Skip to content

[sync-lock] Add sync-lock-reference flag #1503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[sync-lock] Add sync-lock-reference flag #1503

wants to merge 1 commit into from

Conversation

mikeland73
Copy link
Contributor

Summary

Stacked on #1501

This adds a --sync-lock-reference flag that allows --sync-lock to prioritize dependencies in a lock file. This is useful when you want to enforce a repo to mimic a single lock file.

This is an alternative to introducing workspaces (e.g. yarn or golang workspaces).

How was it tested?

# modified examples/databases/mariadb/devbox.lock to have an older dependency
devbox update --sync-lock --sync-lock-reference examples/databases/mariadb/devbox.lock
# observed that all lock files now follow older dependency.

@LucilleH
Copy link
Collaborator

I'm not sure we need this if the search endpoint can always return cached packages. Thoughts?

@mikeland73
Copy link
Contributor Author

I'm not sure we need this if the search endpoint can always return cached packages. Thoughts?

Agreed

@mikeland73
Copy link
Contributor Author

OTOH, this could still be useful when adding a new project to a repo. e.g. you want to add a new project and use existing versions without forcing everything to change to the newer version.

Base automatically changed from landau/update-sync to main September 25, 2023 23:52
@mikeland73 mikeland73 force-pushed the landau/update-sync-reference branch from b531cc1 to 1e81036 Compare September 26, 2023 00:15
@gcurtis
Copy link
Collaborator

gcurtis commented Sep 26, 2023

Could you go into more detail on when synchronizing to a specific lock file is useful? I've mostly run into cases where I want to:

  1. Bulk edit a bunch of devbox.jsons to set a package version.
  2. Run a bulk devbox update to lock all of those to the same constrained version.

It seems rare to want to synchronize to the non-latest nixpkgs commit for a package by pointing to a lock file.

@mikeland73
Copy link
Contributor Author

@gcurtis this is mostly because our frontend repo has a specific version of node that is pre-built. But if search is already only returning prebuilt by default, that would eliminate the need for this for the the most part.

I still think there's a use case for adding new dependencies that match what you have in the project, but this may be the wrong solution.

maybe:

devbox add <pkg> --resolve-using path/to/devbox.lock
devbox install --resolve-using path/to/devbox.lock

The reason being that I don't want to be forced to update all dependencies whenever I want to add a new project, but I do want all projects to resolve to the same hash.

@mikeland73 mikeland73 closed this Oct 12, 2023
@mikeland73 mikeland73 deleted the landau/update-sync-reference branch October 12, 2023 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gcurtis gcurtis Awaiting requested review from gcurtis

@loreto loreto Awaiting requested review from loreto

@LucilleH LucilleH Awaiting requested review from LucilleH

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mikeland73 @LucilleH @gcurtis