Stamp every workspace crate in Cargo.lock (fix v0.21.0 release --locked failure)#249
Merged
Merged
Conversation
The release version-stamper hardcoded the workspace crate set to
{deslop, deslop-core, deslop-lsp, deslop-mcp}, so it left
deslop-test-support (the crate #247 added after v0.20.0) unstamped in
Cargo.lock. After stamping [workspace.package] version to the tag, that
crate's Cargo.lock entry stayed at 0.0.0-dev, so cargo build --release
--locked failed during the release Build job (the v0.21.0 failure).
Derive the set from the lock itself: every [[package]] block with no
`source` line is a workspace/path crate and is stamped. A newly added
workspace crate can no longer silently desync Cargo.lock from the
stamped Cargo.toml and break the release.
Regression test stamperStampsEveryWorkspaceCrateInLock asserts every
source-less Cargo.lock package is stamped (caught deslop-test-support
left at 0.0.0-dev before the fix). Verified locally: after stamping
0.21.0, cargo metadata --locked resolves cleanly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TLDR
Fix the release version-stamper so it stamps every workspace crate in
Cargo.lock— the hardcoded crate list omitteddeslop-test-support(added in #247) and broke the v0.21.0 release build withcargo build --release --locked.Details
The release pipeline stamps
[workspace.package] versioninCargo.tomlto the tag version, then runscargo build --release --locked.scripts/stamp-release-version.mjsalso rewrites the matchingCargo.lockentries — butreplaceLockVersionsused a hardcoded set{deslop, deslop-core, deslop-lsp, deslop-mcp}. Thedeslop-test-supportcrate added by #247 (after v0.20.0) was not in that set, so itsCargo.lockversion stayed0.0.0-devwhileCargo.tomlbecame0.21.0.--lockedthen refused to update the lock and the Build job failed in ~8s on every platform (error: cannot update the lock file ... because --locked was passed). v0.21.0 was the first release to include that crate, so it was the first to hit the latent bug.scripts/stamp-release-version.mjs: rewrotereplaceLockVersionsto derive the workspace set from the lock itself — every[[package]]block with nosource =line is a workspace/path crate and is stamped. Removed the now-dead hardcodedworkspacePackagesset. This is drift-proof: a newly added workspace crate can never again silently desyncCargo.lockfrom the stampedCargo.toml.No product code changes; release-infra only. No breaking changes.
How Do The Automated Tests Prove It Works?
scripts/test-release-version-stamping.mjs::stamperStampsEveryWorkspaceCrateInLockcopies the stamp inputs to a temp dir, runs the stamper, then parses the stampedCargo.lockand asserts every source-less[[package]](workspace/path crate) carries the stamped version. Before the fix it failed withworkspace crate deslop-test-support left at 0.0.0-dev; after the fix all four stamper tests pass. Because the assertion enumerates source-less crates from the lock rather than a fixed list, it will also catch the next crate addition.make deployment-verify(Makefile:217), whichmake ciinvokes.node scripts/stamp-release-version.mjs 0.21.0,deslop-test-supportis stamped to0.21.0inCargo.lockandcargo metadata --lockedresolves cleanly (the exact lock-resolution step that failed in the release), then the working tree was restored.