Improve workflow: Option to ignore lock.sbt dependencyOverrides when hash is stale #24
Conversation
I'm not sure why https://travis-ci.org/tkawachi/sbt-lock/jobs/465760029 failed. Both |
Hi, Thanks for the PR! |
441d5b6
to
9215c0c
Compare
Okay, I'm done addressing my TODOs. Since last review:
Ready for another review. |
@@ -25,17 +25,23 @@ addSbtPlugin("com.github.tkawachi" % "sbt-lock" % "0.5.0") | |||
`lock.sbt` includes `dependencyOverrides` for all dependent library versions. | |||
Manage it with version control system. | |||
* `unlock` to delete `lock.sbt` file. | |||
* `checkLockUpdate` to print whether the lock file needs an update. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It prints? It's not just a value? I'd name it "printLockUpdate" or "printLockStatus" or "printLockNeedsUpdate" or something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, taskKey[Unit]
. This key already existed. I'm just documenting. Going to defer to @tkawachi if he wants to rename it.
If we do rename it, https://www.scala-sbt.org/1.0/docs/Plugins-Best-Practices.html#Key+naming+convention%3A+Use+prefix encourages namespacing them with a prefix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree to rename it. It's better to rename in another PR.
@@ -8,4 +8,6 @@ object SbtLockKeys { | |||
val unlock = taskKey[Unit]("Delete a version locking file for sbt-lock") | |||
val collectLockModuleIDs = taskKey[Seq[ModuleID]]("Collect ModuleIDs to lock") | |||
val checkLockUpdate = taskKey[Unit]("Check whether a version locking file needs update") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the comment here should match the readme.
| ${Compat.dependencyOverridesType}.empty | ||
| } else { | ||
| ${Compat.dependencyOverridesType}( | ||
| ${moduleLines.mkString(",\n ")} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
\t
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but don't you want to get paid more? https://stackoverflow.blog/2017/06/15/developers-use-spaces-make-money-use-tabs/
* project dependency tree (including transitive ones), | ||
* but I don't know how to do that in sbt. | ||
*/ | ||
(sbtLockHashIsUpToDate in ThisBuild).value && sbtLockHashIsUpToDate.value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like recursive insanity, I can't believe SBT doesn't just explode when you do this :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -67,6 +102,10 @@ object SbtLockPlugin extends AutoPlugin { | |||
s"Run `;unlock ;reload ;lock` to re-create ${lockFile.name}.") | |||
logger.warn( | |||
s"Run just `lock` instead if you want to keep existing library versions.") | |||
if (ignoreOnStaleHash) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels like it should go before the if (hashInFile != currentHash)
condition, or maybe prevent all the "run lock instructions" stuff from printing so it's not lost in the noise.
Actually I'm wondering if it might be nice to print out this warning whether the lock is up to date or not...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Printing it all the time sounds like more noise. I'd worry about desensitizing people to it.
@tkawachi thank you for the quick review, merge, and release. You're wonderful. |
Summary
Changes generation of
lock.sbt
files to produce something like:Problem Background
The ingrained workflow with sbt is:
libraryDependencies
> reload
I've introduced sbt-lock at work, but we're all getting tripped up by it regularly, which has halted adoption. Coworkers make
libraryDependency
changes which don't take effect because of lock.sbt, then they spend the next hour assuming the dependency is broken and looking upstream.I think one contributing factor might that sbt handles dependency resolution automatically. There is no
npm install
step. You just editlibraryDependencies
and you're generally good to go.It's easy to forget that the repo they're making changes to is one of the few that use sbt-lock. The sbt console logging gets lost in the rest of the log spam noise. Requiring a behavior change is proving too difficult.
Proposed Solution
This PR adds a
sbtLockIgnoreOverridesOnStaleHash := true
key to allowlibraryDependencies
changes to take effect on reload, even without a;unlock;reload;lock
. We'll still enforce this in CI builds (e.g.require((sbtLockHashIsUpToDate in ThisBuild).value)
), but local development workflow can remain the same way everyone's accustomed to.I've set a default value of
sbtLockIgnoreOverridesOnStaleHash := false
to allow behavior to remain as it is today for existing consumers. We'll enable it in all our projects. If you think it's better to eliminate the complexity and just change the behavior, I'd be happy to do that too.cc: @Cake @jrouly @patrickjcurran @rcmurphy @arkban