Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[hooks_runner] Remove package_graph.json fallback #2266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 5, 2025
Merged

[hooks_runner] Remove package_graph.json fallback #2266

merged 2 commits into from
May 5, 2025

Conversation

dcharkes
Copy link
Collaborator

@dcharkes dcharkes commented May 2, 2025

Both Dart and Flutter using this are on a version of pub that emits the package_graph.json.

@dcharkes dcharkes force-pushed the remove-package-graph-fallback branch from 7393159 to cce9322 Compare May 2, 2025 08:59
@dcharkes dcharkes force-pushed the remove-package-graph-fallback branch from cce9322 to f14d30d Compare May 2, 2025 08:59
@github-actions GitHub Actions
Copy link

github-actions bot commented May 2, 2025
edited
Loading

PR Health

API leaks ✔️

The following packages contain symbols visible in the public API, but not exported by the library. Export these symbols or remove them from your publicly visible API.

Package Leaked API symbols
License Headers ✔️ 
// Copyright (c) 2025, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
Files
no missing headers

All source files should start with a license header.

Unrelated files missing license headers
Files
pkgs/jni/lib/src/third_party/generated_bindings.dart
pkgs/objective_c/lib/src/ns_input_stream.dart

@dcharkes dcharkes requested a review from mosuem May 2, 2025 09:00
@dcharkes
Copy link
Collaborator Author

dcharkes commented May 2, 2025

@mosuem The breaking change check seems to fail on a dev path dependency.

Because code_assets depends on repo_lint_rules from path which doesn't exist (could not find package repo_lint_rules at "../repo_lint_rules"), version solving failed.
Error: Exception: Because code_assets depends on repo_lint_rules from path which doesn't exist (could not find package repo_lint_rules at "../repo_lint_rules"), version solving failed.

@mosuem
Copy link
Member

mosuem commented May 2, 2025

@mosuem The breaking change check seems to fail on a dev path dependency.

Because code_assets depends on repo_lint_rules from path which doesn't exist (could not find package repo_lint_rules at "../repo_lint_rules"), version solving failed.
Error: Exception: Because code_assets depends on repo_lint_rules from path which doesn't exist (could not find package repo_lint_rules at "../repo_lint_rules"), version solving failed.

That's WAI - published packages should not have path dependencies. If needed, use dependency overrides.

@dcharkes
Copy link
Collaborator Author

dcharkes commented May 2, 2025

@mosuem The breaking change check seems to fail on a dev path dependency.

Because code_assets depends on repo_lint_rules from path which doesn't exist (could not find package repo_lint_rules at "../repo_lint_rules"), version solving failed.
Error: Exception: Because code_assets depends on repo_lint_rules from path which doesn't exist (could not find package repo_lint_rules at "../repo_lint_rules"), version solving failed.

That's WAI - published packages should not have path dependencies. If needed, use dependency overrides.

Dev dependencies can be path dependencies, right?

@mosuem
Copy link
Member

mosuem commented May 5, 2025

I think a user should be able to download a package and run pub get without any errors. A path dev deps does not break a package usage, but restricts to "just" package usage. That does feel a bit wrong, and can lead to errors such as this one.

@dcharkes
Copy link
Collaborator Author

dcharkes commented May 5, 2025

I think a user should be able to download a package and run pub get without any errors. A path dev deps does not break a package usage, but restricts to "just" package usage. That does feel a bit wrong, and can lead to errors such as this one.

I don't believe this is true. If you "download" a package via git, you'll have all the other packages. If you "download" a package with pub get, you should not be doing pub get in the pub cache: you're not supposed to modify the pub cache. If you download the sources from a GitHub release, you have all the other packages. Why should a package be downloadable by itself? What use case is that for?

@mosuem
Copy link
Member

mosuem commented May 5, 2025

Why should a package be downloadable by itself? What use case is that for?

For example the API breakage check failing in this PR ;) Where we want to check if the current API is breaking compared to the old API. For this, we need to download the latest version of a package from pub, and compare it to the version in this PR. But if the one on pub is incomplete, this doesn't work anymore.

I could imagine other scenarios where people use pub.dev to download older versions. I think a package should be self-contained that way. Hosting on GitHub is an implementation detail, which I think we should not rely on.

@dcharkes
Copy link
Collaborator Author

dcharkes commented May 5, 2025
edited
Loading

Why should a package be downloadable by itself? What use case is that for?

For example the API breakage check failing in this PR ;) Where we want to check if the current API is breaking compared to the old API. For this, we need to download the latest version of a package from pub, and compare it to the version in this PR. But if the one on pub is incomplete, this doesn't work anymore.

I could imagine other scenarios where people use pub.dev to download older versions. I think a package should be self-contained that way. Hosting on GitHub is an implementation detail, which I think we should not rely on.

Hm, I think instead you need a dart pub get --no-dev-dependencies for this use case. I don't think you should be forced to publish code that is just used in tool/ or in the analysis_options.

I really don't want to publish pkgs/lints_only_for_this_repo!

@mosuem
Copy link
Member

mosuem commented May 5, 2025

Hmm, dart pub get --no-dev-dependencies sounds like a weird state to leave a package in, where some dependencies are resolved and other are not. It wouldn't even guarantee that the dependencies used in lib/ are resolved, just make it more likely.

I think if you publish a package, you should publish all it's dependencies. You can make them unlisted on pub if you want to. Or make them a git dependency or such - just don't hide it.

@jonasfj any thoughts?

@dcharkes dcharkes mentioned this pull request May 5, 2025
Open
@dcharkes
Copy link
Collaborator Author

dcharkes commented May 5, 2025

It wouldn't even guarantee that the dependencies used in lib/ are resolved, just make it more likely.

Well, that would break your package when when published and used in another package! We should actually add this as a health check: dart pub get --no-dev-dependencies && dart analyze lib/.

@dcharkes dcharkes merged commit 33a0cdd into main May 5, 2025
43 of 46 checks passed
@dcharkes dcharkes deleted the remove-package-graph-fallback branch May 5, 2025 07:34
@mosuem
Copy link
Member

mosuem commented May 5, 2025

That is indeed breaking, but should be covered by the depend_on_referenced_packages lint.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mosuem mosuem mosuem approved these changes

Assignees
No one assigned
Labels
package:code_assets package:data_assets package:hooks_runner package:hooks package:native_toolchain_c skip-breaking-check skip-changelog-check
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dcharkes @mosuem