GithubHelp home page GithubHelp logo

cargo-crusader's Introduction

Cargo Crusader

Hark, Rust crate author! The battle for Rust's reputation as The Most Reliable Software Platform Ever is here, and nobody is free of responsibility. The future of Rust, dear Rustilian, is in your hands.

Join the Cargo Crusade and bring the Theory of Responsible API Evolution to the non-believers.

Cargo Crusader is a tool to help crate authors evaluate the impact of future API changes on downstream users of that crate before they are published to crates.io.

How?

When you run cargo-crusader from the source directory of your published crate, Crusader asks crates.io for all of its reverse dependencies - published crates that DEPEND ON YOU. It then downloads each of them, and builds them: first against your crate as currently published, then against your local work-in-progress (i.e. the next version you are going to publish). It then reports differences in behavior.

Getting Started

IMPORTANT SECURITY WARNING: This program executes arbitrary untrusted code downloaded from the Internet. You are strongly recommended to take your own sandboxing precautions before running it.

First, download and build Cargo Crusader, and put the cargo-crusader command in your PATH environment variable:

$ git clone https://github.com/brson/cargo-crusader
$ cd cargo-crusader
$ cargo build --release
$ export PATH=$PATH:`pwd`/target/release/

Now change directories to your source and run cargo-crusader:

$ cargo-crusader
crusader: downloading reverse deps for hyper
crusader: 10 reverse deps
crusader: testing crate aloft
crusader: testing crate austenite
crusader: result 1 of 10, aloft 0.3.1: broken
crusader: testing crate bare
crusader: result 2 of 10, austenite 0.0.1: broken
crusader: testing crate catapult
crusader: result 3 of 10, bare 0.0.1: broken
crusader: testing crate chan
crusader: result 4 of 10, catapult 0.1.2: broken
crusader: testing crate chatbot
crusader: result 5 of 10, chan 0.1.14: passed
crusader: testing crate click_and_load
crusader: result 6 of 10, chatbot 0.2.2: regressed
crusader: testing crate coinbaser
crusader: result 7 of 10, click_and_load 0.0.1: broken
crusader: testing crate doapi
crusader: result 8 of 10, coinbaser 0.1.0: regressed
crusader: testing crate ease
crusader: result 9 of 10, doapi 0.1.0: broken
crusader: result 10 of 10, ease 0.2.1: regressed

passed: 1
regressed: 3
broken: 6
error: 0

full report: ./crusader-report.html

A full run will take quite a while. After its done it will print a summary, as well as produce an HTML file containing the full results, including all the compiler output for each test.

Tests result in four possible statuses: 'passed', if the reverse dependency built both before and after the upgrade; 'regressed', if it built before but not after; 'broken', if it didn't even build before upgrading; and 'error', for internal Crusader errors.

Future improvements

Presently Crusader will override reverse dependencies with your local revision even if the version they requested is not semver compatible with your work-in-progress. Crusader might first verify whether or not the WIP qualifies as a semver-valid upgrade.

Testing upstream as well - Crusader could ask for all the WIP branches of your dependencies and then override your build to see if upcoming changes are going to break your crate.

Sandboxing.

License

MIT/Apache-2.0 is the official license of both The Rust Project and The Cargo Crusade.

cargo-crusader's People

Contributors

brson avatar meqif avatar gankra avatar zackpierce avatar tillarnold avatar

Stargazers

Matteo Bigoi avatar Raphaël Duchaîne avatar Kusti Skytén avatar Wilfred Hughes avatar avatar Johan Andersson avatar avatar Vlad Frolov avatar Erich Gubler avatar Mark Sta Ana avatar Tobias Goecke (Göcke) avatar Kilian Koeltzsch avatar Vincent Esche avatar Sergei Shulepov avatar J. Ryan Stinnett avatar Márk Bartos avatar Tristan Hume avatar Lily Ballard avatar Jacob Payne avatar Marek Kotewicz avatar Nikolay Volf avatar Bastien Rivière avatar Stephan Sokolow avatar Sebastian Thiel avatar Rust avatar Adelar da Silva Queiróz avatar Keunhong Lee avatar avatar Zack M. Davis avatar wangcong avatar Jared Mackey avatar Mohammad AlSaleh avatar Will Hipschman avatar Łukasz Jan Niemier avatar Ivan Ivashchenko avatar Angus H. avatar Christoph Grabo avatar Sagar Patil avatar Martin Kojtal avatar Val Packett avatar David Roundy avatar David Wilson avatar Sébastien Martini avatar Jan-Erik Rediger avatar Jared Roesch avatar Sven Nilsen avatar srrrse avatar Chiu-Hsiang Hsu avatar Patrick Reisert avatar Jòan avatar Kevin Butler avatar Brian Uosseph avatar avatar Doug Tangren avatar tyoc213 avatar Ferris avatar Justinas Stankevičius avatar Josh Matthews avatar

Watchers

Doug Tangren avatar avatar David Roundy avatar avatar tyoc213 avatar James Cloos avatar Kevin Butler avatar Dilum Aluthge avatar avatar

Forkers

gankra bvssvni zackpierce

cargo-crusader's Issues

Support --help

Cargo crusader should not start working on unknown command line arguments.

It would be cool if both these were supported: cargo-crusader --help and cargo help crusader (Yep! Cargo picks up custom commands, just like git and others).

Crusader fails

Not only it fails, but also it uses outdated crates that do not compile with recent openssl versions on my system.

Example of failure https://travis-ci.org/contain-rs/bit-vec/jobs/533429609

crusader: downloading reverse deps for bit-vec
https://crates.io/api/v1/crates/bit-vec/reverse_dependencies?per_page=100&page=1
error: decoder error
ParseError(SyntaxError("invalid syntax", 1, 1))
The command "bash crusader.sh" exited with 255.

Recommend or suggest some sandboxing precautions

I'm grateful of the security warning in the README:

IMPORTANT SECURITY WARNING: This program executes arbitrary
untrusted code downloaded from the Internet. You are strongly
recommended to take your own sandboxing precautions before running
it.

Are there some entry-level sandbox precautions that could be suggested here?

I'm wondering if perhaps it could be something along the lines of "As a minimum download Docker for Desktop, use [this] Dockerfile and launch it [this way] to get a reasonably locked and isolated environment".

(As a side note, thanks for writing this tool - it looks really useful!)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.