-
-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update nextest to 0.9.57 #178
Comments
(Separately, I'd like us to also figure out a way to quickly yank bad versions from the install-action.) |
Upstream cargo-nextest shipped a broken version v0.9.56 [0], which is now yanked, and superseded by v0.9.57. The GHA installer, however, hasn't updated yet [1], so using a temporary workaround to unbreak CI. The cargo-nextest maintainer has been lighting fast and extremely communicative, so let's check back on the GHA issue later on, at which point we can drop this empty file. [skip ci] [0] nextest-rs/nextest#926 [1] taiki-e/install-action#178
Update is done, just waiting for a new release. |
P.S. all updates are automatic created by GHA, so there's no need to opening an issue manually since we won't miss it. You can have relax knowning that this repository will always keep them up to date! Thank you for openin this issue. |
@NobodyXu, thanks. I think it's just a matter of urgency -- once an update has been yanked on crates.io (which was done within 5-10 minutes), it would be nice if the action no longer tried to fetch that version. |
Unfortunately the latest version info and checksum is hardcoded into the crate, so it requires a new release. |
In terms of this, cargo-binstall can indeed fetch the latest version since it does not hardcode anything. |
Published in 2.13.5. |
Thanks for all your hard work maintaining the action, Taiki! |
I think it is possible to fetch the crates.io API during manifest generation to prevent the yanked version from being selected as a candidate for the latest or omitted version. This is not likely to very help this case, where the problem was resolved very quickly on the nextest side, since it is not reflected until the manifest update is released, but it would be helpful if the fix is not released quickly. It will also make the way described below more efficient. I think it is also possible to fetch the crates.io API during installation and install the older version if the version is yanked (unless that version is explicitly specified). This could be implemented by adding a field to the manifest that makes fetching the older version easier, such as "previous_stable_version", and a field that indicates whether we want to fetch crates.io's API, such as "is_rust_crate", and code on the action side to fetch crates.io's API and select the version. |
In that scenario, won't it be easier to just use The resolution speed for We can fix the resolution speed for other crates supported in taiki-e/install-action by simply providing |
Even if we fall back to cargo-binstall, we need to know if the tool is rust crate and if the version is yanked to select whether to fallback to cargo-binstall, right? And if so, then at that point, the install-action side has most of the information needed to handle that without falling back to the cargo-binstall. |
I was thinking that perhaps we don't need to hard-code so many crates in taiki-e/install-action and can instead let |
I'd totally be open to this, as long as existing users don't break (note that |
Well, this effectively means downgrading nextest's support status, so it will take longer to install, one of its security features will no longer be supported, and there is an increased chance of encountering network errors. There is no problem with the alias handling either way. |
Yeah unfortunately it will be a little bit slower, since taiki-e/install-action would have to install Installing It will also support fallback to other target (gnu => musl, aarch64-apple-darwin => universal and x86_64, aarch64-pc-windows-msvc => x86_64). I'd admit though that I am biased towards
If you are referring to checksum, then yeah this is a feature that isn't supported but planned cargo-bins/cargo-binstall#440 cargo-bins/cargo-binstall#1 One of the issue is that checksum and the pre-built artifacts are often stored together on GitHub Release, so it can be modified. We are thinking about supporting sigstore which use public-private key-pair and other schema.
Yes, it will certainly increase the probability of network errors due to target fallback. |
Yeah, it would be ideal to make a data-driven decision about the rate of network failures (compared to eg the disruption from wide-scale outages of the sort GH has regularly) but I don't think we have that data. I think on balance I think I lean towards binstall, and I wouldn't necessarily consider it a downgrade personally. (The checksum issues should eventually be solved in binstall I agree, and I'm excited for whatever sigstore-based solution they come up with) |
Hi @taiki-e -- could you update nextest to 0.9.57? 0.9.56 has a bad bug and I needed to yank it. Thanks!
The text was updated successfully, but these errors were encountered: