Clarify stance on legacy support #328
Comments
|
With the benefit of time and sleep I've rethought through why and how we will support legacy projects. In short, the registry has little ability to support legacy projects. But as PureScript maintainers we can take action elsewhere to keep the experience smooth. Below, I've proposed everything I think we can do to support these projects. Before I go on, I should clarify what I mean by a "legacy" project. From the registry's perspective, a legacy project is any package without a What does it mean to "support" a legacy project? We want these projects to be able to publish to the new registry without dropping their current package manager or registry. We also want a smooth migration path for their current package manager to switch to the new registry. There are only three places where we can provide this support, and the registry can provide only one:
The registry is only relevant to publishing packages. Maintaining package managers and other registries are not its responsibility. But as PureScript maintainers, it's our responsibility. So -- what support can we realistically provide? Publishing The publishing process is the same for all packages: open an issue on GitHub with an addition or update. We will fetch and upload your package. From the registry's perspective, a 'legacy' and a 'new' project differ only in the existence of a Outside the registry, we can go a step further. Pulp and Spago users won't be able to use the registry, but we could still provide a command that opens the GitHub issue for them. It would be a 'legacy publish' workflow. It could also generate a Package Managers & Existing Registries PureScript projects are either Pulp + Bower or Spago + package sets. None of these projects will be able to use the new registry, so there's nothing to update. Still, we need to take some care to ensure these users aren't hurt by the new registry. With a new registry available, package authors may drop Bower support for their package. There's also no obligation to release any more package sets in the legacy format. Both of these would result in Pulp or Spago users losing access to packages over time. As far as Bower goes -- we have no control over whether library authors choose to keep or drop Bower support, so this one is out of our hands. (We could force packages to have Bowerfiles when publishing to the registry, but I am against it. If others disagree then I can explain my reasoning.) Yet we are maintainers of two hundred or so libraries across the PureScript organizations. We can and should maintain Bowerfiles in those libraries to minimize the inconvenience to Bower users. As far as the package sets, we have already committed to mirroring the new package sets back to the Those actions are about all we can do to ensure the new registry doesn't reduce packages available in other registries. We also need to update package managers to help users publish their legacy packages, as described in the "Publishing" section above. Package Managers & The New Registry Of course, package managers won't always be in legacy mode. Spago and Pulp can both be updated to use the new registry proper -- generating With all this in mind, I think our path forward should be this:
This covers the publishing side. What about existing registries / package sets?
And what about current package managers?
Package managers should use the new registry in their new versions, but this isn't necessary right away, so I'm not listing it. |
|
@thomashoneyman this is all great! 👏 A couple of notes:
|
|
It's been quite a while since we've talked about this issue, but from what I can tell this is a little out of date. Some things have happened:
We still have a blocker in that as soon as we allow monorepos, the subdir key, and non-GitHub providers then bower, old spago, pulp, and package set mirroring will all end. However, we're well past the window of intended legacy support for bower and I think we should feel free to implement those changes as soon as we want to. In other words, there is no more guaranteed legacy support, though we haven't decided when it will actually end. Given that there is no active work to build the needed support for monorepos / non-GitHub into the compiler / Pursuit, this will probably be the situation for a long time. Things are pretty much ready to go on the registry side. |
I think there is active work here. The work on |
|
I see. If that's intended to become the next iteration of Pursuit then indeed there is work being done! In that case, I'm happy to hear it, and I'd like to join any conversations around building monorepo / non-GitHub support into the next iteration of Pursuit. We'll still need changes on the compiler side / Still, I think that we're well within our rights at this point to terminate legacy support once we have implemented those changes and are ready to deploy a new Pursuit. |
|
Yes to all of this, and I think the So the dependency goes: By now I forgot what |
|
Just took a quick look and I think we probably could produce the format outside of And the You can see that tools like pulp just push that off to Pursuit directly, first by gzipping the json they got: ...and then uploading it. So I do think that so long as we can produce this same 'Package' type with the same JSON encoding then we could bypass If we can replicate this function then we can likely replace These are the checks done — for example, this GitHub-only restriction on the package: This module describes various errors purs publish checks for: The actual publishing process runs these checks to eventually produce a 'package': |
|
@JordanMartinez the work on |
|
@thomashoneyman I'm not entirely sure. While I started working on Pursuit stuff, I turned my focus towards Spago because of the issues I ran into when using it for the new Pursuit. Plus, I figured getting the new Spago out sooner would be better overall before using it for the new Pursuit. The Pursuit work was being done privately, but I've made what I have done public here: https://github.com/JordanMartinez/purescript-pursuit As for what the compiler and |
|
The registry already does everything that For the Pursuit part specifically, see: registry-dev/app/src/App/API.purs Lines 961 to 965 in 75a83b6 With this in mind, I think we could focus on a) producing the package format Pursuit requires here in the registry and removing the call to |
|
A little more detail — here's an example of the specific output By far the bulk of the information is at the The rest of the JSON object for effect-4.0.0 looks like this, with comments indicating how we get each piece of information from the existing package manifest, metadata entry, or another source: {
// We always set the uploader to 'pacchettibotti'
"uploader": "JordanMartinez",
// This is a Bower file format; we can easily produce one from a Manifest.
