search

qchateau / conan-center-bot

A bot to automatically update conan-center-index
GNU General Public License v3.0
11 stars 2 forks source link

Automatically update dependencies #29

Open madebr opened 3 years ago

madebr commented 3 years ago

Using magic regex'es, it is possible to extract the (build) requirements of recipes. I think it would be nice to, as is currently done with updating the versions, also create a branch with updated dependencies.

If you run in an overuse of the github actions, I think it's ok to not test whether a certain dependency bump is valid.

qchateau commented 3 years ago

Using magic regex'es, it is possible to extract the (build) requirements of recipes.

For simple recipes I guess it's possible, though some of them have dynamic dependencies (depending on options)

If you run in an overuse of the github actions

Can you ? For now it just runs with the highest level of parallelism possible, Github seem very generous x)

madebr commented 3 years ago

I wrote something to extract them using the ast. It is not beautiful code. I'm looking into alternative ways to extract them.

conan-cci-tree.zip I wrote the module initially to generate a build order to completely rebuild conan-center-index from scratch. That is useful to bring up new compilers/archs/os'es.

It won't extract versions such as libuv in https://github.com/conan-io/conan-center-index/pull/3640

ericLemanissier commented 3 years ago

for reference, we already have an existing tool updating references: https://github.com/bincrafters/bincrafters-conventions It already runs automatically on branches on https://github.com/bincrafters/conan-center-index

qchateau commented 3 years ago

I'm a not entirely convinced about automatically updating dependencies:

  1. We can probably only update to a new patch-level, maybe a new minor, but then we hope the author of the dependency follows semantic versioning
  2. CCB could try to compile multiple dependency versions and keep the latest working one, but that could mean a lot of compilation
  3. After a dependency update, I'd not be confident to say that compiling the "test_package" is enough to make sure the dependency update did not break the main library
  4. Updating dependencies to their latest version without any code change does not bring anything for the conan users: they can already override the libraries versions anyway. What's really useful is to update the library code to make it compatible with a newer version of their dependencies. But that cannot be automated.
  5. I see the dependencies in a conan recipes as "the ideal version" of the dependency. Meaning it's probably the versions used by the main developer of the library. It does not mean you can't use older or newer versions, but you'd have to test it yourself.