Is it possible to check `Cargo.lock` correctness in CI?

cactipus · January 30, 2021, 10:33pm

Hello!

I'd like to check in CI if the Cargo.lock file accurately represents the Cargo.toml (e.g.: running cargo build wouldn't change the lockfile).

I see that it's possible to do cargo update --locked, but that checks if the lockfile is using as up-to-date compatible versions as possible, which is a stricter check than I want.

Is it possible to check accuracy of Cargo.lock (not missing any deps, doesn't have unnecessary deps) other than by running cargo build and verifying that Cargo.lock didn't change?

jschievink · January 30, 2021, 10:34pm

Does cargo build --locked work?

cactipus · January 30, 2021, 10:53pm

Good question!
That works at ensuring that we don't have redundant or missing packages! Perfect

It's worth noting that it doesn't verify the formatting of the file (e.g.: extra newlines don't trigger a failure). Fortunately, builds don't seem to update the lockfile if formatting is off, so my use case of "landing Cargo.lock files that become immediately changed/dirty on every dev's machine" is handled.

Thanks!