Hello @Julia,
From what I understand here and there (but really anywhere), there is almost dogmatic community consensus that Manifest.toml
files may be checked into version control for end applications, but certainly not for packages supposed to be consumed library-style by other julia projects downstream.
However, the more I read about the meaning of the manifest, the less I agree or even understand this consensus. I would like to discuss it again.
Although I understand the choice not to track the Manifest.toml
(arguably a non-source file), I do not understand that we actually recommend against tracking it. IIUC here are the reasons most frequently invoked in this respect:
Reason 1: Library consumers need maximum flexibility on your dependencies versions so their resolver can construct an environment satisfying all their constraints.
This is totally true, but irrelevant to the topic IMO.
The manifest file is used during an ] instantiate
procedure to reproduce the exact same dependencies environment that the one it was created within. However, library consumers are not expected to ] instantiate
my project. Instead, they are expected to ] add MyPackage
, an action which reads from my Project.toml
files, its [deps]
section in particular, and then calls into the resolver to satisfy the constraints listed in the [compat]
section. IIUC the manifest file is not even actually used during this process.
Therefore, although I think Reason 1 is a good argument against being overly strict in the [compat]
section of my project file (e.g. against using strict requirements like "Dep" = "=1.2.3"
), I fail to see how it is an argument against checking in my manifest file, which is (again, IIUC) actually ignored by all downstream consumers of my package.
BTW: I may be wrong in this reasoning, but then Iâd need to report that how the manifest is used (or not) is not exactly explicit from the official documentation pages: [1] [2]. The above are just the conclusions I came to myself, and confirmed at least there.
Reason 2: Checking in the manifest file yields CI breakage or misleading CI success.
Indeed, FWIU, the following command, typically used in CI:
] test
is actually a synonym of:
] instantiate; test # Build local environment before testing.
Therefore, if my project repo contains a Manifest.toml
file, then that file will be used to specify the environment. And the tests will be run in an locked/frozen environment that differs from the one actually used by downstream users supposed to ] add MyLib
later, because they would typically get a fresher environment with numerous dependencies bumped.
However, it seems super-easy to avoid that:
] update; test # Bump local environment before testing.
If I check in my manifest file, then I can easily do both:
] instantiate; test # Check that nothing has broken in the code.
] update; test # Check that nothing has broken in the ecosystem.
Or (if itâs too long):
] update; test # Check both at the same time.
Being able to choose is a clear advantage to having the manifest checked in IMO. Especially because the manifest makes it possible to debug past build and bisect versions history without the ecosystem changes getting in the way.
Reason 3: It creates merge conflicts.
It certainly does.
However, for the same reason you are not supposed to write manifest files as a human, you are not supposed to resolve manifest conflicts as a human.
If you stumble accross an unmerged manifest file, then you must be currently working on development versions of your code. Therefore, I suggest that it is not a problem that you just delete it, make sure you resolve (actual) conflicts within the Project.toml
, and then ] update
to automatically generate a fresh, âmergedâ one.
Reason 4: It increases maintenance burden.
I personally see no harm in running ] update; test
every so often and committing the resulting changes to my Manifest.toml
should the tests still pass. I guess this is also an easy CI automation.
All in all, and unless I am missing something obvious, I would personally decide to keep checking manifests of my julia packages/libraries into control version.
If you also agree with my reasoning, I would maybe further suggest that we start working, as a community, against this unsettling de-facto dogma. First by clarifying the documentation pages in this respect. Then possibly by issuing official recommendations and tradeoff on the same pages.
Julia being used a lot as a scientific tool, anything improving reproducibility is desired, and I think manifest files can help a lot in this respect. We should use them more. Libraries/Packages should not be excluded from this effort.
What do you think? : )
[some more context]:
Almost two years ago, there has been a change in the official recommendations in rust community regarding this very topic. The result is that users, instead of being recommended to not check in their manifest for libraries, are now recommended to do whatever suits their project best. Julia is not rust though. In particular, Julia cannot have two different versions of the same package within the same environment, whereas two different versions of the same crate can coexist within the same rust build. IIUC this makes dependency resolution harder for Julia, which needs to pick only one version for every dependency and yet still satisfy every requirement. However, I think that all the above argument still holds.