search

nabijaczleweli / cargo-update

A cargo subcommand for checking and applying updates to installed executables
MIT License
1.22k stars 42 forks source link

How to build all upgraded executables with `--locked`? #191

Closed repi closed 2 years ago

repi commented 2 years ago

So they are built with the exact versions of the dependencies that they have been tested on with their Cargo.lock (if they have one, which executables should have).

Saw there is an enforce_lock setting and an cargo install-update-config --enforce-lock command but unsure how to use this so the command cargo install-update -a would build all upgraded executables with cargo build --locked.

Somewhat related Cargo issue: https://github.com/rust-lang/cargo/issues/7169, though while it is an issue that cargo install xx doesn't build it with --locked, cargo install xx --locked is supported.

nabijaczleweli commented 2 years ago

Global/all-package configuration is something I've largely wanted to avoid tbh; as it stands, you could run cargo install-update-config --enforce-lock $pkg for all pkg in installed crates, or run as CARGO_INSTALL_OPTS=--locked cargo install-update -a.

The ergonomics of this are, again, questionable, but [insert last paragraph of #192].

repi commented 2 years ago

ah didn't know you could set CARGO_INSTALL_OPTS=--locked, that should solve my local use case of upgrading packages either directly with cargo install-update -a or through topgrade (which uses it). will try it out.

I do think in general that this ultimately should be the default (also in Cargo) as it is safer and more expected to build with tested dependencies rather than latest available. But being able to use this and start testing with this should solve this specific issue. thx!

repi commented 2 years ago

can confirm it worked!

for example here was cargo-crev building with its, no so great, Cargo.lock file:

Updating cargo-crev
    Updating crates.io index
  Installing cargo-crev v0.23.3
warning: package `cpufeatures v0.2.2` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `iana-time-zone v0.1.44` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `pest v2.2.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `pest_derive v2.2.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `pest_generator v2.2.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `pest_meta v2.2.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked