jbedard
commented
3 months ago update_pnpm_lock runs pnpm import to convert yarn or npm to pnpm-lock, not pnpm install. But pnpm import sounds like another use case for aspect repin? 👍
Open alexeagle opened 3 months ago
jbedard
commented
3 months ago update_pnpm_lock runs pnpm import to convert yarn or npm to pnpm-lock, not pnpm install. But pnpm import sounds like another use case for aspect repin? 👍
jbedard
commented
3 months ago With bzlmod update_pnpm_lock can't reload the lockfile after updating it, so it must fail the build which then needs to be re-run. With rules_js v2 workspace + bzlmod were just aligned to require reloading (https://github.com/aspect-build/rules_js/pull/1701).
What is the current behavior?
JavaScript
After changing
package.json, users must remember tobazel run -- @pnpm --dir $PWD installor elsetranslate_pnpm_lockuses stale information from thepnpm-lock.yamlfile. There's a hacky thing https://github.com/aspect-build/rules_js/blob/main/docs/pnpm.md#update_pnpm_lock that can automate it but I think we killed that for bzlmod / rules_js2 right @jbedard ?Python
I added
pip-compileas a write_source_files-style test that therequirements-lock.txtfile is up-to-date. However it can only check on the current platform. It prints abazel runcommand when the requirements need to be re-pinned.Rust
Developers get an error when
Cargo.Bazel.lockis out-of-date.Java
https://github.com/bazelbuild/rules_jvm_external/tree/6.0?tab=readme-ov-file#requiring-lock-file-repinning-when-the-list-of-artifacts-changes
Go
Under bzlmod, rules_go reads the
go.sumfile to get integrity hashes. After changinggo.modthey're expected tobazel run @go_sdk//:bin/go -- mod tidyDescribe the feature
It's a PITA that every language has a different setup and instructions for developers. Aspect CLI could give one DX on top of this variability, like
aspect repin, which would take any changes to any third-party dependency listing and update the pinned/generated code.