository that should be in sync with dependencies as it is the direct result of a paket install. Still it's not working and also, I cannot fix this. |
|
This is the most breaking change ever. Now every succeeded build is failed if I try to build it again. Why don't you go with a --check or give error only when doing paket install, not restore? |
|
yes sorry. I changed ti to print a warning instead of failing the restore. I will continue to fix the out-of-date check.
|
This may be an issue in Paket.VisualStudio in fact so i'll post in both and well see where it goes
Description
Open a project with changes on Paket.dependencies does not impact paket.lock
The Idea should be :
When you get the Latest source control version, open it and rebuild it (the solution).
You should be using the "dependencies" version, even if it means updation paket.lock
(see repro step)
Repro steps
Please provide the steps required to reproduce the problem
nuget MyLib 1.0The paket.lock is created, Build your solution and the close Visual Studio
2. To simulation a change on SourceControl open your "paket.dependencies" and change it :
nuget MyLib 2.0You'll see that "paket.lock" did not took the v2.0 of the lib but is still using 1.0
But paket.dependencies indicate v2.0
Expected behavior
Please provide a description of the behavior you expect.
Actual behavior
Known workarounds
Force "Install manually" when you open the solution (it's a bit f*** up right ?)
Related information
The text was updated successfully, but these errors were encountered: