-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lint to detect semantic versioning failures #374
Comments
Perhaps when a registry is online it could outright refuse (perhaps with an override) to push a new change when a breaking change happened and the semantic versioning has not been appropriately changed (i.e., they bumped the patch, but the change needs to bump the major). |
Yeah, there has been some small amount of discussion about attempting to determine breakage as part of the metatdata the central server has. |
@thehydroimpulse yes, that's the idea 😄 |
The tool should be separate from cargo, with a subcommand that shells out to it. |
I'm very much interested in this issue. I would like to help. Given that this issue is marked as Even if I turn out not to be skilled enough to actually code the thing, I'd be happy to help with testing, documenting or anything else related to this issue. Side note @cmr: why should this be separate from cargo? |
Yeah this is indeed unfortunately |
I've been thinking that we could use the incremental compilation infrastructure (once it's set up): Save incr. comp. data for the old version, and check what has changed in the new version. Of course, this would still need a set of "breakage rules" that dictate which changes are OK for which kind of version bump, but at least finding changes is then done by the compiler. |
@alexcrichton Alright, thanks. |
Looks (unless I'm confused) like GSoC 2017 led to the creation of /~https://github.com/rust-lang-nursery/rust-semverver, which seeks to address this. Looks like that needs more work, in anyone here is interested. |
cargo-semverver uses the metadata in an rlib plus some hard coded rules to determine what a breaking change is cargo-breaking originally was parsing the crate using cargo-crate-api is a PoC for using the json output from rustdoc to detect breaking changes. cargo-public-api is somewhat similar. One approach that I've not seen used is to build on top of rust-analyzer. To me, the ideal solution would
Breaking down potential data sources:
|
There's also cargo-semver-checks now (cc @obi1kenobi), also based on rustdoc output. |
To help cover the importance / use case for this tool (at least partly obvious but still want to cover it). The more obvious is to prevent unintentional breaking changes like recently happened with h hit clap recently due to an auto-trait. The less obvious is the impact on maintainers and their ability to scale up and remove toil in their development. cargo is fine making breaking changes but tracking when to bump the breaking version field is still work. We recently had a breaking change released without bumping the right field (#10803). We don't have a lot of process in place (e.g. conventionalcommits.org/) to help catch these. I feel the overhead of tracking breaking changes is one of several limiting factors for the cargo repo to containing more crates and resolving this would be a big help for the cargo team. Providing a trivial way of checking the status of all crates and helping to write the release notes would make it easier to scale up what maintainers are able to deal with much like the difference I've had in manually publishing crates and switching to cargo-release. EDIT: It'd also shift documentation to automation, see #8736 |
@JohnTitor I'd be interested in hearing the rust-semverver perspective on my earlier comment, including what your thoughts are on
|
Regarding rust-semverver:
There was an attempt to bring it into the rust-lang/rust repo so that it would always be in a buildable state (like clippy or rustfmt), and thus usable on stable. I think that is still an option, it just needs active people to maintain it. I think this is still an attractive option, since having the full power of the compiler to run queries (like trait and method resolution) can be useful. I do have concerns about the complexity of rust-semverver and how it is implemented. The issues on the issue tracker look somewhat concerning. OTOH, using rustdoc JSON could be much lighter weight and easier to handle. However, it looks to have some limitations. For example, I don't see a way to inspect macro definitions with it (which would be needed to see how they change). Also, it is not clear what trajectory it has for stabilization, which would be required here. It is not clear how far away that is. |
Agreed. We would need a way though for users to skip checking some parts of the API (if it doesn't already have it) since some items will be exposed only for the sake of macros and, depending on how things are setup, the author can break those as needed. This is also why I'm curious about using rust-analyzer for a base. It is working towards having the full power of the compiler but I'm assuming it doesn't prefer one set of conditional compilation settings but tracks all states the code can run in. If that is the case, then that would be the most ideal for such a tool.
Yes, for both approaches, becoming a rustup component (or included with one) would resolve the nightly issue. |
It's true that rustdoc JSON is somewhat limited — another thing it can't be used to check (AFAICT) is re-exports, since the JSON format doesn't seem to mention them at all: obi1kenobi/cargo-semver-checks#2 On the flip side, it seems that docs.rs is considering hosting the rustdoc JSON alongside the HTML docs when the JSON output is stabilized (rust-lang/docs.rs#1285) which would make checking even faster and more convenient in the common cases. For In my view, we don't want an "either-or" but an "and." We won't find a single solution that dominates all others. For example:
With the above in mind:
I'm also excited about the idea of making |
@matklad what are your thoughts on using rust-analyzer (internal or LSP API) as the data source for a cargo-semverver-like tool? In particular
|
Using rust-analyzer for semverver would give you a nice prototype, but woun't scale to production readiness, for two reasons:
So, there are two kinds of things you can do:
|
It would be nice if cargo can give you warnings when you try to publish a new version of a package that obviously breaks the API of a previous version.
An important but easily overlooked part of this would be whether a type is sendable etc.
The text was updated successfully, but these errors were encountered: