chore: Tweaked .gitignore

[danwilliams]

Tweaked .gitignore file

• Removed Cargo.lock and pnpm-lock.yaml from the .gitignore file, as these should not be committed.

• Made .gitignore alphabetical.

Summary by CodeRabbit

• Chores
  • Updated .gitignore to include/exclude specific directories and files.

[coderabbitai]

Walkthrough

The changes involve updates to the .gitignore file, refining what to include and exclude in version control. Directory exclusions like .idea/, .vscode/, node_modules/, and lib/ were adjusted. New inclusions for data/ and Cargo.lock were made, with tweaks to enhance repository cleanliness.

Changes

File/Directory	Change
Specific directories	Adjusted exclusions and inclusions.
Cargo.lock	Included in version control.
pnpm-lock.yaml	Included while node_modules/ excluded.
res/, data/	Both included for tracking.
.DS_Store	Excluded for cleanliness.
.idea/, .vscode/	Excluded due to project settings.
*.map, lib/	*.map excluded; lib/ excluded from version control.
coverage/, dist/	Both excluded, likely build artifacts not needed in repository.
target/	Excluded, with adjustment to include target, possibly build output exclusion.

Poem

In the land of code and git,
Changes made, oh how they flit.
.gitignore now refined,
Rabbit tweaks, a cleaner mind.
Exclusions here and inclusions there,
Version control, handled with care.

---

Note

Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://coderabbit.ai

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[miraclx]

Removed Cargo.lock and pnpm-lock.yaml from the .gitignore file, as these should not be committed.

Here's some arguments in favor of committing these - https://doc.rust-lang.org/cargo/faq.html#why-have-cargolock-in-version-control

[danwilliams]

@miraclx don't get me wrong - there are definitely some reasons to commit lockfiles! 🙂 However, generally speaking, committing build artifacts is discouraged, and what I've observed is that there are lots of changes to the lockfiles along with code changes, without having necessity or thoughtful context. What I mean by that is, at present when a change is made, if the lockfile changes also, then it is simply committed. This therefore does not have a lot of value and causes noise in the commit history. If we omit it from Git, there is no particular side effect, save of course a situation of wanting to know exactly what version of a crate was used for a build. Typically that can be found from the build pipeline if actually needed.

So I think if there is a conscious reason to commit the lockfiles, by all means we can, but it's what I'd consider non-standard and might need some thought as to how and when we update them?

[danwilliams]

...just as a further thought - the nature of the crate does come into it as well 🤔 I think it's more acceptable to commit a lockfile for an application, but it's definitely frowned on/discouraged to include them for libraries.

[danwilliams]

Hmmmm, I have always been used to cargo new --lib adding the Cargo.lock file to .gitignore, but I just double-checked now, and it doesn't do it anymore. That made me scratch my head... I have tracked it down to this change here:

rust-lang/cargo#12382

I don't remember reading or hearing anything about this, so I guess it's been somewhat silent and stayed under the radar. Perhaps my perspective/thinking is out-of-date? I still think excluding lockfiles is the ideal approach, but I need to carefully consider the reasons in that Cargo change. It might be that we can work out an approach whereby lockfiles are not updated in code change branches unnecessarily?

Would you like me to amend this PR to remove the lockfile removal while this is investigated/discussed further?

[fbozic]

I'm not sure why are we removing lock files from repo. IMO that is not the way forward.

[fbozic]

Why are we not committing Cargo.lock? Am I missing something big?

[danwilliams]

@fbozic see discussion above 🙂 I hope that helps?

[fbozic]

yeah, sorry missed it cos I've opened it from email directly on the review page

[fbozic]

Why are we not committing pnmp-lock.yaml? Am I missing something big?

[danwilliams]

@fbozic see discussion above 🙂 I hope that helps?

[fbozic]

yeah, sorry missed it cos I've opened it from email directly on the review page

[fbozic]

Sorry, missed the comments outside the review. I think we are going to break CI pipeline for the JS sdk because we are using frozen deps (or at least we should).

