-
Notifications
You must be signed in to change notification settings - Fork 243
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid pruning unused dependencies for buf dep update
#2966
Conversation
buf dep update
buf dep update
Found something in testing today: when pulling in a new dependency that is not used yet, we do not pull in its transitive dependencies... I think this is expected/fine since you may not end up needing all transitive dependencies from the new dependency. But I wanted to note this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is right.
Co-authored-by: Saquib Mian <smian@buf.build>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good - two minor comments.
Co-authored-by: Philip K. Warren <pkwarren@users.noreply.github.com>
When running
buf mod update
, we want to include in thebuf.lock
depsthat have been configured in
buf.yaml
and may not be used yet. This is tosupport workflows where a user can configure a dependency and
buf dep update
before they use the newly configured dep in their proto definitions.
Prune
does the following things right now:buf.lock
buf.yaml
that are present inbuf.lock
The first step is necessary for
buf dep update
for tamper-proofing and validatingthe build. However, the latter two steps are unnecessary -- we want to keep
unused dependencies and their transitive dependencies, and since
dep update
gets the dependencies from
buf.yaml
and writes them intobuf.lock
, therewill not be dependencies present not from the
buf.yaml
, so that step is ano-op.
So instead of running
Prune
, we validate the build after the logic fordep udpate
and we log out the unused dependencies as a warning to the users (but we do not
remove them).