When you run carmel install for the first time in your project, it scans your artifact repository for versions satisfying the requirements. This makes the initial install fast, but has a potential risk where it could pull a very old version of the module if it happens to be the only version available in the repository.
This means, with the same cpanfile, without cpanfile.snapshot, could yield different snapshot based on user's environments, depending on what build cache they have, even when they run exactly at the same time. This is not a great user experience.
This PR changes it so that it will install the latest version available on CPAN and that makes it more consistent, while still giving the benefit of being able to pin the version if they want to, explicitly with carmel update Module@version. This basically gives the same results if you run cpanm -L ./local --installdeps . initially, or run carton install without the snapshot.
In other words, the first carmel install run when cpanfile.snapshot doesn't exist, works like you do carmel install && carmel update.
One remaining issue, if you do:
Create cpanfile, run carmel install
Add a new dependency, run carmel install
Then for the new dependency, it can still pull a (potentially old) version from the artifact repository, which sounds inconsistent. That behavior is not resolved in this PR yet.
When you run
carmel installfor the first time in your project, it scans your artifact repository for versions satisfying the requirements. This makes the initial install fast, but has a potential risk where it could pull a very old version of the module if it happens to be the only version available in the repository.This means, with the same
cpanfile, withoutcpanfile.snapshot, could yield different snapshot based on user's environments, depending on what build cache they have, even when they run exactly at the same time. This is not a great user experience.This PR changes it so that it will install the latest version available on CPAN and that makes it more consistent, while still giving the benefit of being able to pin the version if they want to, explicitly with
carmel update Module@version. This basically gives the same results if you runcpanm -L ./local --installdeps .initially, or runcarton installwithout the snapshot.In other words, the first
carmel installrun whencpanfile.snapshotdoesn't exist, works like you docarmel install && carmel update.One remaining issue, if you do:
cpanfile, runcarmel installcarmel installThen for the new dependency, it can still pull a (potentially old) version from the artifact repository, which sounds inconsistent. That behavior is not resolved in this PR yet.