[danwilliams]

@fbozic no worries! 😄 That makes sense. I will amend this PR accordingly. I wonder, though, if we can work out a process by which we avoid undue lockfile noise in the commit history? 🤔

[xilosada]

Would you like me to amend this PR to remove the lockfile removal while this is investigated/discussed further?

Let's do it 🚢

[fbozic]

@fbozic no worries! 😄 That makes sense. I will amend this PR accordingly. I wonder, though, if we can work out a process by which we avoid undue lockfile noise in the commit history? 🤔

I am not sure if this ever happened to me. Do you maybe have an example of change where lock file shouldn't be changed but it was? Yesterday I was in a cleane up mode and I did few PRs and all the changes in the lock file looked reasonable to me; PR with lock changes which are expected because I've removed last usage of libp2p with all features, PR without lock changes because there is another crate which uses libp2p with all features.

I would like to address the root cause of the issue rather than removing lock files.

[danwilliams]

@xilosada Done 🙂 The change hadn't broken any of the checks made here, but I can understand if it's needed for that kind of purpose, perhaps elsewhere.

It does mean there's not much left in this change lol 😅

[danwilliams]

@fbozic

I would like to address the root cause of the issue rather than removing lock files.

The pattern I have always been used to for many years is to exclude all build artifacts from repositories as a matter of best practice. There are occasions where they may be needed, but generally speaking, as a baseline, avoiding their inclusion is generally considered desirable.

In this situation it seems we have a valid reason to include them, which is fine 🙂 I wonder if it might be worth making a note about this somewhere, along with guidance for when they should be updated? I for instance try to avoid updating them in a code-change branch unless specifically making a change to Cargo.toml.

[fbozic]

@fbozic

I would like to address the root cause of the issue rather than removing lock files.

The pattern I have always been used to for many years is to exclude all build artifacts from repositories as a matter of best practice. There are occasions where they may be needed, but generally speaking, as a baseline, avoiding their inclusion is generally considered desirable.

In this situation it seems we have a valid reason to include them, which is fine 🙂 I wonder if it might be worth making a note about this somewhere, along with guidance for when they should be updated? I for instance try to avoid updating them in a code-change branch unless specifically making a change to Cargo.toml.

I'm all for removing build artifacts from repositories, I'm just not sure which artifacts are you referring to. I can see that gitignore already ignores /target for rust artifacts, also it ignore /lib, /dist and node_modules which should be js artifacts. Maybe our terminology is bit off here, cos I don't consider lock files to be build artifacts 😄. Lock files are here to make build artifacts reproducible.

[danwilliams]

@fbozic absolutely, there is a nuance between artifacts like that, and the lockfiles 🙂 Bear in mind, I have seen valid cases for all build artifacts being added, for reasons along the same lines (reproducibility) - despite how yucky that feels! 😅

With lockfiles, I generally see those as an output of the build process because they are a generated file (not manually created or edited) and will align to the directives in Cargo.toml and similar. So I classify them as per the others, although there is indeed a slight distinction in that they are the controlling factor for the rest of the output.

It is of course possible to lock down the versions in use by specifying exact versions rather than compatible ones, but that tends to be annoying. I think the common thinking has for some time been that if something is compatible, it should be fine to build, and therefore the lockfile isn't needed in the (code) repo (although this is not guaranteed - such as the Chrono guys breaking things a couple of times earlier this year lol 😅).

For projects using IaC, I've seen the lockfiles committed there along with the various recipes. That makes a lot of sense to me - code and the general associated requirements in the code repo, and build instructions along with lockfiles in an IaC repo. But there are many ways to do things, and this is just one of the ones I have observed.

Given that Cargo has quietly changed its defaults, I do need to review the reasons behind that and perhaps update my opinion if it's now outdated!

[miraclx]

duplicate