-
Notifications
You must be signed in to change notification settings - Fork 619
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
themis: publishable crates shouldn't depend on non-publishable ones #7707
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, it is a great feature to prevent us going through this check manually! Thanks!
} | ||
if !outliers.is_empty() { | ||
bail!(ComplianceError { | ||
msg: "These private packages are depended on by publishable packages".to_string(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The original message was hard to understand at the first glance, so I tried to rewrite it. What do you think?
msg: "These private packages are depended on by publishable packages".to_string(), | |
msg: "These private crates break publishable crates. Either make these private crates publishable or avoid using them in the publishable crates.".to_string(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, this makes sense. I, too, went through a couple of description iterations, the above happened to be the shortest with most clarity, but I agree that we don't need to optimize for length, so more descriptive (and in this case, suggestive) is good. If you can submit a PR to this effect, that'd be awesome.
…ublishable crates depend on private crates (#7720) The original message was hard to understand at a first glance. #7707 (comment)
…7707) #7680 bumped the version of non-private crates to `0.15.0`. Unfortunately, the publish process failed, because `near-o11y` which is marked as a private package, is depended on by `near-vm-logic`, which is a non-private crate. This adds a check to `themis`, to ensure we never get this kind of discrepancy merged into master. Example Report: <img width="498" alt="CleanShot 2022-09-27 at 19 53 10@2x" src="https://user-images.githubusercontent.com/16881812/192575063-93c35ffb-e01e-41d9-8d4a-2d904ae85409.png">
…ublishable crates depend on private crates (#7720) The original message was hard to understand at a first glance. #7707 (comment)
#7680 bumped the version of non-private crates to
0.15.0
. Unfortunately, the publish process failed, becausenear-o11y
which is marked as a private package, is depended on bynear-vm-logic
, which is a non-private crate.This adds a check to
themis
, to ensure we never get this kind of discrepancy merged into master.Example Report: