-
Notifications
You must be signed in to change notification settings - Fork 1k
Dep ensure silently updating lock file when encountering an orphaned commit #405
Comments
I agree that if |
Ah, cool, glad we figured out the root cause. This is a tricky case. First, I'm a bit surprised you still got that fatal message - I thought some of the last round of changes I made to gps would have caught that. Need more test cases! Unfortunately, this particular issue - that you happened to be on an orphaned commit - is something that's very difficult to detect, as the methods we might use to discover that the git commit became orphaned will all eventually fail, I think, due to the way that git garbage collects orphaned commits. And of course, the rules are totally different (I don't even know them) for bzr or hg.
The goal of But that's not a requirement, precisely because of situations like this - conditions can arise, even without any local changes having been made, that make it impossible to fulfill the synchronization requirement while maintaining the lock entirely. It's quite rare, but they can happen. When they do, the tool opts to take the new solution, and doesn't tell the user about this choice at all. That's something we can control - e.g., an But I'd say the default behavior should still be accept the change, possibly with a warning to the user. (We need to work on |
To clarify, the
It still seems odd that the lock file is changed without some explicit action from the user. My current mental model of the lock file is that it is the source of truth of the exact versions required by the project. From what you're saying, it seems more like a suggestion that will be ignored if something external to the project changes (or otherwise becomes resolvable)? |
Yep, that's what I meant. That error is coming straight back from git when a higher-order command (e.g.
The default interaction model is based on the idea that, when you run into a tricky case, you may end up doing
Yes, that's accurate - the lock file represents a set of precise, typically immutable versions for the entire transitive closure of dependencies for a project. But "the project" can be, and is, decomposed into just a bunch of arguments to an algorithm. When those inputs change, the lock may need to change as well. Under most circumstances, if those arguments don't change, then the lock remains fine and correct. You've hit one one of the few cases where that guarantee doesn't apply. The fact that you ran
No - the only time a suggestion from a lock changes is if the solver cannot find a solution which uses the suggestion, or if the user explicitly indicated they wanted that version to move. The new spec in #277 does describe a Consider this - from |
closing this - while the more general case of invalid revs might be something we can do something about, this is focused on telling the user a commit is orphaned, which isn't feasible. |
Small repoducer here: https://github.com/kragniz/deptest
When running
dep ensure
on this project, myGopkg.lock
file gets modified to a different reviesion:After looking at the verbose output, it appears that dep knows that the lock file references a particular revision, but bails on it:
This commit turned out to be orphaned in etcd/coreos (looks like a force pushed rebase or something).
My assumption here is that
dep ensure
should not modify existing revisions in the lock file, so should output an error when encountering situations like this rather than deviating from the revision in the lock file.The text was updated successfully, but these errors were encountered: