Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MSRV check to CI #465

Merged
merged 11 commits into from
Jan 31, 2025
Merged

Add MSRV check to CI #465

merged 11 commits into from
Jan 31, 2025
+2,321 −11

Conversation

danieleades
Copy link
Contributor

  • find MSRV and set in Cargo.toml
  • add an MSRV check to CI
  • add dependabot config
  • commit lockfile to version control for reproducible CI builds

@danieleades danieleades mentioned this pull request Dec 2, 2023
Closed
@helio-frota helio-frota mentioned this pull request Jun 3, 2024
Open
@tomhoule
Copy link
Member

Hi @danieleades ! I'm going to take on maintainership on this crate again more actively. Do you still want to discuss this? I've always had the mental model that Cargo.lock shouldn't be committed for libraries, but I need to update myself on the current best practices with MSRV.

@danieleades
Copy link
Contributor Author

Hi @danieleades ! I'm going to take on maintainership on this crate again more actively. Do you still want to discuss this? I've always had the mental model that Cargo.lock shouldn't be committed for libraries, but I need to update myself on the current best practices with MSRV.

there are several reasons to commit the lockfile for a library, some of which are laid out in this blog post.

Specifically for this project, it means that:

  1. different contributors have exactly the same local environment during development
  2. the CI environment is using exactly the same dependencies as local development
  3. you don't get inadvertent MSRV bumps due to the CI environment resolving newer dependencies than the local lock file
  4. cargo-deny results will match the pinned dependencies until the lock file is updated, not just what happened to get resolved at the time the job ran (this library isn't using cargo-deny yet but possibly should)

The only real downside is a bit more noise from dependabot, but i've added a job for automatically merging dependabot PRs for which all the jobs pass (requires enabling 'automerge' for PRs in the repository config)

Take a look at the config and see if it matches the behaviour you would want. For example I could also make minor updates monthly rather than on demand, etc.

tomhoule
tomhoule approved these changes Jan 31, 2025
View reviewed changes
Copy link
Member

@tomhoule tomhoule left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds completely reasonable. Let's not block this on me getting up to date, let's merge 👍 Thanks for your patience!

@tomhoule
Copy link
Member

Ah, there's a prettier check failing. I'd be ok with just removing that check for now.

@danieleades
Copy link
Contributor Author

Ah, there's a prettier check failing. I'd be ok with just removing that check for now.

not related to these changes anyway, i think

@danieleades
Copy link
Contributor Author

@tomhoule i've removed the prettier check

@tomhoule tomhoule merged commit d06dfff into graphql-rust:main Jan 31, 2025
11 checks passed
@danieleades danieleades deleted the msrv branch January 31, 2025 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomhoule tomhoule tomhoule approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danieleades @tomhoule