Closed MonoidMusician closed 1 year ago
Here's the full list of package versions which fail to solve:
https://gist.github.com/MonoidMusician/0f0c4ed70edf7c000a1da012bdca5134
Definitely too many to fix 😄
I'm fairly sure this list is accurate, pending more verification of the latest iteration of the solver. That said, I don't think I made substantial changes to the core logic of the solver so I'm fairly confident in it. In fact, all but 2 of these failures were found with merely the transitive dependencies check in the solver, not the full logic for picking versions.
Interestingly, all of the integration test packages failures I listed above are included in this new list, which I was not expecting since (afaik) that was running on mixed registry/bower data, although it was filtering out packages that just failed to solve on bower.
How could these be published under Bower? If they don't solve they should not go through their publishing process, right?
I don't think bower checks for solvability on publish, does it? I think it kind of just tags it on GitHub and calls it good. Also it's easy to get into a weird state with bower, where deleting the bower_components
directory results in updating a lot of packages that were stuck at old versions or something.
I don't know if Bower did check automatically, but pulp publish
requires running bower install
, which tries to solve.
What I'm trying to get at here is that this amount of unsolved packages is definitely suspicious and worth some investigation. Having a lot (or any, really) of unsolvable packages in the Registry would be a problematic situation, and I personally think we should try to resolve it before we declare this stable.
It's not clear to me that any of these versions are available on pursuit, so pulp publish
might have never happened.
I should organize them by date, as I suspect most of them are pretty old and not relevant to current development, but I don't have that information at hand yet. Obviously some are unstable versions 0.x.y
, so it's a bit less surprising that they fail.
It does appear that most of the failures I looked at are not on pursuit, either due to neglect or because they predated pursuit or common publishing to pursuit.
About the only ones I could find on pursuit at first glance were the versions of prettier-printer
, but their error here is that we don't have a dependency in the registry:
721. prettier-printer@1.2.0
No versions found in the registry for pipes in range
>=5.0.0 seen in spec@2.0.0
<6.0.0 seen in spec@2.0.0
722. prettier-printer@1.1.0
No versions found in the registry for pipes in range
>=5.0.0 seen in spec@2.0.0
<6.0.0 seen in spec@2.0.0
723. prettier-printer@1.0.1
No versions found in the registry for pipes in range
>=5.0.0 seen in spec@2.0.0
<6.0.0 seen in spec@2.0.0
724. prettier-printer@1.0.0
No versions found in the registry for pipes in range
>=5.0.0 seen in spec@2.0.0
<6.0.0 seen in spec@2.0.0
I don't know why we don't have pipes@5.0.0
given that we have its other versions …
A recent failure: spec-discovery@7.0.0
was an update for PS 0.15.0, not published to pursuit, that introduced a spago config but did not bump bower.json
, but it was followed up with another version 8.0.0
that did update bower: https://github.com/purescript-spec/purescript-spec-discovery/releases
I would be curious to see if, with these removed, we can try to make ManifestIndex
care about packages being solvable if we want — if you all see value in that, otherwise we can keep it:
Also, we could disable the LegacyImport
exemption in the API pipeline, so that all packages including legacy ones are forced to solve to be included. At that point we know the manifest index remains full of solvable packages.
As per the registry call, we are going to:
ManifestIndex
unchangedTo expand on the comment above, here's a recap of the discussion in yesterday's call:
0.1.0+newbounds01
. This would allow us to keep the registry working by using these revisions, but would allow package managers to opt-out of them if need be (since they could decide to only pick versions without build metadata)
And prevent reupload.
I think our integration test isn't doing the exact thing we need (for two reasons: I think part of it is still mixed with Bower data, and it only checks for the most recent version), but it gives an idea of which packages are problematic:
Related: