Skip to content

feat: Dynamic Version Resolution & Upgrade Command #61

New issue
New issue
Open
Open
feat: Dynamic Version Resolution & Upgrade Command#61
@drlucaa

Description

@drlucaa
drlucaa
opened on Jan 24, 2026

Currently, same requires exact version pinning in same.yaml to ensure hermetic builds. This feature introduces support for semantic version constraints (e.g., go@1.25.x), allowing users to define looser requirements while maintaining reproducibility through a new same.lock file.

Additionally, a new upgrade command will be implemented to explicitly check for and resolve newer versions matching these constraints.

Goals

  1. Dynamic Constraints: Allow users to define tools with ranges (e.g., ^1.0.0), wildcards (e.g., 1.2.x), or exact versions in same.yaml.
  2. Hermetic Locking: Introduce same.lock to pin concrete versions, ensuring that same run remains deterministic across environments.
  3. Upgrade Workflow: Provide a same upgrade command to update locked versions to the latest available release satisfying the constraints.

Acceptance Criteria

Configuration & State

  • Update same.yaml parsing to accept standard semantic version constraints (e.g., 1.25.x, >=20.0.0 <21.0.0, ^3.11).
  • Implement same.lock file generation and reading.
    • Schema: Must include the concrete version, Nixpkgs commit hash, attribute path, and the original constraint.
    • The lockfile must be committed to version control.

CLI Behavior

  • same run:
    • If same.lock exists and matches the same.yaml constraint: Use the locked version.
    • If same.lock is missing or the constraint has changed: Perform a "Cold Resolution" (fetch latest matching version), generate/update the lockfile, and proceed.
  • same upgrade [tool...]:
    • No args: Checks all tools with dynamic constraints.
    • With args: Checks only specified tools.
    • Fetches available releases via the NixHub API.
    • Resolves the highest version matching the constraint.
    • Updates same.lock and invalidates relevant environment caches.
    • Prints feedback (e.g., Upgraded go: 1.25.1 -> 1.25.4).

API Integration (NixHub)

  • Update DependencyResolver to support ListVersions.
  • Integrate with the NixHub /pkg endpoint (GET https://search.devbox.sh/pkg/{package_name}).
  • Filter releases based on the current platform (GOOS/GOARCH).

Technical Details

Lockfile Schema Proposal:

version: "1"
tools:
  go:
    version: "1.25.4"
    commit: "2788904d26dda6cfa1921c5abb7a2466ffe3cb8c"
    attr_path: "legacyPackages.x86_64-linux.go"
    constraint: "1.25.x"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions