zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

doc(ci): Explain how to resolve duplicate dependency warnings (#5017) 

* Explain how to resolve duplicate dependency warnings

* Explain why the errors happen and add the CI job name

* Add extra steps

* Add some examples, tools, and extra steps
This commit is contained in:
teor 2022-09-02 05:13:23 +10:00 committed by GitHub
parent bc7294f481
commit edd32a7320
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
book/src/dev/continuous-integration.md
View File

@ -41,7 +41,7 @@ CI sync jobs near the tip will take different amounts of time as:
- the blockchain grows, and
- Zebra's checkpoints are updated.
To resolve a CI sync timeout:
To fix a CI sync timeout, follow these steps until the timeouts are fixed:
1. Check for recent PRs that could have caused a performance decrease
2. [Update Zebra's checkpoints](https://github.com/ZcashFoundation/zebra/blob/main/zebra-utils/README.md#zebra-checkpoints)
3. Wait for a full or update sync to finish with the new checkpoints
@ -52,3 +52,25 @@ To resolve a CI sync timeout:
5. If a Rust test fails with "command did not log any matches for the given regex, within the ... timeout":
a. If it's the full sync test, [increase the full sync timeout](https://github.com/ZcashFoundation/zebra/commit/9fb87425b76ba3747985ea2f22043ff0276a03bd#diff-8fbc73b0a92a4f48656ffe7d85d55c612c755202dcb7284d8f6742a38a6e9614R367)
b. If it's an update sync test, [increase the update sync timeouts](https://github.com/ZcashFoundation/zebra/commit/9fb87425b76ba3747985ea2f22043ff0276a03bd#diff-92f93c26e696014d82c3dc1dbf385c669aa61aa292f44848f52167ab747cb6f6R51)
### Resolving Duplicate Dependencies in `Check deny.toml bans`
Zebra's CI checks for duplicate crate dependencies: multiple dependencies on different versions of the same crate.
If a developer or dependabot adds a duplicate dependency, the `Check deny.toml bans` CI job will fail.
You can view Zebra's entire dependency tree using `cargo tree`. It can also show the active features on each dependency.
To fix duplicate dependencies, follow these steps until the duplicate dependencies are fixed:
1. Check for updates to the crates mentioned in the `Check deny.toml bans` logs, and try doing them in the same PR.
For an example, see [PR $5009](https://github.com/ZcashFoundation/zebra/pull/5009#issuecomment-1232488943).
a. Check for open dependabot PRs, and
b. Manually check for updates to those crates on https://crates.io .
2. If there are still duplicate dependencies, try removing those dependencies by disabling crate features:
a. Check for features that Zebra activates in its `Cargo.toml` files, and try turning them off, then
b. Try adding `default-features = false` to Zebra's dependencies (see [PR #4082](https://github.com/ZcashFoundation/zebra/pull/4082/files)).
3. If there are still duplicate dependencies, add an exception to [`deny.toml`](https://github.com/ZcashFoundation/zebra/blob/main/deny.toml):
* Prefer exceptions for dependencies that are closer to Zebra in the dependency tree (sometimes this resolves other duplicates as well),
* Add exceptions for the earlier version of duplicate dependencies, not the later version, and
* Add a comment about why the dependency exception is needed: what was the dependency update that caused it?
* For an example, see [PR #4890](https://github.com/ZcashFoundation/zebra/pull/4890/files).
4. Repeat step 3 until the dependency warnings are fixed. Adding a single exception can resolve multiple warnings.