Pin all packages of a project

Is there a simple way to lock the versions of all the packages of a given project? Something like ]pin X for all (direct and indirect) dependencies of its environment.

The Manifest.toml file is a very nice way of ensuring that a project is reproducible — until I or someone else mess it up by adding or updating packages when that project is activated. If this happens without a careful record of the project’s history, such an accident may be a pain.

I think it would be nice to have a command — e.g. ]lock that protects the Manifest.toml from being changed by other Pkg commands (and ]unlock for the opposite).

And maybe, also allow ]pin without arguments, such that all the direct dependencies are fixed in the current version.

Not sure but I think you can already do this (not as easily as what you are suggesting though) as you can already pin individual packages. So you could probably just do that for all of the packages in the project.

https://julialang.github.io/Pkg.jl/v1/managing-packages/#Pinning-a-package-1

Note that you can always just undo

(@v1.4) pkg> up # oops
...
   Updating `~/.julia/environments/v1.4/Project.toml`
  [587475ba] ↑ Flux v0.10.4 #master (https://github.com/FluxML/Flux.jl.git) ⇒ v0.10.5 #master (https://github.com/FluxML/Flux.jl.git)
  [91a5bcdd] ↑ Plots v1.2.3 ⇒ v1.2.4
  [295af30f] ↑ Revise v2.5.4 ⇒ v2.6.6
  [e88e6eb3] ↑ Zygote v0.4.19 #master (https://github.com/FluxML/Zygote.jl.git) ⇒ v0.4.20 #master (https://github.com/FluxML/Zygote.jl.git)
   Updating `~/.julia/environments/v1.4/Manifest.toml`
  [4c555306] ↑ ArrayLayouts v0.2.5 ⇒ v0.3.1
  [fa961155] ↑ CEnum v0.2.0 ⇒ v0.3.0
  [c5f51814] ↑ CUDAdrv v6.2.3 ⇒ v6.3.0
  [be33ccc6] ↑ CUDAnative v3.0.4 ⇒ v3.1.0
  [587475ba] ↑ Flux v0.10.4 #master (https://github.com/FluxML/Flux.jl.git) ⇒ v0.10.5 #master (https://github.com/FluxML/Flux.jl.git)
  [d9f16b24] + Functors v0.1.0
  [0c68f7d7] ↑ GPUArrays v3.2.0 ⇒ v3.3.0
  [61eb1bfa] + GPUCompiler v0.2.0
  [e88e6eb3] ↑ Zygote v0.4.19 #master (https://github.com/FluxML/Zygote.jl.git) ⇒ v0.4.20 #master (https://github.com/FluxML/Zygote.jl.git)
  [9fa8497b] + Future
   Building Plots → `~/.julia/packages/Plots/zOV0T/deps/build.log`

(@v1.4) pkg> undo # pwew
   Updating `~/.julia/environments/v1.4/Project.toml`
  [587475ba] ↓ Flux v0.10.5 #master (https://github.com/FluxML/Flux.jl.git) ⇒ v0.10.4 #master (https://github.com/FluxML/Flux.jl.git)
  [91a5bcdd] ↓ Plots v1.2.4 ⇒ v1.2.3
  [295af30f] ↓ Revise v2.6.6 ⇒ v2.5.4
  [e88e6eb3] ↓ Zygote v0.4.20 #master (https://github.com/FluxML/Zygote.jl.git) ⇒ v0.4.19 #master (https://github.com/FluxML/Zygote.jl.git)
   Updating `~/.julia/environments/v1.4/Manifest.toml`
  [4c555306] ↓ ArrayLayouts v0.3.1 ⇒ v0.2.5
  [fa961155] ↓ CEnum v0.3.0 ⇒ v0.2.0
  [c5f51814] ↓ CUDAdrv v6.3.0 ⇒ v6.2.3
  [be33ccc6] ↓ CUDAnative v3.1.0 ⇒ v3.0.4
  [587475ba] ↓ Flux v0.10.5 #master (https://github.com/FluxML/Flux.jl.git) ⇒ v0.10.4 #master (https://github.com/FluxML/Flux.jl.git)
  [d9f16b24] - Functors v0.1.0
  [0c68f7d7] ↓ GPUArrays v3.3.0 ⇒ v3.2.0
  [61eb1bfa] - GPUCompiler v0.2.0
  [e88e6eb3] ↓ Zygote v0.4.20 #master (https://github.com/FluxML/Zygote.jl.git) ⇒ v0.4.19 #master (https://github.com/FluxML/Zygote.jl.git)
  [9fa8497b] - Future
3 Likes

I didn’t know undo. That’s great!

1 Like

Starting julia with JULIA_DEPOT_PATH=/depot/path/ julia --project=/project/dir to specify your own depot path and the path of the project. Something like this should work:

using Pkg
proj = Pkg.project()
deps = proj.dependencies
topin = [ Pkg.PackageSpec(k,deps[k]) for k in keys(deps) ]
for pkg in topin
    Pkg.pin(pkg)
end

And to free packages you just have to change the for loop by

for pkg in topin
    Pkg.free(pkg)
end
3 Likes