[New Check]: Increase upper constraint with no revision bump

hololeap commented 6 months ago

Is there an existing such new check request for this?

[X] I have searched the existing issues

Explain

The scenario:

A package has an upper version bound on a dependency.
At some point, a new version of that dependency is pulled into the tree.
The package increases the upper version bound to allow the new version of the dependency.
Without a revision bump, portage will not pull the package into the graph during updates and its dependencies will not be recalculated.
The upgrade for the dependency will be skipped. At worst, it will cause:

Multiple package instances within a single package slot have been pulled into the dependency graph, resulting in a slot conflict

Examples

-RDEPEND=">=dev-lang/ghc-8.10.6:=
+RDEPEND=">=dev-lang/ghc-9.0.2:=
"
 DEPEND="${RDEPEND}
-   >=dev-haskell/cabal-3.2.1.0
+   >=dev-haskell/cabal-3.4.1.0
-   test? ( >=dev-haskell/hspec-2.0 <dev-haskell/hspec-2.11 )
+   test? ( >=dev-haskell/hspec-2.0 <dev-haskell/hspec-2.12 )
 "

https://github.com/gentoo-haskell/gentoo-haskell/commit/37a3672ff548ae2e2d0dd36ab4737c0150269439#

Result:

<dev-haskell/hspec-2.11 required by (dev-haskell/unicode-data-0.4.0.1:0/0.4.0.1::haskell, installed) USE="doc hoogle hscolour profile test" ABI_X86="(64)"

A revision bump from dev-haskell/unicode-data-0.4.0.1 to dev-haskell/unicode-data-0.4.0.1-r1 fixes this.

Note that the changes in DEPEND for ghc and cabal do not cause a problem here because they are increasing the lower version bound of dependencies; portage is already trying to upgrade these packages to the highest possible version, so increasing the lower bound will not prevent portage from upgrading these.

Output message

'<dev-haskell/hspec-2.11' changed to '<dev-haskell/hspec-2.12' with no version/revision bump

Documentation

Warn when an upper version bound is changed, but the package has not received a revision bump nor upgraded its version number.

Result level

warning

arthurzam commented 6 months ago

From my knowledge, and multiple tests I just did, it reports a RdependChanged warning. Do note that this is ran during pkgcheck scan --commits (which is also auto triggered by pkgdev push).

Can you verify it also is raised for you?

hololeap commented 6 months ago

I must have something misconfigured, because I'm getting:

pkgcheck scan: error: failed running git: fatal: ambiguous argument 'origin': unknown revision or path not in the working tree.
Suggested to configure the remote by running 'git remote set-head origin -a'

Note that I renamed origin to gentoo-haskell for this repo.

After renaming the remote back to origin, I tried pkgcheck scan --commits in a directory containing an ebuild where I increased the upper bound of a dependency. I tried with the change not staged for commit, with the change staged, and with the change committed. None of these scenarios triggered a RdependChanged warning.

$ pkgcheck --version
pkgcheck 0.10.29-3-g2ed2a36 -- Sat, 2 Mar 2024 09:13:16 +0200

gentoo-haskell/dev-haskell/base-orphans $ git diff
diff --git a/dev-haskell/base-orphans/base-orphans-0.9.1.ebuild b/dev-haskell/base-orphans/base-orphans-0.9.1.ebuild
index c8c8adae6f2d..0e4e4abd71d6 100644
--- a/dev-haskell/base-orphans/base-orphans-0.9.1.ebuild
+++ b/dev-haskell/base-orphans/base-orphans-0.9.1.ebuild
@@ -21,7 +21,7 @@ RDEPEND="
 DEPEND="${RDEPEND}
        >=dev-haskell/cabal-3.4.1.0
        test? (
-               >=dev-haskell/hspec-2 <dev-haskell/hspec-3
+               >=dev-haskell/hspec-2 <dev-haskell/hspec-4
                dev-haskell/quickcheck
        )
 "

gentoo-haskell/dev-haskell/base-orphans $ pkgcheck scan --commits
dev-haskell/io-streams
  WhitespaceFound: version 1.5.2.2-r1: ebuild has trailing whitespace on line: 28

dev-haskell/monadrandom
  RedundantVersion: version 0.5.3: slot(0) keywords are overshadowed by version: 0.6-r1

dev-haskell/th-desugar
  RedundantVersion: version 1.12-r1: slot(0) keywords are overshadowed by versions: 1.13, 1.16
  RedundantVersion: version 1.13: slot(0) keywords are overshadowed by version: 1.16

dev-haskell/threepenny-gui
  NonexistentDeps: version 0.9.4.1: DEPEND: nonexistent packages: <dev-haskell/aeson-0.10, <dev-haskell/aeson-0.12, <dev-haskell/websockets-0.12.5
  NonexistentDeps: version 0.9.4.1: RDEPEND: nonexistent packages: <dev-haskell/aeson-0.10, <dev-haskell/aeson-0.12, <dev-haskell/websockets-0.12.5

www-apps/gitit
  NonexistentDeps: version 0.15.1.2: DEPEND: nonexistent package: <dev-haskell/pandoc-2.20
  NonexistentDeps: version 0.15.1.2: RDEPEND: nonexistent package: <dev-haskell/pandoc-2.20

profiles
  OutdatedProfilePackage: 'package.mask': outdated package entry: '>=dev-haskell/network-uri-2.7', last match removed 0.44 years ago
  OutdatedProfilePackage: 'package.mask': outdated package entry: 'dev-haskell/hls-stan-plugin', last match removed 0.18 years ago
  OutdatedProfilePackage: 'package.mask': outdated package entry: 'dev-haskell/hls-tactics-plugin', last match removed 0.18 years ago
  OutdatedProfilePackage: 'package.mask': outdated package entry: 'dev-haskell/stan', last match removed 0.18 years ago

Just to be clear, I get this same output when the change is staged and when it is committed as well.

Ultimately, I would like to elevate this warning to an error in the pkgcheck-action for the gentoo-haskell repo. Are there any instructions on how to do this?

arthurzam commented 6 months ago

I must have something misconfigured, because I'm getting:
pkgcheck scan: error: failed running git: fatal: ambiguous argument 'origin': unknown revision or path not in the working tree.
Suggested to configure the remote by running 'git remote set-head origin -a'
Note that I renamed origin to gentoo-haskell for this repo.

So first of all, before I continue to analyze and debug other stuff, just know that you can continue using your remote name, just configure --git-remote gentoo-haskell If it works, you can configure it in ~/.config/pkgcheck/pkgcheck.conf

[haskell]
git-remote = gentoo-haskell

arthurzam commented 6 months ago

Checked again your example:

gentoo-haskell/dev-haskell/base-orphans $ git diff
diff --git a/dev-haskell/base-orphans/base-orphans-0.9.1.ebuild b/dev-haskell/base-orphans/base-orphans-0.9.1.ebuild
index c8c8adae6f2d..0e4e4abd71d6 100644
--- a/dev-haskell/base-orphans/base-orphans-0.9.1.ebuild
+++ b/dev-haskell/base-orphans/base-orphans-0.9.1.ebuild
@@ -21,7 +21,7 @@ RDEPEND="
 DEPEND="${RDEPEND}
        >=dev-haskell/cabal-3.4.1.0
        test? (
-               >=dev-haskell/hspec-2 <dev-haskell/hspec-3
+               >=dev-haskell/hspec-2 <dev-haskell/hspec-4
                dev-haskell/quickcheck
        )
 "

I see you are changing DEPEND and not RDEPEND. This check is for RDEPEND. From my knowledge, changing build time stuff doesn't need revbump always (there are rules for when yes and when no, but this can't be checked by pkgcheck). For RDEPEND the answer is always yes.

hololeap commented 6 months ago

From my knowledge, changing build time stuff doesn't need revbump always

I've heard conflicting versions of this line of thinking myself. Perhaps @thesamesam can chime in on this.

Edit:

I think that the scenario I presented (an upper bound in DEPEND was changed) always needs a revbump. If there are any exceptions to this, I will gladly close this issue.

pkgcore / pkgcheck