Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make renovate work with cargo-hakari #4166

Open
sunshowers opened this issue Sep 29, 2023 · 6 comments
Open

Make renovate work with cargo-hakari #4166

sunshowers opened this issue Sep 29, 2023 · 6 comments

Comments

@sunshowers
Copy link
Contributor

sunshowers commented Sep 29, 2023

The workspace-hack package results in two issues with dependabot:

  1. For some updates, the workspace-hack would need to be regenerated. A workaround is to fetch the branch locally, then run cargo hakari generate and push it to the branch.
  2. Dependabot will try and do updates to crates that are only referred to in workspace-hack.

We can solve both these issues with Renovate's support for excluding particular paths, and running post-upgrade commands.

Useful links:

@ahl
Copy link
Contributor

ahl commented Oct 2, 2023

It looks like dependabot is just broken full stop:

https://github.com/oxidecomputer/omicron/network/updates/9290049/jobs

It would be good to get dependency updates working again soon.

@sunshowers
Copy link
Contributor Author

Actively working on this.

@ahl
Copy link
Contributor

ahl commented Oct 2, 2023

Previously we had another problem, but now dependabot is just timing out. Perhaps the number of dependencies is beyond what it can handle. https://github.com/oxidecomputer/omicron/network/updates/729281002

@sunshowers
Copy link
Contributor Author

sunshowers commented Oct 3, 2023

Weird, it looks like dependabot is stuck in some sort of maybe-quadratic resolution issue (in this log num-rational and futures-task are fetched 78 times each -- why?)

I think part of what might be happening is that Dependabot doesn't know how to handle lockfile-only updates (which is pretty bad!!!), and with the workspace-hack, a number of dependencies made their way from being transitive-only to being direct. So dependabot's issuing a lot of updates that it really should have been all this time, which may be causing resolution slowdowns.

For people with access to Oxide RFDs, https://rfd.shared.oxide.computer/rfd/0434 talks about this and other issues.

@sunshowers
Copy link
Contributor Author

#4236 should address this.

sunshowers added a commit that referenced this issue Oct 10, 2023
* Add configuration for automatically creating dependencies, and for pinning GitHub Actions digests
* Add a post-upgrade script that runs cargo-hakari.

Depends on oxidecomputer/renovate-config#5.

See [RFD 434](https://rfd.shared.oxide.computer/rfd/0434) and #4166.
@sunshowers
Copy link
Contributor Author

sunshowers commented Oct 10, 2023

#4241 is an example of a PR which updates the workspace-hack.

We do need #4244 as a followup fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants