Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exact dependencies here make the SDK less useful #12

Closed
kevinheavey opened this issue Feb 20, 2023 · 9 comments
Closed

Exact dependencies here make the SDK less useful #12

kevinheavey opened this issue Feb 20, 2023 · 9 comments

Comments

@kevinheavey
Copy link

phoenix-v1 is a program so it's good that it has exact dependencies, however phoenix-v1 is also used as a library in phoenix-sdk-core so anyone using phoenix-sdk-core gets locked into a specific version of stuff like spl-token.

This probably requires a separate library crate for stuff that's common between the SDK and the program?
@jarry-xiao
Copy link
Contributor

This is a really good point. Do you have a suggestion for a good way to do this? I'm happy to publish another crate without locking dependencies, but it would be good for that to live elsewhere -- maybe a dedicated branch?

@kevinheavey
Copy link
Author

kevinheavey commented Mar 1, 2023
edited

I would suggest just making a phoenix-common crate that has loose dependencies. phoenix-sdk-core would depend on phoenix-common and not on phoenix-v1. phoenix-v1 would also depend on phoenix-common. If you want you could keep all the exact dependencies in phoenix-v1 even if some of them aren't direct dependencies anymore

@jarry-xiao
Copy link
Contributor

I think I'm okay with creating phoenix-common and having phoenix-sdk depend on phoenix-common but would prefer to keep the main program unchanged to ensure the build remain verifiable

@kevinheavey
Copy link
Author

How would it break the verifiable build?

@jarry-xiao
Copy link
Contributor

I'm concerned about Cargo pulling in updated versions of packages during the build. I think the Cargo.lock might help with this, but to avoid having deal with that issue I've created phoenix-common:

https://crates.io/crates/phoenix-common

@jarry-xiao
Copy link
Contributor

It was published from the crate branch

@kevinheavey
Copy link
Author

Yeah that was what I was referring to by:

If you want you could keep all the exact dependencies in phoenix-v1 even if some of them aren't direct dependencies anymore

@jarry-xiao
Copy link
Contributor

Good to close the issue? I'm updating all of the other packages to relax the dependency constraints

@kevinheavey
Copy link
Author

I still think it would be better to make phoenix-common a dependency of phoenix-v1 and add exact constraints for spl-token & co in the phoenix-v1 Cargo.toml, but up to you since the sdk problem is fixed either way 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevinheavey @jarry-xiao