feat(formats): auto-update lockfiles after version bump#617
Merged
Conversation
There was a problem hiding this comment.
Benchmark
Details
| Benchmark suite | Current: 917f860 | Previous: 0b5fe57 | Ratio |
|---|---|---|---|
config_loading/single |
12195 ns/iter (± 122) |
10516 ns/iter (± 92) |
1.16 |
config_loading/mono_10 |
17279 ns/iter (± 150) |
15635 ns/iter (± 739) |
1.11 |
config_loading/mono_50 |
39591 ns/iter (± 366) |
40629 ns/iter (± 432) |
0.97 |
config_loading/mono_100 |
67106 ns/iter (± 2449) |
This comment was automatically generated by workflow using github-action-benchmark.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #498.
What
Opt-in auto-refresh of the sibling lockfile after
ferrflow releasebumps a manifest, so downstreamcargo build --locked/npm cidon't break on a stale lock. Default OFF — a repo that doesn't setupdateLockfilessees zero behaviour change.Dispatch table
New module
src/formats/lockfiles.rsmodels manifest → lockfile → updater as an enum + struct table (not stringly-typed):cargo update -p <pkg> --offlinenpm install --package-lock-onlypnpm install --lockfile-onlyyarn install --mode=update-lockfilepoetry lock --no-updateuv lock --offlinebundle lockmix deps.getThe lockfile is detected by walking up from the manifest's directory to the repo root (lexically contained — reuses
join_within_repo), so a monorepo's single shared rootCargo.lock/ pnpm-workspace lock is found from a nested member manifest. For Cargo the per-packagecargo update -p <pkg>runs incrementally against the shared lock — no N redundant full updates; a shared lockfile is also deduped within a package so it's refreshed once.Config (opt-in)
updateLockfiles: bool(defaultfalse), snake_case field withalias = "updateLockfiles", matching the existing serde convention.package.updateLockfiles: Option<bool>—Some(false)skips a single package even when the workspace default is on;Noneinherits. ResolverPackageConfig::effective_update_lockfilesmirrorseffective_floating_tags/effective_skip_ci.Integration point
src/monorepo/run/mod.rs::run_release_logic— after theversioned_fileswrite_versionloop succeeds and before the changelog/commit step, gated oneffective_update_lockfiles. The refreshed lockfile's repo-relative path is pushed onto bothfiles_to_commitandfiles_per_packageso it lands in the same release commit. The dependency-cascade write path (run/cascade.rs) gets the same treatment via the sharedrefresh_lockfileshelper.Robustness
tracing::warn!and skip (release continues).tracing::warn!with the first stderr line, never fatal.tracing::warn!/info!(the tracing foundation already on main), kept in the write-version/commit area to avoid colliding with the concurrenteprintln!→tracingmigration.Tests
cargo update -p <pkg> --offlineand only that member's entry changes inCargo.lock; the refreshed lock lands in the release commit.updateLockfilesunset →Cargo.lockbyte-identical, not staged (no package-manager invocation in effect).NotOnPathskip (gated on whether the tool is present, so it's a real assertion in both environments).Tested live against
cargo(available in CI/dev). The npm/pnpm/yarn/poetry/uv/bundle/mix paths share the same dispatch + spawn code path and are covered by the unit tests and the gated "not on PATH" assertion; the full per-manager integration is not run here as those toolchains aren't guaranteed in the test env.Cross-repo follow-ups (cannot land here)
schema/ferrflow.jsonis updated in this PR (source of truth). The byte-identical copy atFerrFlow-Cloud/packages/site/public/schema/ferrflow.jsonmust be synced in a follow-up PR on that repo.updateLockfiles(workspace + per-package opt-out) toFerrFlow-Cloud/packages/site/.../config-file.md.FerrLabs/FerrFlow-Cloudfor the docs + schema-copy + playground work.