Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Cargo.lock for deterministic builds #795

Merged
merged 3 commits into from
Jan 18, 2023
Merged

Add Cargo.lock for deterministic builds #795

merged 3 commits into from
Jan 18, 2023

Conversation

lexnv
Copy link
Collaborator

@lexnv lexnv commented Jan 18, 2023

This PR adds a Cargo.lock file to the repository to ensure we have a deterministic build.

While at it, add an extra step in our releasing process to ensure we are always releasing with an up-to-date lock file.

The lock file has been generated with cagro clean && cargo build --release and double checked with cargo generate-lockfile

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
Copy link
Collaborator

@jsdw jsdw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

5. Ensure the `Cargo.lock` file is up to date.

```
cargo generate-lockfile
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This command will create the Cargo.lock lockfile for the current package or workspace. If the lockfile already exists, it will be rebuilt with the latest available version of every package.

should we really bump all dependencies to the latest on each release?
I guess our tests are sufficient but I'm a little bit scared bumping all.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bump to latest compatible with substrate.

Copy link
Collaborator

@jsdw jsdw Jan 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we really bump all dependencies to the latest on each release?
I guess our tests are sufficient but I'm a little bit scared bumping all.

Ah I didn't realise that also bumped dependencies. I guess I'm not too worried overall since it'll just be thel ate3st that our toml files are asking for anyway, which is what a fresh install of everything would bring in?

bump to latest compatible with substrate.

Pardon? The substrate deps won't be bumepd by this thing

@jsdw jsdw merged commit c0198ac into master Jan 18, 2023
@jsdw jsdw deleted the lexnv/cargo_lock branch January 18, 2023 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants