-
Notifications
You must be signed in to change notification settings - Fork 959
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
override requirements in conan install #2140
Comments
Yes, this could make sense, I have thought about it a couple of times, specially when doing CI. |
Just to recall, @memsharded. Probably it has to be analyzed together with the idea of the conaninfo becoming a profile, requirements overriding in a profile (that would be the same as the proposed About your question about if they should be always "overrides" or not, maybe the answer is also in the conaninfo? |
We could do:
Do you think that is a good idea? |
That is very similar to what I am doing now, though more accurately I'm only including the channel part because that's all I need for my case. I ran into this problem due to the need to simultaneously build multiple branches, which we mapped to channels, but not being able to tell which branch to pull requirements from. At first we were using scopes to handle this but (1) scopes are being removed and (2) there is some level of danger in not encoding the override information into the package. Having a clean solution for this would be nice. It seems like it would not be uncommon for multiple parallel branches of development to be occurring for larger projects. |
@mpdelbuono but for the user/channel, you might probably be good with the
Thanks for the feedback! @wpalfi The thing about that approach is that it doesn't allow to really override upstream transitive dependencies only your current project one. Many times you have A->B->C->D. You are installing A, and want to depend on a new specific version of D (D.2), instead of the D.1 that C requires. You don't want to implement that in all packages, then you need to know which packages actually depend on D. So the idea would be to add overriding requirements to A, that will be propagated upstream, even if they are not modeled as direct A dependencies. |
Unfortunately not, because all of these dependencies live in different repositories by potentially completely disconnected teams. As such, I can't just propagate the channel up the hierarchy because there is no defined relationship between channel names. For example, one team might start working on a feature that they don't feel is stable enough for the development channel. So they create a separate channel for it. That new channel has no meaning in any of the other packages, and so a different channel must be selected. Similarly, for consumers that wish to take an early version of that feature, they will need to select that channel, but will need to continue selecting the main development channel for other packages. A little weird to describe; I hope that made sense. |
Hello folks, sorry for being late to the party, but there is something I don't quite understand in the original question:
Is this user story not already covered by Consider this toy example (everything is in user/channel class A1Pkg(ConanFile):
name = "aaa"
version = "1.0"
requires = "bbb/1.0@foo/bar", "ccc/1.1@foo/bar" class A2Pkg(ConanFile):
name = "aaa"
version = "2.0"
requires = "bbb/1.0@foo/bar", "ccc@1.2@foo/bar" class BPkg(ConanFile):
name = "bbb"
version = "1.0"
requires = "ccc/1.1@foo/bar"
def package_id(self):
self.info.requires.full_version_mode() class C1Pkg(ConanFile):
name = "aaa"
version = "1.1" class C2Pkg(ConanFile):
name = "ccc"
version = "1.2"
As you can see (and hopefully reproduce) Of course, it relies on the fact that
Sorry if I am stating the obvious. |
Not really. The
In that case you need to somewhat define that "override" of C2.0 when you are building B1.0 directly from B1.0 (conan create), not as a dependency of A (conan install --build=B). |
I would a feature just as the proposed
This shall mean "If at any point you see a requires for LibA, just take this version without trying to respect all other restrictions user/channel or version". I had to develop my own base class that take this information in the current lib + all other dependencies that are built and force the version under test. This is a bit too much invasive and if any of the dependency does not use my base class, the overrides does not work. Would it be possible to add such a feature? |
We have been discussing this issue lately but we need more information about your use cases if you don't mind. Edit: I see some feedback from this duplicated issue #5067 but I would like to hear more from here. Edit2: Note that some of the use cases described there, might be related to version ranges and could be solved using the lockfiles feature |
We'd appreciate the feature because it'd allow us to try out "experimental" packages locally which do not conform to the version-range protocol without changing the recipe. We had cases where after local changes - a developer forgot to fix the dependency back from an experimental and it was leaked into the trunk, which is while not that crucial but very inconvenient. For us, It's purely a development feature. |
Hi. For myself, I have developed a tool and its companion conanfile base class that allows me to inject these dependencies at run time. the main use case for me is is to test a change before merge:
I know this is not "normal" use case for a clean, independent library that would carry its own intensive unit test campaign. It is not like that I write my python packages for instance. Here I have used "lib" and "app" but it is just to show the relationship between them. For some statistic, so far we have a few dozen of such packages, and we might increase rapidly to 100 and maybe more. Using conan is extremely useful to avoid rebuilding from scratch each time (it is C/Cmake underneath), but in these 100 packages, a change on one can impact some other, so we need to check on the integration project if something break as soon as possible, to warn the developer and also to help it identify what other change will be required:
I have planned to write you an email or maybe sync up with you somehow to describe what I did (maybe I did things wrong, that's possible) and what would be interesting for the conan project (or a companion project, that's also possible). My tools are not open source for the moment, but it is planned sometime this year :D |
@gsemet thanks. Would be nice to know more about your solution and we will be glad to have a meeting if we can help. Without knowing many details about what you did, using package revisions and lock files you should be able to manage it. Have you taken a look at this docs? I think we might have more material to learn about it, I will search and update. |
Sure, I'll try to set up something for you. Yes I would like to use lock files ultimately, I use an intermediate file to store the component to test that looks like a mini-lock file (only direct level of dependency is overriden). But I do not see how to use the lockfile directly, how can you patch the lock file of another project to say "if in your graph you have libA/1.0.0, take the |
For me (I commented on the linked issue), this mainly stems from having transitive dependencies and later making releases. From the conanfile of the end-consumer that fixes all versions of all dependencies to be used, lockfiles will be created and they are used to build packages in between. So at the moment, there is no need for us to have this override feature on command line any more. |
What I say is not in contradiction with your point. We do have version range in recipe (I would like to use lockfile only on the app). |
Thanks! I'm getting a better picture now, still would like to receive more use cases from the users that upvoted the issue: @yuri-kilochek @niosHD @driesdeschout @petermbauer @raffienficiaud @turkishviking @josh-stoddard-tanium @IceflowRE @ilya-v @lieser |
We have two use cases, both mainly for our CI. 1. Build and test our own packages with different versions of the dependenciesLets assume we have liba, for which both a stable version and an unstable version exist (e.g. We also have a libb, which depends on liba. In the recipe of libb checked into git, we want to require on the stable version of liba, i.e. I don't thing its relevant here, but note that all our own packages are currently using Now in our CI, we want to build and test libb not just with the stable version of liba, but also against the unstable version of liba. And in the future, especially if we start using version ranges, we may additionally want to build and test against different stable versions of liba. As these are our own packages, we were able to add some logic to the packages, which allows to override the references in the requires via environment variables. So this is currently already possible, but we believe it would be good to have a common an officially supported approach here, and get the redundant logic out of the recipes. 2. Build and publish packages from conan-center with overridden requirementsWe have our own internal CI using conan-package-tools for building some packages from conan-center. This is admittedly currently only a theoretically use case for us. We have not yet used Conan that long, and so far the default references inside the recipes worked out for us. But I imagine that will not always be the case. An alternative approach here would be to manually change the requires in the recipe from conan-center before building. And as long as we do not change the default package-id mode it is maybe also the better one. Note that for us it would be important that the solution works well in combination with the conan-package-tools. |
Ok, maybe I do revisit my comment from above. In general, this feature can be necessary for developers, that are debugging recipes.
Conan always takes the newest, and resolves it to |
We have a similar use-case as already described by others: |
I agree that the mechanism would be a cool feature. As a workaround it is possible to download the package in the desired version/revision and then trigger the |
Thanks all for answering. |
Proposing #9195 draft, to start experimenting with this. |
Some additional side note: My understanding of However, my usage (and from what I understand some of the other users have similar use cases), is just to provide a valid version when using version ranges, which will satisfy existing requirements, but not "override" anything. So I don't know if it makes sense to distinguish between the two usecases or not. |
The proposal in #9195 only implements one of the existing It would also totally make sense that this feature is used to try to validate if the next version outside of a range would work in the graph, without needing to modify the recipe. If this is not the desired behavior of this feature, we would need to know, please @gsemet @wpalfi @petermbauer, @slietzau, @Minimonium, @mpdelbuono, @lieser, @vctgross, feedback very welcome. |
Hi. That would cover part of our needs (we also use this overrides for build_requirements). Hi does it behave for transitive dependencies or during export ? For transitive dependencies, A depends on B and C and B depends on C, if C is overrrided, when B is rebuilt it needs to take the overridden C as well. Also, the export triggers the “requirement” hook that I use to simulate this override, so we need to carry the wanted override as well. basically after a Conan install with override, whatever happen, whatever range protection, we need to use the overridden lib in every case. |
The current PR looks great for my use case. The by-passing behavior is what I need and it conforms to the current override behavior in other parts of Conan. |
I would say that overriding without validating fits our use case better. |
Same here, one often does not know in advance what may be overridden in the future and with what version/user/channel. |
Yes, the override is hard, as long as the package name is the same, the rest of the reference will be overriden.
It also applies to transitive dependencies, yes, once a version is overriden it is overriden for the graph, not only for the declaring override consumer.
Not sure what is the
Yes, this is the behavior 👍 |
The proposed implementation is a good way to quickly force overriding certain dependencies. Maybe in the future we can have a separate discussion on how users can influence the graph calculation in general, and what are best practices for modeling requirements (version ranges vs fixed versions) and how teams can handle / update large dependency graphs. |
I am going to merge #9195 for Conan 1.39. The problem with As this issue will be automatically closed when the PR is merged, I suggest if you are interested in the build_requires case to open a new issue when we can discuss the specifics of this case. Thanks! |
Ok thanks. I have created #9302 for discussion about overriding "build_requires" dependencies. |
In the docs you explain requirement overriding. I guess that can be used to handle diamond dependency conflicts. You force existing packages to use different versions of their requirements.
But what if a library needs to be rebuilt to correctly use different versions of its requirements? We would need to create different packages of that library. We can handle that by adding an option and using conditional requirements in the conanfile. Wouldn't it be nice to be able to override the requirements the same way you override options and settings in the conan install command? Someting like:
conan install . --requires="LibA/0.1@demo/testing"
The text was updated successfully, but these errors were encountered: