visus
/
dds
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
776 Commits
6 Branches
Branch: main
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'main'
${ noResults }
dds/docs/guide/interdeps.rst

247 lines
8.6KB
Raw Permalink Blame History 

  1. .. highlight:: yaml

  2. 

  3. Library and Package Dependencies

  4. ################################

  5. 

  6. ``dds`` considers that all libraries belong to a single *package*, but a single

  7. package may contain one or more *libraries*. For this reason, and to better

  8. interoperate with other build and packaging tools, we consider the issues of

  9. package dependencies and library dependencies separately.

  10. 

  11. 

  12. .. _deps.pkg-deps:

  13. 

  14. Package Dependencies

  15. ********************

  16. 

  17. Consider that we are creating a package ``acme-gadgets@4.3.6``. We declare the

  18. name and version in the ``package.json5`` in the package root:

  19. 

  20. .. code-block:: js

  21. 

  22.     {

  23.         name: 'acme-gadgets',

  24.         version: '4.3.6',

  25.         namespace: 'acme',

  26.     }

  27. 

  28. .. note::

  29.     The ``namespace`` field is required, but will be addressed in the

  30.     :ref:`deps.lib-deps` section.

  31. 

  32. Suppose that our package's libraries build upon the libraries in the

  33. ``acme-widgets`` package, and that we require version ``1.4.3`` or newer, but

  34. not as new as ``2.0.0``. Such a dependency can be declared with the ``depends``

  35. array:

  36. 

  37. .. code-block:: js

  38.     :emphasize-lines: 5-7

  39. 

  40.     {

  41.         name: 'acme-gadgets',

  42.         version: '4.3.6',

  43.         namespace: 'acme',

  44.         depends: [

  45.             'acme-widgets^1.4.3',

  46.         ],

  47.     }

  48. 

  49. .. seealso:: :ref:`deps.ranges`.

  50. 

  51. If we wish to declare additional dependencies, we simply declare them with

  52. additional ``depends`` items:

  53. 

  54. .. code-block::

  55.     :emphasize-lines: 7-8

  56. 

  57.     {

  58.         name: 'acme-gadgets',

  59.         version: '4.3.6',

  60.         namespace: 'acme',

  61.         depends: [

  62.             'acme-widgets^1.4.3',

  63.             'acme-gizmos~5.6.5',

  64.             'acme-utils^3.3.0',

  65.         ],

  66.     }

  67. 

  68. When ``dds`` attempts to build a project, it will first build the dependency

  69. solution by iteratively scanning the dependencies of the containing project and

  70. all transitive dependencies.

  71. 

  72. 

  73. .. _deps.ranges:

  74. 

  75. Compatible Range Specifiers

  76. ===========================

  77. 

  78. When specifying a dependency on a package, one will want to specify which

  79. versions of the dependency are supported.

  80. 

  81. .. note::

  82.     Unlike other packaging tools, ``dds`` will find a solution with the

  83.     *lowest* possible version that satisfies the given requirements for each

  84.     package. This decision is not incidental: It's entirely intentional.

  85.     Refer to: :ref:`deps.ranges.why-lowest`.

  86. 

  87. ``dds`` compatible-version ranges are similar to the shorthand range specifiers

  88. supported by ``npm`` and ``npm``-like tools. There are four version range kinds

  89. available, listed in order of most-to-least restrictive:

  90. 

  91. Exact: ``@1.2.3``

  92.     Specifies an *exact* requirement. The dependency must match the named

  93.     version *exactly* or it is considered incompatible.

  94. 

  95. Minor: ``~1.2.3``

  96.     Specifies a *minor* requirement. The version of the dependency should be

  97.     *at least* the given version, but not as new or newer than the next minor

  98.     revision. In this example, it represents the half-open version range

  99.     ``[1.2.3, 1.3.0)``.

  100. 

  101. Major: ``^1.2.3``

  102.     Specifies a *major* requirement. The version must be *at least* the same

  103.     given version, but not any newer than the the next major version. In the

  104.     example, this is the half-open range ``[1.2.3, 2.0.0)``.

  105. 

  106.     .. note::

  107.         This is the recommended default option to reach for, as it matches the

  108.         intended behavior of `Semantic Versioning <https://semver.org>`_.

  109. 

  110. At-least: ``+1.2.3``

  111.     Specifies an *at least* requirement. The version must be *at least* the

  112.     given version, but any newer version is acceptable.

  113. 

  114. A dependency string is simply the name of the package with the range suffix appended.

  115. 

  116. 

  117. .. _deps.ranges.why-lowest:

  118. 

  119. Why Pull the *Lowest* Matching Version?

  120. ---------------------------------------

  121. 

  122. When resolving dependencies, ``dds`` will pull the version of the dependency

  123. that is the lowest version that satisfies the given range. In most cases,

  124. this will be the same version that is the base of the version range.

  125. 

  126. Imagine a scenario where we *did* select the "latest-matching-version":

  127. 

  128. Suppose we are developing a library ``Gadgets``, and we wish to make use of

  129. ``Widgets``. The latest version is ``1.5.2``, and they promise Semantic

  130. Versioning compatibility, so we select a dependency statement of

  131. ``Widgets^1.5.2``.

  132. 

  133. Suppose a month passes, and ``Widgets@1.6.0`` is published. A few things

  134. happen:

  135. 

  136. #. Our CI builds now switch from ``1.5.2`` to ``1.6.0`` *without any code

  137.    changes*. Should be okay, right? I mean... it's still compatible, yeah?

  138. #. Bugs in ``Widgets@1.6.0`` will now appear in all CI builds, and won't be

  139.    reproducible locally unless we re-pull our dependencies and obtain the

  140.    new version of ``Widgets``. This requires that we be conscientious enough to

  141.    realize what is actually going on.

  142. #. Even if ``Widgets@1.6.0`` introduces no new bugs, a developer re-pulling

  143.    their dependencies will suddenly be developing against ``1.6.0``, and may

  144.    not even realize it. In fact, this may continue for weeks or months until

  145.    *everyone* is developing against ``1.6.0`` without realizing that they

  146.    actually only require ``1.5.2`` in their dependency declarations.

  147. #. Code in our project is written that presupposes features or bugfixes added

  148.    in ``1.6.0``, and thus makes the dependency declaration on ``Widgets^1.5.2``

  149.    a *lie*.

  150. 

  151. Pulling the lowest-matching-version has two *huge* benefits:

  152. 

  153. #. No automatic CI upgrades. The code built today will produce the same result

  154.    when built a year from now.

  155. #. Using a feature/fix beyond our minimum requirement becomes a compile error,

  156.    and we catch these up-front rather than waiting for a downstream user

  157.    discovering them for us.

  158. 

  159. 

  160. *Isn't this what lockfiles are for?*

  161. """"""""""""""""""""""""""""""""""""

  162. 

  163. Somewhat. Lockfiles will prevent automatic upgrades, but they will do nothing

  164. to stop accidental reliance on new versions. There are other useful features

  165. of lockfiles, but preventing automatic upgrades can be a non-issue by simply

  166. using lowest-matching-version.

  167. 

  168. 

  169. *So, if this is the case, why use ranges at all?*

  170. """""""""""""""""""""""""""""""""""""""""""""""""

  171. 

  172. In short: *Your* compatibility ranges are not for *you*. They are for *your

  173. users*.

  174. 

  175. Suppose package ``A`` requires ``B^1.0.0``, and ``B`` requires ``C^1.2.0``.

  176. Now let us suppose that ``A`` wishes to use a newer feature of ``C``, and thus

  177. declares a dependency on ``C^1.3.0``. ``B`` and ``A`` have different

  178. compatibility ranges on ``C``, but this will work perfectly fine **as long as

  179. the compatible version ranges of A and B have some overlap**.

  180. 

  181. That final qualification is the reason we use compatibility ranges: To support

  182. our downstream users to form dependency graphs that would otherwise form

  183. conflicts if we required *exact* versions for everything. In the above example,

  184. ``C@1.3.0`` will be selected for the build of ``A``.

  185. 

  186. Now, if another downstream user wants to use ``A``, they will get ``C@1.3.0``.

  187. But they discover that they actually need a bugfix in ``C``, so they place

  188. their own requirement on ``C ^1.3.1``. Thus, they get ``C@1.3.1``, which still

  189. satisfies the compatibility ranges of ``A`` and ``B``. Everyone gets along

  190. just fine!

  191. 

  192. 

  193. .. _deps.lib-deps:

  194. 

  195. Library Dependencies

  196. ********************

  197. 

  198. In ``dds``, library interdependencies are tracked separately from the packages

  199. that contain them. A library must declare its intent to use another library

  200. in the ``library.json5`` at its library root. The minimal content of a

  201. ``library.json5`` is the ``name`` key:

  202. 

  203. .. code-block:: js

  204. 

  205.     {

  206.         name: 'gadgets'

  207.     }

  208. 

  209. To announce that a library wishes to *use* another library, use the aptly-named

  210. ``uses`` key:

  211. 

  212. .. code-block:: js

  213.     :emphasize-lines: 3-7

  214. 

  215.     {

  216.         name: 'gadgets',

  217.         uses: [

  218.             'acme/widgets',

  219.             'acme/gizmos',

  220.             'acme/utils',

  221.         ],

  222.     }

  223. 

  224. Here is where the package's ``namespace`` key comes into play: A library's

  225. qualified name is specified by joining the ``namespace`` of the containing

  226. package with the ``name`` of the library within that package with a ``/``

  227. between them.

  228. 

  229. It is the responsibility of package authors to document the ``namespace`` and

  230. ``name`` of the packages and libraries that they distribute.

  231. 

  232. .. note::

  233.     The ``namespace`` of a package is completely arbitrary, and need not relate

  234.     to a C++ ``namespace``.

  235. 

  236. .. note::

  237.     The ``namespace`` need not be unique to a single package. For example, a

  238.     single organization (Like Acme Inc.) can share a single ``namespace`` for

  239.     many of their packages and libraries.

  240. 

  241.     However, it is essential that the ``<namespace>/<name>`` pair be

  242.     universally unique, so choose wisely!

  243. 

  244. Once the ``uses`` key appears in the ``library.dds`` file of a library, ``dds``

  245. will make available the headers for the library being used, and will

  246. transitively propagate that usage requirement to users of the library.