The following RFC aims to implement lock file support for Nimble. This is being tracked in issue 127 but this proposal is a simpler variation.
Intro:
lock mode
will be enabled by a flag innimble.ini
- Since it is a new feature, this will reduce impact on the existing user base
- It can be turned on by default in the future when stable enough
- Lock information will be stored in
$prj/nim.cfg
- Nimble will append autogenerated section if existing
- Nimble will update when any dep changes occur
- Nimble will consume when having to install deps
- Nim will consume per usual
Lock file format:
- Separate section in
$prj/nim.cfg
maintained by Nimble - Nimble related metadata will be stored as nim comments
- E.g.
# Nimble autogenerated start
--noNimblePath
# url = https://...
# checksum = xyzxyz
--path:$nimbleDir/pkgs/package-1.0.0
# Nimble autogenerated end
- Format currently includes package name, version, url and checksum
- Nimble does not store source control hashes so that's not being considered for now
Nimble changes:
- Add code to write and read back from
$prj/nim.cfg
- After any package install
- Calculate and store checksum in either nimblemeta.json or a new file in pkg root
processDeps()
- Get packages from
.nimble
file - If
$prj/nim.cfg
exists- Get package versions from cfg file
- For each package in
.nimble
requires- If package locked version exists
- Install specific version of package if not already in
~/.nimble
- Install specific version of package if not already in
- Else
- Install package using standard workflow today
- Remember package version installed
- Set create flag
- If package locked version exists
- If create flag set, create/update
$prj/nim.cfg
- Get packages from
nimble install
- use updatedprocessDeps()
workflownimble install url|pkg
- run same workflow as todaynimble uninstall pkg
- remove package per usualnimble build | docs | c | run
- Use updated
processDeps()
workflow - Run Nim without
--path:
flags
- Use updated
nimble develop
- use updatedprocessDeps()
workflow- Impacted by
develop --all
RFC - TBD
- Impacted by
Nim required changes:
- Replace instances of $nimbleDir in
--path:$nimbleDir/xyz
with path to OS specific Nimble directory - Once lock files are always on and the only way to use Nimble, as part of issue 654
- Deprecate and eventually remove
--NimblePath
and--cleanNimblePath
- Remove code that searches packages in
NimblePath
- Deprecate and eventually remove
No changes:
- Dependencies will need to be added to the
.nimble
file in therequires
section per usual to get installed and included in$prj/nim.cfg
- Once nimble can update the
.nimble
filerequires
section automatically in the future during install/uninstall, the lock file can get auto-updated as well
- Once nimble can update the
Other issues addressed:
- Project isolation - issue 131
- Since lock files point to specific versions, changes due to other projects will not matter
- If someone does remove a dependency, it can be reinstalled with one of the nimble commands that runs
processDeps()
- Reducing Nim's knowledge of Nimble - issue 654
Other issues expecting fix via lock files - not solved yet:
- Nimble develop of http package - issue 543
- Nimble does not currently save sufficient info about packages to know for sure
- Skip dep checks - issue 589
- Nimble will still run
processDeps()
- unclear if lock file will be faster
- Nimble will still run
Notes:
- Does not include
strictMode
in original issue proposal - URL is simply base URL to project and no commit hash - Nimble does not store this info today
It is step 1 in implementing lock files. It is turned off by default in nimble.ini and can be enhanced over time so as not to disrupt the community. Second, it is only relevant when you want lock files. If not, you still have the status quo. There is no workflow change if you don't want lock files. And if you want it, it is a new workflow anyway.
It charts a way to get there. Paths lock versions for you and that's all we have today. Nimble does not store enough data in its database to get a 100% solution in step 1.
Agreed 100% it isn't pretty but a lock file does not have to be user facing. Why does the format matter if it functions correctly? It isn't ideal for sure but neither is adding more complexity into the tool for some ideal. The legacy is a
.nimble
and anim.cfg
so I'm trying to capitalize on that.These people are showing willingness to using Nimble to setup their lock files before using Nim. Instead of recognizing that concession, you want them to change their workflows altogether. Why is
nimble setup
a bad idea when it can encourage more Nimble adoption?Diversity is a fact of life. You can adapt it into Nimble or leave it for others to deal with. In either case, both will continue to exist.