Paket icon indicating copy to clipboard operation
Paket copied to clipboard

Published 20 hours ago verified publisher icon fsprojects

Updating sources in paket.dependencies does not update paket.lock

Open xlegalles opened this issue 9 years ago • 8 comments

Description

I have juste updated a source in the paket.dependencies (replacing one url by another url) and the paket.lock still uses old sources after an install. Note: did not find a similar issue

Repro steps

  1. Step A From a paket.dependencies add a and B urls as sources and some nuget packages. Do a paket Install
  2. Step B Replace B url by C in paket.dependencies Do a paket Install

Expected behavior

The paket.lock should include the new source. I don't really the difference between adding a new dependency that would be processed by an install, and changing a source.

Actual behavior

the paket.lock still uses the old source

Known workarounds

--force

xlegalles avatar May 27 '16 09:05 xlegalles

Hi, We just encountered the same issue. We're working with lots of nugets and unless the "paket.lock" is deleted or if explicitly run ".paket/paket.exe install" the paket.lock won't update

paket.dependencies contains : nuget MyLib 1.5.0

paket.lock : nuget MyLib 1.2.0

So when we build it build with "1.2.0" so everything "may look like" we're using 1.5.0 versions. Is there a way in the "paket.dependencies" to force the "restore" to check and/or regenerate the paket.lock ?

tebeco avatar Jun 23 '16 09:06 tebeco

Restore only looks at the lock file. That's a basic concept and really important.

Install / update is what changes the lock file

forki avatar Jun 23 '16 09:06 forki

Regarding original issue: do you have a repro sample?

forki avatar Jun 23 '16 09:06 forki

@tebeco I thought about this a bit. I think it's unrelated to the original issue here, but yes maybe we can make paket restore check (basic) consistency between lock and dependencies file. It would not be hard. Please open new issue.

forki avatar Jun 23 '16 09:06 forki

Should I create the Issue in "Paket" repo or "Paket.VisualStudio" ? This may be related to Visual Studio extension. The idea is to Fetch>Build and it should check (and regenerate) the paket.lock file for every team member even if the lock file is present on the disk

tebeco avatar Jun 23 '16 09:06 tebeco

this would be a paket issue. Automatic regeneration of the lock file is a very very bad idea. I would only let restore fail if lock file out of sync with deps file. Then people can run install.

forki avatar Jun 23 '16 09:06 forki

Digging up something old with a follow up question. I understand the not regenerating the lock file. I was wondering if there is a CLI way to only update the source url?

Scenario, we have this in our paket.dependencies:

// When doing development as a non-employee, uncomment this to use the public NuGet feed
// source https://api.nuget.org/v3/index.json

// When doing development as an employee, uncomment this to use the private NuGet proxy
source https://xxxxx.myget.org/F/nuget-mirror/api/v3/index.json username: "%MYGET_FEED_USER%" password: "%MYGET_FEED_PASS%" authtype: "basic"

Ofcourse this comment / uncomment dance won't change a thing in the paket.lock, which we also commit. So I was wondering, is there a way for non employees to simply update their paket.dependencies and run a command which updates only the source in paket.lock? As opposed to having them edit paket.lock manually. I don't want to re-generate the paket.lock with different versions ofcourse.

CumpsD avatar Dec 28 '18 11:12 CumpsD

Any updates?

flibustier7seas avatar Mar 05 '24 14:03 flibustier7seas