gleam icon indicating copy to clipboard operation
gleam copied to clipboard

Published 20 hours ago verified publisher icon gleam-lang

Transitive Dependency Warnings via gleam compile-package

Open tynanbe opened this issue 1 year ago • 4 comments

As mentioned in https://github.com/gleam-lang/mix_gleam/issues/38

The gleam compile-package API should perhaps not generate these warnings, or have a flag to disable them.

tynanbe avatar Jan 25 '24 17:01 tynanbe

Not sure what exactly happen, but this change did solve the transitive dependency issue at least in my project https://github.com/gleam-lang/mix_gleam/pull/39

tim2CF avatar Jan 29 '24 03:01 tim2CF

So, I have never written a line of Rust in my life, but I'm trying to follow what exactly causes this to happen, and think in general terms of a solution.

analyse::record_imported_items_for_use_detection emits the warning if !direct_dependencies.contains_key(&module_info.package) (and other conditions). I presume that if dependencies from mix.exs make their way into this direct_dependencies HashMap argument, the issue will be solved; I would like y'all's opinion on whether this is indeed the case and a desirable solution.

I tried to figure out how the dependencies from gleam.toml make their way to this direct_dependencies thingy. Here's the path of function calls I could identify:

  • analyse::record_imported_items_for_use_detection
  • analyse::infer_module
  • package_compiler::analyse (where dev dependencies are included if needed)
  • package_config.dependencies_for
  • package_compiler.compile
  • package_compiler.new (as that creates the config struct with the deps)

Here it branches into two paths, each reaching two very similar functions:

  • project_compiler.compile_gleam_package
  • project_compiler.compile_gleam_dep_package
  • package_config.read

-or-

  • compile_package::command
  • config::read

Both these read functions parse TOML. ProjectCompiler also has a compile_mix_dep_package method, which I don't know if it is related.

So, a few questions: 1 - should there really be these two almost identical read functions? 2 - how can they be modified to include dependencies from mix.exs so the transitive deps warning goes away? 3 - is this all anywhere near correct?

brunoparga avatar Mar 22 '24 14:03 brunoparga

As Tynan says the solution is to have the gleam compile-package API not emit that warning ever, so it just needs to set some extra configuration on the package compiler which is passed to the analyser.

lpil avatar Mar 22 '24 14:03 lpil

Yeah, that seems more complicated than I can do with zero Rust knowledge.

brunoparga avatar Mar 22 '24 15:03 brunoparga