From ef636e89e25724c234122633a2bbf1c6fbfad2a2 Mon Sep 17 00:00:00 2001 From: Fred Bittencourt Date: Fri, 5 Jul 2024 10:09:25 +0200 Subject: [PATCH] implement lockfile update --- src/resolver.rs | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/src/resolver.rs b/src/resolver.rs index 1c37fe10..3699039f 100644 --- a/src/resolver.rs +++ b/src/resolver.rs @@ -150,14 +150,6 @@ impl DependencyGraph { cache: &Cache, ) -> miette::Result { if let Some(local_locked) = lockfile.get(&dependency.package) { - ensure!( - dependency.manifest.version.matches(&local_locked.version), - "dependency {} cannot be satisfied - requested {}, but version {} is locked", - dependency.package, - dependency.manifest.version, - local_locked.version, - ); - ensure!( is_root || dependency.manifest.registry == local_locked.registry, "mismatched registry detected for dependency {} - requested {} but lockfile requires {}", @@ -166,10 +158,14 @@ impl DependencyGraph { local_locked.registry, ); - if let Some(cached) = cache.get(local_locked.into()).await? { - local_locked.validate(&cached)?; - - return Ok(cached); + // For now we should only check cache if locked package matches manifest, + // but theoretically we should be able to still look into cache when freshly installing + // a dependency. + if dependency.manifest.version.matches(&local_locked.version) { + if let Some(cached) = cache.get(local_locked.into()).await? { + local_locked.validate(&cached)?; + return Ok(cached); + } } let registry = Artifactory::new(dependency.manifest.registry.clone(), credentials) @@ -179,7 +175,9 @@ impl DependencyGraph { })?; let package = registry - .download(dependency.with_version(&local_locked.version)) + // fetch the version using manifest directly. This works now + // because buffrs only supports pinned versions + .download(dependency.clone()) .await .wrap_err(DownloadError { name: dependency.package,