Meta: Add Flatpak linting for vcpkg version equality #6406
Conversation
|
You should probably swap the commits in terms of their ordering, so the linter doesn't fail for the commit you introduce it in. |
|
I have setup the commit hooks in my local repo, including the CI linting. The first commit doesn't give issues because it does not update the Flatpak manifest or vcpkg.json, so the check is not performed. Am I overlooking a scenario? |
Yes! If you look at the other tools invoked by |
JanKoudijs
force-pushed
the
meta-check-flatpak
branch
from
3a0ecb2 to
d5e4b88
Compare
I have swapped the commits and added the functionality to perform the test if no arguments are provided. |
| with open(VCPKG) as input: | ||
| for package in json.load(input)["overrides"]: | ||
| # Add name/version pair, strip any '#' postfix from the version | ||
| vcpkg[package["name"]] = str(package["version"]).split("#")[0] |
There was a problem hiding this comment.
We read all the vcpkg versions, but we don't report packages that are only mentioned in vcpkg but not the flatpak. This is a common mistake (we add a new dependency but forgot to add it to flatpak, e.g. see cpptrace). Can this script spot those as well?
There was a problem hiding this comment.
The current script is indeed limited to finding mismatches in dependencies that are found in both vcpkg and the flatpak. What complicates a full version check is that Flatpak uses runtimes. The org.kde.Platform runtime we use includes commonly used libraries to reduce the size of the application Flatpak itself. Such runtime libraries are not explicitly listed in the flatpak.
I saw that today the flatpak label has been added, to trigger Flatpak builds in CI. Applying this label to PRs will also add in detecting partial version updates early.
Besides the flatpak label there is also a dependencies label, this might also be a good candidate to trigger Flatpak builds in CI.
Would these 3 together give an acceptable detection?
Btw. can this PR get the flatpak label?
There was a problem hiding this comment.
we don't report packages that are only mentioned in vcpkg but not the flatpak.
The other way around also happens. Not all vcpkg dependencies have a pinned version in [overrides], preventing comparison against the flatpak. The newly added cpptrace is an example of this. I don't know if it would be good practice to pin more dependency versions in vcpkg.
There was a problem hiding this comment.
The flatpak label is just for the actual build. Regular CI linting runs the script you're introducing here, that's not related to that.
cpptrace should definitely have a pinned version in vcpkg.json.
Maybe start off assuming everything must have identical versions, and keep a list of exceptions in your script?
There was a problem hiding this comment.
The flatpak label is just for the actual build. Regular CI linting runs the script you're introducing here, that's not related to that.
I'm not sure I understand, does this mean that this was done after the merge and not as part of the PR checks?
There was a problem hiding this comment.
We read all the vcpkg versions, but we don't report packages that are only mentioned in vcpkg but not the flatpak.
The updated script checks for dependencies that are unique for vcpkg or the flatpak if they have a listed exclusion, if not then linting fails.
Reasons for exclusion are:
- Flatpak build dependencies
- Flatpak dependencies of dependencies, these are not versioned in vcpkg
- Flatpak runtime libraries
- vcpkg dependencies specific for the non-Linux platforms
There was a problem hiding this comment.
cpptrace should definitely have a pinned version in vcpkg.json.
done
JanKoudijs
force-pushed
the
meta-check-flatpak
branch
2 times, most recently
from
abe8284 to
05da258
Compare
The Flatpak manifest linter matches dependencies against vcpkg.json and if there is a match checks if versions are equal. If there is no match it checks if there is a listed exclusion. If there is no version match or no listed exclusion then linting fails.
JanKoudijs
force-pushed
the
meta-check-flatpak
branch
from
05da258 to
76683d9
Compare
Meta/check-flatpak.py
Outdated
| FLATPAK_MANIFEST = "Meta/CMake/flatpak/org.ladybird.Ladybird.json" | ||
| SELF = "Ladybird" | ||
|
|
||
| # List of build tools that are not provided by the Flatpak SDK and therefor in the manifest |
There was a problem hiding this comment.
Repeated typo: "therefor" -> "therefore"
Meta/check-flatpak.py
Outdated
| "libxml2", | ||
| "libyuv", | ||
| "vulkan-memory-allocator", | ||
| "zstd", |
There was a problem hiding this comment.
Apart from vulkan-memory-allocator, seems like we pull all of these in as part of a vcpkg build. Shouldn't we pin these versions in vcpkg.json as well, even though they're transitive dependencies? 🤔
There was a problem hiding this comment.
I now query the version from the vcpkg baseline if it is not found in vcpkg overrides. As the vcpkg repo isn't necessarily available at the time of linting, it is (shallow) cloned if needed. Is this an acceptable approach for a linter?
I took this approach over manual pinning of transitive dependencies as I think that will be error prone. When e.g. only a top level dependency gets updated you can end up with incompatible versions.
This added functionality revealed 3 packages in the flatpak that were older compared to the vcpkg baseline, these are now aligned.
| "qtbase", | ||
| "qtmultimedia", | ||
| "sqlite3", | ||
| "zlib", |
There was a problem hiding this comment.
Does this mean that we're linking against whatever the kde runtime gives us for these libraries in terms of their versions? These are all pretty critical, wouldn't it be safer to build against the exact same versions as those in vcpkg.json?
There was a problem hiding this comment.
Technically this can be done, but anticipating a future Flathub submission, I'm not sure about this. In Flathub submission PRs you see the reviewers often report that some library is in the runtime and should be used from that. They seem pretty strict in their policies.
JanKoudijs
force-pushed
the
meta-check-flatpak
branch
from
ae1a5c1 to
1802a7e
Compare
If there is no version specified in vcpkg overrides then the vcpkg baseline is queried for the version. The baseline is what ensures dependency compatibility.
JanKoudijs
force-pushed
the
meta-check-flatpak
branch
from
1802a7e to
19ab3be
Compare
2 participants
The Flatpak manifest linter matches dependencies against vcpkg.json and if there is a match checks if versions are equal. If there is no match it checks if there is a listed exclusion. If there is no version match or no listed exclusion then linting fails.
Merging this PR means that vcpkg.json updates have a failing CI if the Flatpak manifest isn't updated accordingly, there has to be awareness of the Flatpak existence.