feat: add tack lockfile backend#120
Conversation
|
Hey @xfo-0, this looks great! let's wait for CI to finish and we merge. PR looks good. Would you be interested in sending a |
vic
force-pushed
the
tack
branch
2 times, most recently
from
6b582a2 to
f17f281
Compare
|
I removed nixlock support (CI was unable to download the archive for it). Now bootstrap tests fail: Can you add bootstrap tests for See how the github action runs bootstrap tests so you can check locally |
|
Done in 467b11f (superseded by 3b430da):
Local suite: 13/13. |
|
Please remove |
xfo-0
force-pushed
the
tack
branch
2 times, most recently
from
4c34e0c to
dcf8171
Compare
Diff vs f17f281 is exactly: workflow token env, |
See CI failure: flake.lock is needed on dev flake. |
|
Restored |
flake-file.tack.package now falls back to building tack from a pinned
source tarball via its vendored nix/package.nix (cargoLock, no hash
churn) instead of throwing when pkgs.tack is absent — the throw broke
every bootstrap test at eval time since write-lock aggregates all
writer apps.
test-tack exercises write-tack end to end (pins.toml content, lock
entry, resolver init); test-write-lock-tack checks lock-detection
dispatch. Bootstrap job exports GITHUB_TOKEN since tack resolves refs
via api.github.com and anonymous rate limits flake on shared runners.
Also seed npins tests with sources.json version 8: current nixpkgs
npins rejects version 7 ("too old, you need to run upgrade") and
write-npins exits 0 on that error, failing test-write-lock-npins.
nixlock mentions lingered across overview, guides, explanation, reference, and tutorials after the backend was removed; tack takes its place where a backend list or write-* table is meant to be exhaustive.
f17f281 deleted it; the check-flake-file regen check reads the committed lock and fails without it.
|
Awesome! thank you so much, @xfo-0 ! |
2 participants
Adds a tack lockfile backend: flake-like TOML pins, lazily fetched, no
flake.lock.flakeModules.tack(modules/tack/): rendersflake-file.inputsinto.tack/pins.toml;write-tackcopies the pins and runstack updateto produce.tack/pins.lock.json. Nix reads the lock through the tack resolver —pins.tomlonly drives updates. Wired intowrite-lockdispatch.tackType(flake/fetch/fixed) andunpack(tarball/file) declared via submodule option merge, re-merged afterpreProcesssinceinputsExprstrips unknown fields — they never leak into generatedflake.nix.flake-file.tack.*: package, lock dir/file names,[shorturls],[all_follow], recomposability, resolver overrides (read-onlyflake-file.tack.sources).templates/tack: lock-less flake; entrypoint is a lazy__functorthreadingtackOverrides+ realself.outPath.test-tack,test-write-lock-tack).--override-inputcan't reach it; vendored lock pins upstream, not the PR SHA). Dedicated label-gatedtackjob builds the template'swrite-tackagainst the PR checkout viatackOverrides, runs it, asserts no pins.toml drift, builds the devShell. Apply thetacklabel to run it.pkgs.tackwhen present, else built from a pinned tack source tarball (nix/package.nix,cargoLock).Review notes:
write-tackneeds network + atackbinary; serializer emitstype = "fetch"forflake = false(tack's documented legacy mapping), explicittackTypewins.🤖 Generated with Claude Code