obi1kenobi/cargo-semver-checks obi1kenobi/cargo-semver-checks

  • Stars
    star
    1,131
  • Rank 41,145 (Top 0.9 %)
  • Language
    Rust
  • License
    Apache License 2.0
  • Created over 2 years ago
  • Updated about 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
obi1kenobi/cargo-semver-checks
github

obi1kenobi

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Scan your Rust crate for semver violations.

cargo-semver-checks

Lint your crate API changes for semver violations.

Quick Start

$ cargo install cargo-semver-checks --locked

# Check whether it's safe to release the new version:
$ cargo semver-checks check-release

Or use as a GitHub Action (used in .github/workflows/ci.yml in this repo):

- name: Check semver
  uses: obi1kenobi/cargo-semver-checks-action@v2

image

Each failing check references specific items in the Cargo SemVer reference or other reference pages, as appropriate. It also includes the item name and file location that are the cause of the problem, as well as a link to the implementation of that query in the current version of the tool.

FAQ

What Rust versions does cargo-semver-checks support?

cargo-semver-checks uses the rustdoc tool to analyze the crate's API. Rustdoc's JSON output format isn't stable, and can have breaking changes in new Rust versions.

When each cargo-semver-checks version is released, it will at minimum include support for the then-current stable and beta Rust versions. It may, but is not guaranteed to, additionally support some nightly Rust versions.

The GitHub Action uses the most recent versions of both cargo-semver-checks and stable Rust, so it should be unaffected. Users using cargo-semver-checks in other ways are encouraged to update cargo-semver-checks when updating Rust versions to ensure continued compatibility.

Does the crate I'm checking have to be published on crates.io?

No, it does not have to be published anywhere. You'll just need to use a flag to help cargo-semver-checks locate the version to use as a baseline for semver-checking.

By default, cargo-semver-checks uses crates.io to look up the previous version of the crate, which is used as the baseline for semver-checking the current version of the crate. The following flags can be used to explicitly specify a baseline instead:

--baseline-version <X.Y.Z>
    Version from registry to lookup for a baseline

--baseline-rev <REV>
    Git revision to lookup for a baseline

--baseline-root <MANIFEST_ROOT>
    Directory containing baseline crate source

--baseline-rustdoc <JSON_PATH>
    The rustdoc json file to use as a semver baseline

Custom registries are not currently supported (#160), so crates published on registries other than crates.io should use one of the other approaches of generating the baseline.

Does cargo-semver-checks have false positives?

"False positive" means that cargo-semver-checks reported a semver violation incorrectly. A design goal of cargo-semver-checks is to not have false positives. If they do occur, they are considered bugs.

When cargo-semver-checks reports a semver violation, it should always point to a specific file and approximate line number where the specified issue occurs; failure to specify a file and line number is also considered a bug.

If you think cargo-semver-checks might have a false-positive but you aren't sure, please open an issue. Semver in Rust has many non-obvious and tricky edge cases, especially in the presence of macros. We'd be happy to look into it together with you to determine if it's a false positive or not.

Will cargo-semver-checks catch every semver violation?

No, it will not β€” not yet! There are many ways to break semver, and cargo-semver-checks doesn't yet have lints for all of them. New lints are added frequently, and we'd be happy to mentor you if you'd like to contribute new lints!

Append --verbose when semver-checking your crate to see the full list of performed semver checks.

Here are some example areas where cargo-semver-checks currently will not catch semver violations:

  • breaking type changes, for example in the type of a field or function parameter
  • breaking changes in generics or lifetimes
  • breaking changes that exist when only a subset of all crate features are activated

Why cargo-semver-checks instead of ...?

rust semverver builds on top of rustc internals to build rlib's and compare their metadata. This strips the code down to the basics for identifying changes. However, is tightly coupled to specific nightly compiler versions and takes work to stay in sync.

cargo breaking effectively runs cargo expand and re-parses the code using syn which requires re-implementing large swaths of rust's semantics to then lint the API for changes. This is limited to the feature and target the crate was compiled for.

cargo-semver-checks sources its data from rustdoc's json output. While the json output format is unstable, the rate of change is fairly low, reducing the churn in keeping up. The lints are also written as queries for trustfall "query everything" engine, reducing the work for creating and maintaining them. Because of the extra data that rustdoc includes, some level of feature/target awareness might be able to be introduced.

