Cargo: proposed new rangeStrategy #28280
Replies: 2 comments 21 replies
-
Thanks for your thoughtful analysis. Trying to break this into some smaller pieces, we can go back to other parts later if necessary. If rangeStrategy=update-lockfile and there's an in-range update (e.g. from 1.2.3 to 1.2.4) then you should get a PR. Are you sure it's not because you had 1.2.4 in your lockfile, i.e. you're already updated? If you have 1.2.3 in Cargo.toml/lock and no update for a 1.2.4, please create a reproduction repo so we can treat that as a bug. Next, I think that rangeStrategy=auto should default to update-lockfile instead of bump for the cargo manager. i.e. update the locked version by default but not keep bumping the version in Cargo.toml |
Beta Was this translation helpful? Give feedback.
-
This change has caused unwanted churn for me ;(
Updating I suggest at least don't bump |
Beta Was this translation helpful? Give feedback.
-
What would you like help with?
Other
How are you running Renovate?
Self-hosted
If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.
GitHub, 37.280.0
Please tell us more about your question or problem
Hi -- we have a Renovate setup going over at Oxide for our Rust and npm dependencies, and we really love it!
I have:
Context
Oxide is a Rust-heavy company, though we also use npm/JavaScript in a few places. I'm going to focus on Rust in this discussion because that's what I'm most familiar with.
We sometimes specify Rust dependencies in this fashion:
And we almost always check in
Cargo.lock
as well.(Note that for Cargo, "0.4" actually means "~0.4", and "2" or "2.0" means "^2.0.0".)
A thing we've observed is that by default, we don't get Renovate PRs for updates if the full version (x.y.z) isn't specified. So, for example, we currently have
chrono 0.4.34
in one of our repos, but haven't gotten a PR to update to version 0.4.37.I did some testing and it looks like there's an "update-lockfile" strategy that does achieve this goal. But that can't be globally specified because if a full version
x.y.z
is specified inCargo.toml
, then that doesn't get bumped with this strategy.This is easiest to summarize in a table. Below, we assume that version
x.y.z
is being updated tou.v.w
, where the versions may be compatible or incompatible (e.g.u
may be the same asx
, or not.)rangeStrategy
Cargo.lock
Cargo.toml
bump
x
orx.y
bump
x
orx.y
u
oru.v
respectivelybump
x.y.z
u.v.w
bump
x.y.z
u.v.w
update-lockfile
x
orx.y
update-lockfile
x
orx.y
u
oru.v
respectivelyupdate-lockfile
x.y.z
update-lockfile
x.y.z
u.v.w
As a workaround, we've come up with a hybrid strategy. This strategy makes it so that if versions are specified as
x
orx.y
, then we use theupdate-lockfile
strategy. Otherwise, we use the bump strategy. We've implemented this via a regex, see this config.For the hybrid strategy, we have:
rangeStrategy
Cargo.lock
Cargo.toml
x
orx.y
x
orx.y
u
oru.v
respectivelyx.y.z
u.v.w
x.y.z
u.v.w
And this strategy works well enough. But ideally, we actually want to always change the version in
Cargo.toml
. In other words, we would like to have this strategy:rangeStrategy
Cargo.lock
Cargo.toml
x
orx.y
u.v.w
x
orx.y
u.v.w
x.y.z
u.v.w
x.y.z
u.v.w
To the best of my knowledge, this desired strategy does not exist -- I couldn't find a set of flags which would enforce the strategy.
Questions
Based on the above discussions, I have a few questions:
rangeStrategy
options?I hope the above description is detailed enough. Always happy to provide more details!
Other notes
A repo where I ran some tests is at https://github.com/sunshowers/renovate-test. This test repo uses the hybrid strategy, and you can see the results in the list of PRs.
The periodic
lockFileMaintenance
job sadly hasn't been working for us because it's all-or-nothing: there are some newer versions of deps that are compatible and some that aren't (particularly git deps), so updating them one-by-one is necessary.Again, I want to say that Renovate is incredibly cool and we overall love our setup. I hope this request can help improve things for all Renovate users.
Logs (if relevant)
Logs
Here's an example log for the repo linked above:
https://github.com/sunshowers/renovate-test/blob/main/example.log
I ran this with
Beta Was this translation helpful? Give feedback.
All reactions