How Beacon Packages Julia Code (In A Monorepo)

:wave:

@erichanson recently linked this discussion in Beacon’s Slack, and we were discussing how interesting it is to get a window into other orgs’ approach to this sort of thing. It made us realize that it might be useful for us to share a bit more about Beacon’s approach, so I wrote this up post-feast yesterday - hope it’s interesting!

Beacon’s Monorepo Background/Motivation

It’s probably important to preface the rest of this content with some background on Beacon’s motivation for a monorepo in the first place, because that motivation pretty directly informs our apporoach. I make no claims that our practices will necessarily be applicable to folks in different environments :slight_smile:

At Beacon, we actually generally default to a multirepo approach for all independently useful library-style packages, but all of the production services/applications that underpin our core platform are housed in a single monorepo. Not all of the code in this platform monorepo is Julia, but a good chunk of it is.

Paraphrasing from a relevant section of Beacon’s architecture journal:

We’ve chosen to develop our platform in a monorepo fashion to start, but reserve the option to break it out into a multirepo configuration at a later time. Our platform consists of multiple “components”: loosely coupled services/applications all developed in accordance with the same CI/CD configuration, infrastructure, and engineering practices.

We’re building multiple different components with a comparatively small team. By developing in a monorepo from the get-go, it becomes a bit easier for us to…

  • …impose/enforce uniform cross-component practices/structures across the codebase
  • …rapidly prototype new cross-component structures across the codebase
  • …lower potential cross-repository synchronization overhead during a development period in which different cross-component boundaries are still being explored

As our platform grows, each given component’s API boundary matures and dedicated teams may evolve around specific components. When a given component reaches that point, we may choose to split out a matured component into its own repository in order to enable its team to function more independently.

In other words, we started with the monorepo route moreso to incubate greenfield development efforts executed by a small team and provide a low-overhead ramp to architectural maturation, rather than out of a desire to long-term opt into (and/or optimize for) the tradeoffs traditionally associated with a full-blown monorepo paradigm.

For the most part, our top architectural priority when we started was to design/implement ideal cross-component API boundaries, and we figured a monorepo structure would give us the optimal environment to rapidly prototype (and battle-test) such boundaries without incurring additional overhead associated with “baking down” a given architectural scheme into a given repository structure. By now, these boundaries are pretty much drawn/stable, but we still haven’t broken out the monorepo into a multirepo since a strong enough need hasn’t arisen that would drive us to do so. Probably will eventually do so, though.

I wanted to explicitly call out this background here, because it affords Beacon some leeway that might not be afforded to a team that was aiming for a “much more monorepo-y” approach to their monorepo. For example, our monorepo relies on Beacon’s internal package registry, which lives in its own repo, not in the monorepo (though I suppose it could, if we desired that).

Relevant Beacon Practices

With that background out of the way, here are the actual relevant Beacon practices that I thought it’d be valuable to share, heavily paraphrased from Beacon’s internal documentation. Beaconeers might note that I’ve added/removed details as needed for a general audience, and have translated a few of our language-agnostic practices into Julia-specific manifestations of those practices for this post.

Each Julia package developed at Beacon (including those in our monorepo)…

  • …should be developable/deployable, testable, versioned, released/registered, and documented independently of other packages, for some reasonable interpretation of “independence” (hopefully well-enough characterized by the rest of the points). Importantly, no package should depend on another package’s encapsulated implementation details, only on documented APIs.

  • …whose version is >= v0.1.0 may only depend on Julia packages that are registered in a package registry (either General, or Beacon’s internal registry).

  • …must declare compatibility bounds for all non-Base dependencies in their Project.toml. At a minimum, dependencies must be upper-bounded at their most recently released major version (or minor version, if the dependency is in a v0.x.y release series).

  • …should not contain a Manifest.toml checked into version control, if intended to be used as a “library-style” dependency of another package (i.e. it’s sole purpose is to provide code that should be directly invoked from within other code, and doesn’t back a standalone service/application). This forces developers (and more importantly, CI) to independently resolve the package’s dependencies, which is more consistent with downstream environments in which dependencies will be independently resolved without regard to your personal Manifest.toml. This practice also prevents a shared Manifest.toml from accidentally masking reproducibility issues with the package’s declared compatibility bounds in freshly-resolved downstream environments.

  • …should not contain “checked-in direct filesystem-level dependencies” on any content that is not owned by the package. All such dependencies should instead be intermediated by explicit APIs and/or proper package management. For example, a package should never directly include a script/file that lives outside the package. Another example, which touches on the previous Manifest.toml requirement: Imagine you’re developing the Julia packages A.jl and B.jl, and A depends on B. A’s dependency on B must be declared against a registered/released version of B, not declared as a filesystem reference via Pkg.dev. Package authors may still utilize dev locally for development purposes, of course, as long as they do not check in a Manifest.toml with a dev’d dependency.

  • …should maintain its own unit tests, and - if useful, especially for application packages - integration tests. Each package’s unit tests should be runnable/passable via Pkg.test in CI without requiring a checked-in Manifest.toml. Each package’s integration tests (if such tests exist) should stress interaction points with targeted direct upstream components; these tests should not target indirect upstream components. In other words, test against your dependencies, not your dependencies’ dependencies.

Note that in practice, the composition of these rules can cause cross-package changes to require multiple PRs - something that a more monorepo-centric team may seek to avoid. For example, if I have A.jl and B.jl, and A depends on B, then it takes at least two PRs to land a breaking change in B and propagate it to A:

  1. A PR is opened/merged which implements the B change

  2. Once this PR has landed on main, the B change is tagged/registered with Beacon’s package registry

  3. A second PR is opened/merged which propagates the change to A

  4. Once this PR has landed on main, the A change is tagged/registered with Beacon’s package registry

We consider this a desireable feature of our approach, but YMMV.

Conclusion

I can’t speak for how widely applicable it is, since I only have “anecdata” from within Beacon, but I hope this post is at least interesting/helpful to folks who are curious about how Julia code can be internally packaged within an industry setting. For us, at least, I feel that following these rules - which isn’t always easy to do - generally allows a bunch of other things to “just” work.

One last thing I’d like to note: I’m consistently blown away by how Pkg’s thoughtful design supports so many organizational configurations so cleanly, as long as you “go with the flow” of its design. At this point, it’s hard not to feel like other packaging tools/ecosystems are a PITA by comparison. A big shout out to all of Pkg’s authors/contributors for such a great ecosystem-empowering tool.

32 Likes

If you require a separate merge for a package change that requires another package change within the same monorepo, where does the benefit of the monorepo lie for you? There’s an implied use case in the post above where developers can iterate on the package together by using dev locally, thus testing multiple interdependent updates concurrently, is that where the benefit lies? Are there other benefits?

2 Likes

We’re also delivering industrial code as a small team with multirepo, and we follow basically the same guidelines.

On top of that, we have:

  • Automated CI for all packages at midnight, to catch unforeseen integration problems
  • Major versions are for major architectural shifts, and minor versions can include breaking changes. It doesn’t make sense to agonize over breaking changes (and compat bounds) when everybody’s using the latest versions anyway and PRs can be coordinated across affected packages.
  • A github repo for greenfield R&D that is a grab-bag of folders with Manifest, code and jupyter notebooks. Research outcomes often end up shared in github issues. This, I find somewhat unsatisfying, and would be curious to hear how others manage.

Thank you for sharing!

:100:

2 Likes

Super great to hear about this kind of organization/setup.

Due to historical reasons (i.e. pre-custom registry support), at RelationalAI we currently have a monorepo setup with internal packages all relatively located inside the monorepo. These “unregistered” packages are referenced in the project (currently) by manually editing the top-level Manifest.toml file to include the relative paths to the subpackages so they’re kind of like “devved” packages for the monorepo.

This mostly works when working from the top-level, but we currently have a painpoint that if you try to work in the environment of a subpackage, we lose the context of the parent Manifest.toml and then there are Pkg errors on operations when it can’t find peer internal dependencies. We could similarly checkin the Manifest.toml files for each subpackage, and manually edit those Manifest.toml files to have entries to the relative path internal dependencies, but phew, for several dozen internal packages, that becomes quite a large administrative overhead.

This PR is our proposed solution to making subpackages within a monorepo more first-class. It proposes allowing a [sources] section to the top-level Project.toml that would allow specifying the relative paths to internal subpackages, thus avoiding the need to manually edit our top-level Manifest.toml. The other proposal is allowing subpackages to specify parent = "ParentProjectName" in the subpackage Project.toml, which has the affect of, when activating the subpackage environment, walking up until the parent Project.toml is found and allowing the subpackage to “inherit” the [sources] section of the parent, thus “fixing” the issue for how subpackages can be aware of their internal peer dependencies.

There’s still a few awkward points that we’re working through for how to making working in a monorepo seemless, including:

  • When you change the dependency list of a subpackage, you need to then call Pkg.resolve() in the parent environment to ensure the top-level, checked-in Manifest.toml gets the dependency change recorded
  • How exactly to deal with [compat] sections between the parent project and subpackages

We don’t see this as nearly painful as the other 2 aforementioned points, which is why we’re limiting the PR to just the 2 proposed changes, but it would be nice to improve things even further in the future.

It’d be great to hear if this kind of setup also sounds helpful to others.

4 Likes