There is interest in hosting rustdoc JSON on docs.rs meaning that semver-checking could one day download the baseline rustdoc JSON file instead of generating it. Also, generally speaking, inspecting JSON data is likely going to be faster than full compilation.

cargo-public-api uses rustdoc, like cargo-semver-checks, but focuses more on API diffing (showing which items has changed) and not API linting (explaining why they have changed and providing control over what counts).

Why is scanning massive crates slow?

Crates that are ~100,000+ lines of Rust may currently experience scan times of a several minutes due to some missing optimizations.

For implementation convenience, there's some O(n^2) scaling for n items in a few places. If your crate is negatively affected by this, please let us know so we can best prioritize optimization versus feature work.

Why is it sometimes cargo-semver-check and cargo-semver-checks?

This crate was intended to be published under the name cargo-semver-check, and may indeed one day be published under that name. Due to an unfortunate mishap, it remains cargo-semver-checks for the time being.

The cargo_semver_check name is reserved on crates.io but all its versions are intentionally yanked. Please use the cargo-semver-checks crate instead.

License

Available under the Apache License (Version 2.0) or the MIT license, at your option.

Copyright 2022-present Predrag Gruevski and Project Contributors. The present date is determined by the timestamp of the most recent commit in the repository. Project Contributors are all authors and committers of commits in the repository.

More Repositories

1

trustfall

A query engine for any combination of data sources. Query your files and APIs as if they were databases!
Rust
2,399
star
2

cargo-semver-checks-action

A GitHub Action for running cargo-semver-checks
TypeScript
60
star
3

typing_copilot

Helper for starting to type-hint large codebases with mypy.
Python
37
star
4

monad_compiler

A compiler for the MONAD language from Advent of Code 2021 Day 24
Rust
20
star
5

trustfall-rustdoc-adapter

Trustfall adapter for querying rustdoc
Rust
10
star
6

ychacks2014

A hackathon adventure
JavaScript
7
star
7

pyre

6.858 final project -- Python exploitation of PC-remote-control mobile apps
Python
5
star
8

graphql-compiler-cross-db-example

A demo of the GraphQL compiler's cross-database querying capabilities
Jupyter Notebook
4
star
9

trustfall-rustdoc

Trustfall adapters for various rustdoc JSON format versions
Rust
4
star
10

python-bootstrap

A baseline Python project with all tooling set up
Python
3
star
11

kerbal-api

Programmatically querying Kerbal Space Program information, such as part characteristics
Python
3
star
12

advent-of-code-2021

Rust
2
star
13

crates-rustdoc

Rustdoc JSON for top crates, generated by crates-rustdoc-gen
2
star
14

ascension-bot

A system to play the Ascension: Chronicle of the Godslayer board game in an automated fashion for the purposes of game-theoretic analysis of various strategies.
Python
2
star
15

crates-rustdoc-gen

Rustdoc JSON generator for the top crates on crates.io
Rust
2
star
16

advent-of-code-2020

Rust
2
star
17

jester

An authentication system that enables two-factor authentication (2FA) using only client-side Javascript, without relying on any special server-side APIs other than password-based login and password changes for authenticated users.
CoffeeScript
2
star
18

kosmos

Explorations in KSP space exploration with kOS
1
star
19

advent-of-code-2022

Solutions for Advent of Code 2022
Rust
1
star
20

obsidian

Language analysis system
CoffeeScript
1
star
21

livedrop

An end-to-end encrypted photo sharing app using only free-to-use services, where the only trusted parties are the photo sender and recipient.
CoffeeScript
1
star
22

diego

A flexible transaction conflict-resolution framework written in Go
Go
1
star