"packageMeta": {
// Manifest.location
"homepage": "https://github.com/purescript/purescript-effect",
// Manifest.location
"repository": {
"url": "https://github.com/purescript/purescript-effect.git",
"type": "git"
},
// Manifest.excludeFiles potentially, or omit this altogether since Pursuit doesn't use it
"ignore": [ "bower_components" ],
// Manifest.dependencies, with 'purescript-' prepended to each one
"dependencies": { "purescript-prelude": "^6.0.0" },
// Manifest.name, with 'purescript-' prepended
"name": "purescript-effect",
// Manifest.license in an array singleton
"license": ["BSD-3-Clause"]
},
// Metadata.publishedTime
"tagTime": "2022-04-27T14:04:24+0000",
// Every object in this array is the same as the contents of a docs.json in output, ie. output/Effect/docs.json;
// we require all packages compile so we can always get the docs.
"modules": []
// When we publish a package we produce exact resolutions so we can reuse those
// or set this to an empty object if Pursuit doesn't use it
// https://github.com/purescript/registry-dev/blob/f68685892062f68f3d697e59a95c4d836c1d5170/app/src/App/API.purs#L683
"resolvedDependencies": { "purescript-prelude": "6.0.0" },
// Manifest.version
"version": "4.0.0",
// Manifest.location, filtered to only accept the GitHub location type, until Pursuit can accept more
"github": ["purescript", "purescript-effect"],
// Metadata.ref, until Pursuit stops requiring Git tags
"versionTag": "v4.0.0",
// We can easily do this with the existing associateModules function
// https://github.com/purescript/registry-dev/blob/f68685892062f68f3d697e59a95c4d836c1d5170/lib/src/PursGraph.purs#L64
//
// and indeed we already do this in the publishing process for legacy packages
// https://github.com/purescript/registry-dev/blob/f68685892062f68f3d697e59a95c4d836c1d5170/app/src/App/API.purs#L613
"moduleMap": {
"Data.BooleanAlgebra": "purescript-prelude",
"Data.Ring": "purescript-prelude",
"Data.Semigroup.Generic": "purescript-prelude",
"Data.Monoid.Generic": "purescript-prelude"
},
// The compiler version is required in the publishing process so we can reuse it
"compilerVersion": "0.14.5"
}In other words, once we have solved and compiled the package we're publishing, we have all the information we need to also produce the JSON payload Pursuit expects for publishing. We can bypass |
|
@JordanMartinez perhaps a Pursuit rewrite in PureScript could have a core module that exposes this 'publish' type, which the registry could import and use in the application. Similar to how spago-core imports the registry library ( |
|
(Turns out I wasn't quite right, because the |
The PureScript registry is built to support packages using the new manifest format in a
.purs.jsonfile. However, we also support importing legacy packages from bower (#215), and the API supports adding new versions of legacy packages via thelegacyflag:https://github.com/purescript/registry/blob/d69c9baf804fb7040881a5c388c2926643393bb4/v1/Operation.dhall#L10-L11
However, the spec doesn't include any mention of what support we do and do not have for "legacy" (ie. Bower or Spago pre-registry) packages. We need to clarify this.
The registry will provide some support for legacy packages for at least the first year of operation. Registry support only means that we guarantee legacy packages can be added to the registry; we do not guarantee that registry packages remain compatible with legacy package managers like Bower. We do, however, guarantee support for older versions of Spago. In practice this means that we will preserve the existing package sets repository and continue publishing package sets usable with older versions of Spago there.
A legacy package is defined as a package that is published without a
.purs.jsonmanifest file, and it can be one of two things: a project containing abower.jsonfile, or a project containing aspago.dhallfile and accompanyingpackages.dhall(ie. a Spago file using a configuration format pre-registry -- not the new proposed Spago format).A legacy package can be uploaded to the registry via an
AdditionorUpdateoperation by settinglegacy: true. Setting the legacy flag means that the registry will:bower.json,spago.dhall, andpackages.dhallfiles, in order to create a.purs.jsonmanifest for the package.purs.jsonfile in the resulting package tarball.purs.jsonfile to publish the package version to the package setsLegacy packages cannot use monorepo setups because their version is parsed from the
refprovided in the addition or update operation. Attempting to upload legacy packages via a monorepo setup will fail.@f-f I do need your help understanding exactly what has to happen to guarantee the
packages.dhallfile in the package-sets repo remains compatible with old Spago clients for the next year, even as we're publishing package sets using the new package sets format in the registry. This may need its own issue to track backwards-compatible mirroring from the registry to the package sets repo.The text was updated successfully, but these errors were encountered: