search

rust-lang / cargo

The Rust package manager
https://doc.rust-lang.org/cargo
Apache License 2.0
12.59k stars 2.39k forks source link

cargo publish --dry-run doesn't perform metadata checks #14249

Closed RaphaelDarley closed 2 months ago

RaphaelDarley commented 2 months ago

Problem

When running cargo publish --dry-run it doesn't perform all checks, as it says in the documentation. Namely it doesn't check that certain metadata fields such as license or license-file, description, homepage, repository and readme.

Steps

create a blank cargo project (cargo new foo) login to crates.io (cargo login) cargo publish --dry-run --allow-dirty (this should succeed) cargo publish --allow-dirty (this will fail)

Possible Solution(s)

check for this metadata in the dry-release

Notes

would happy to implement this

Version

cargo 1.79.0 (ffa9cf99a 2024-06-03)
release: 1.79.0
commit-hash: ffa9cf99a594e59032757403d4c780b46dc2c43a
commit-date: 2024-06-03
host: aarch64-apple-darwin
libgit2: 1.7.2 (sys:0.18.3 vendored)
libcurl: 8.6.0 (sys:0.4.72+curl-8.6.0 system ssl:(SecureTransport) LibreSSL/3.3.6)
ssl: OpenSSL 1.1.1w  11 Sep 2023
os: Mac OS 14.5.0 [64-bit]
linyihai commented 2 months ago

check for this metadata in the dry-release

I think Cargo has do the metada check in any case and warn 

warning: manifest has no description, license, license-file, documentation, homepage or repository.

And the error is retured by createio api if you real publish without dry-run

error: failed to publish to registry at https://crates.io

Caused by:
  the remote server responded with an error (status 400 Bad Request): missing or empty metadata fields: description, license. Please see https://doc.rust-lang.org/cargo/reference/manifest.html for more information on configuring these fields

This can be cc https://github.com/rust-lang/cargo/issues/3662

epage commented 2 months ago

btw it would be good to include all of the information with your reproduction steps

$  cargo new epage-dry-run-publish-test
    Creating binary (application) `epage-dry-run-publish-test` package
note: see more `Cargo.toml` keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
$ cd epage-dry-run-publish-test/
$ cargo package --allow-dirty
warning: manifest has no description, license, license-file, documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
   Packaging epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test)
   Verifying epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test)
   Compiling epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test/target/packag
e/epage-dry-run-publish-test-0.1.0)
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.10s
    Packaged 4 files, 876.0B (684.0B compressed)
$ cargo publish -n --allow-dirty
    Updating crates.io index
warning: manifest has no description, license, license-file, documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
   Packaging epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test)
   Verifying epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test)
   Compiling epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test/target/packag
e/epage-dry-run-publish-test-0.1.0)
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.38s
    Packaged 4 files, 876.0B (684.0B compressed)
   Uploading epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test)
warning: aborting upload due to dry run
$ cargo publish --allow-dirty
    Updating crates.io index
warning: manifest has no description, license, license-file, documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
   Packaging epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test)
   Verifying epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test)
   Compiling epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test/target/packag
e/epage-dry-run-publish-test-0.1.0)
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.33s
    Packaged 4 files, 876.0B (684.0B compressed)
   Uploading epage-dry-run-publish-test v0.1.0 (/home/epage/src/personal/dump/epage-dry-run-publish-test)
error: failed to publish to registry at https://crates.io

Caused by:
  the remote server responded with an error (status 400 Bad Request): missing or empty metadata fields: description, l
icense. Please see https://doc.rust-lang.org/cargo/reference/manifest.html for more information on configuring these f
ields

From this, we notice that Cargo is doing validation, via the warnings (see also #4840). The problem is coming from the server side response.

4377 is tracking Cargo's publish validation logic, closing in favor of that. If there is a reason we should keep this open separately, let us know!