-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flawed logic in add_dockerfile()
#533
Comments
Thanks a lot @antoine-sachet for this. I'm a little bit torn on this issue: on one hand, we would like the Dockerfile to exactly match the user library. On the other hand, we would like to make it more robust, so indeed depending on a fork of a package is kind of weird. One the other hand (yes, the third one), we would love to be able to use a dependency that comes from GitHub. For example I might want to depend on I think the safest way to go would be to fit exactly to the versions from the computer, because chances are that in most cases that's what we want. But as a safeguard, we might want to print a message to the console when the dependencies do not come from an known repository, i.e. when it comes to GitHub, we might want to print to the console something like: ● Package xx has been locally installed from XX/XX, Docker will install from that very same source Also, I think it might be safe to warn about a package that has no remote ? Something like: ● We didn't find a repository for package {XX}, don't forget to specify it in your Dockerfile. What do you think? |
Hi Colin, I agree, we should always use the versions installed in the user library. My question was more about whether we should also specify the version of the indirect dependencies. To take an example: DESCRIPTION
will generate Dockerfile
But shiny itself depends on a bunch of packages:
I don't think we should also lock those. If we did it would look like: Dockerfile
Note I have a github version of rlang installed so the Dockerfile installs it from github as well. Currently, we lock non-cran indirect dependencies (that's what my example above was trying to demonstrate) but I don't think it was intended. To summarise, the choices are:
I think only option 1 is reasonable, so that's what I'll implement unless you disagree. The messages when using a non-cran package are also a good idea, I'll do that. Cheers |
Hey, |
I am working on a PR touching the
add_dockerfile_XXX
functions. They all depend on the internaldock_from_desc
function which needed a good clean up. There is a big inconsistency between CRAN and non-CRAN packages.We have some "direct dependencies", i.e. the packages listed in DESCRIPTION. Some may be from CRAN and some from other services. We also have "extended dependencies" which are the direct dependencies of the direct dependencies.
Currently,
add_dockerfile
will install all direct dependencies and no indirect dependencies.Unless... we happen to have a non-CRAN direct dependency, in which case all non-CRAN indirect dependencies will be added to the Dockerfile.
To reproduce the bug:
ggplot2
remotes::install_github("r-lib/prettyunits")
golem::add_dockerfile
The dockerfile only contains an install of ggplot2, with no mention of prettyunits or any other dependencies.
Now, add another package installed from github as an import. Let's say we install golem with
remotes::install_github("ThinkR-open/golem")
Your imports look like:
Generate a new dockerfile with
golem::add_dockerfile()
and this times it contains:That's obviously a bug, but it got me thinking: is it a good idea to set in stone the indirect dependencies?
Instead of fixing the bug and removing all indirect dependencies, maybe we should actually add all indrect dependencies, CRAN or not?
Pros:
Cons:
Note both options are a potentially breaking change.
@ColinFay @VincentGuyader Any thoughts? Apologies for the long message!
The text was updated successfully, but these errors were encountered: