-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support opam lock file #166
Comments
In addition to adding an input, one idea is to expose |
That would be a breaking change for everyone who already has a lock file in the repository but doesn't use it for CI with the current behavior. Especially since it would also interact poorly with And having the default behavior change by presence of the lock file makes it more annoying to test a matrix of OCaml versions because then one has to similarly specify An additional input with unchanged default behavior wouldn't require a new major release. Also this touches on a related issue with lock files: since the lock file specifies an OCaml version, it would be nice of |
Another alternative would simply be to turn off the |
Fair enough. It would indeed be easier to add lock file usage into the advanced configuration examples than engineer a new input to the action. But if the core purpose of the action is to provide opam, then making the |
I'm trying to set up a workflow that uses the dependencies specified by an
.opam.locked
file in the repository instead of using the unlocked.opam
file directly. However this silently doesn't work correctly since theopam-pin
input of the action causes the local package to be pinned unlocked. A subsequent job stepopam install . --deps-only --locked
therefore doesn't install the locked dependencies but the pinned unlocked ones, despite the--locked
argument.I think there are currently two workarounds:
Make
opam-pin
input use lock file using environment variable by adding the following to this action's step:Disable
opam-pin
, such that installing with--locked
actually uses the lock file? In my case this seems to make theopam-depext
substep fail because it's then trying to install the depexts for the package with the same name actually published in opam repository, which is outdated and incompatible with the development version to run the workflow on.Even if it were compatible, it wouldn't still install depexts for locked depopts.
Maybe it makes sense to have an
opam-locked
input to this action (defaulting tofalse
), which would properly make this action consider the opam lock file without having to manipulate the environment and still allowopam-pin
andopam-depext
substeps to work as expected.Currently it can be surprising that even by using
--locked
in a subsequent step, the lock file isn't actually used and the reproducibility of the reproducible build isn't thus checked. Also this subtlety with opam lock files isn't mentioned in the README, so one has to dig deep to realize this.The text was updated successfully, but these errors were encountered: