Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: merge purls from matching records in lock-file #965

Merged
merged 8 commits into from
Dec 5, 2024
Merged

fix: merge purls from matching records in lock-file #965

merged 8 commits into from
Dec 5, 2024

Conversation

baszalmstra
Copy link
Collaborator

When two packages are added or read from a v5 lock-file they are deduplicated. However, even though the packages may refer to the same package, they might include optional fields like purls. This PR merges these optional fields from deduplicated records before building or deserializing lock-files.

I added two tests:

  1. A v5 lock-file with two similar records where one has purls and the other doesnt.
  2. Building a lock-file through the API will deduplicate the package data but merge the purls.

I believe this does not need a bump of the lock-file format because this only adds data that was already read correctly but was not properly serialized/constructed.

@baszalmstra baszalmstra mentioned this pull request Dec 4, 2024
Closed
2 tasks
nichmor
nichmor reviewed Dec 5, 2024
View reviewed changes
crates/rattler_lock/src/parse/deserialize.rs
build == &conda_package.record().build
}) && subdir.as_ref().map_or(true, |subdir| {
subdir == &conda_package.record().subdir
all_packages
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small request: could we please add a comment what this part of branching is doing?

nichmor
nichmor reviewed Dec 5, 2024
View reviewed changes
crates/rattler_lock/src/builder.rs

#[test]
fn test_merge_records_and_purls() {
let record = PackageRecord {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small suggestion for the test:

maybe we could test here that indeed a package with purl will win in case of merging with one that doesn't have purl.
This is my idea:

crates/rattler_lock/src/builder.rs

#[test]
fn test_merge_records_and_purls() {
let record = PackageRecord {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let record = PackageRecord {
let mut record = PackageRecord::new(
PackageName::new_unchecked("foobar"),
Version::from_str("1.0.0").unwrap(),
"build".into(),
);
let mut record_without_purl = PackageRecord::new(
PackageName::new_unchecked("foobar"),
Version::from_str("1.0.0").unwrap(),
"build".into(),
);
record.purls = Some(
vec![
"pkg:pypi/foobar@1.0.0".parse().unwrap(),
]
.into_iter()
.collect(),
);
let record = PackageRecord {
subdir: "linux-64".into(),
..record
};
let record_without_purl = PackageRecord {
subdir: "linux-64".into(),
..record_without_purl
};

crates/rattler_lock/src/builder.rs Outdated
"foobar",
Platform::Linux64,
CondaBinaryData {
package_record: PackageRecord {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
package_record: PackageRecord {
package_record: record_without_purl,

crates/rattler_lock/src/builder.rs
.into(),
)
.finish();
insta::assert_snapshot!(lock_file.render_to_string().unwrap());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so the snapshot will be like this:

---
source: crates/rattler_lock/src/builder.rs
expression: lock_file.render_to_string().unwrap()
---
version: 6
environments:
  default:
    channels: []
    packages:
      linux-64:
      - conda: https://prefix.dev/example/linux-64/foobar-1.0.0-build.tar.bz2
  foobar:
    channels: []
    packages:
      linux-64:
      - conda: https://prefix.dev/example/linux-64/foobar-1.0.0-build.tar.bz2
packages:
- conda: https://prefix.dev/example/linux-64/foobar-1.0.0-build.tar.bz2
  arch: x86_64
  platform: linux
  channel: null
  purls:
  - pkg:pypi/foobar@1.0.0

which will give us confidence that we indeed merge purls , even when the package is in different environments

@baszalmstra
Copy link
Collaborator Author

@nichmor I added all your feedback, let me know what you think!

nichmor
nichmor reviewed Dec 5, 2024
View reviewed changes
Copy link
Contributor

@nichmor nichmor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like it!

@ruben-arts
Copy link
Collaborator

Just tested the branch on pixi and it fixes it! Thanks!

@baszalmstra baszalmstra merged commit a8082a6 into conda:main Dec 5, 2024
15 checks passed
This was referenced Dec 5, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nichmor nichmor nichmor left review comments

@wolfv wolfv Awaiting requested review from wolfv

@ruben-arts ruben-arts Awaiting requested review from ruben-arts

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@baszalmstra @ruben-arts @nichmor