Add '--to-lockfile' flag to cargo-upgrade

When this flag is present, all dependencies in 'Cargo.toml'
are upgraded to the locked version as recorded in 'Cargo.lock'.

Author: tofay

src/bin/add/main.rs

@@ -19,8 +19,8 @@ use cargo_edit::{find, update_registry_index, Dependency, Manifest};
 use std::io::Write;
 use std::process;
 use structopt::StructOpt;
-use toml_edit::Item as TomlItem;
 use termcolor::{Color, ColorChoice, ColorSpec, StandardStream, WriteColor};
+use toml_edit::Item as TomlItem;
 
 mod args;
 

src/bin/upgrade/main.rs

@@ -53,7 +53,11 @@ Dev, build, and all target dependencies will also be upgraded. Only dependencies
 supported. Git/path dependencies will be ignored.
 
 All packages in the workspace will be upgraded if the `--all` flag is supplied. The `--all` flag may
-be supplied in the presence of a virtual manifest."
+be supplied in the presence of a virtual manifest.
+
+If the '--to-lockfile' flag is supplied, all dependencies will be upraged to the currently locked
+version as recorded in the local lock file. The local lock file must be present and up to date if
+this flag is passed."
     )]
     Upgrade(Args),
 }
@@ -82,6 +86,10 @@ struct Args {
     /// Run without accessing the network
     #[structopt(long = "offline")]
     pub offline: bool,
+
+    /// Upgrade all packages to the version in the lockfile.
+    #[structopt(long = "to-lockfile", conflicts_with = "dependency")]
+    pub to_lockfile: bool,
 }
 
 /// A collection of manifests.
@@ -140,9 +148,7 @@ impl Manifests {
         Ok(Manifests(vec![(manifest, package.to_owned())]))
     }
 
-    /// Get the the combined set of dependencies to upgrade. If the user has specified
-    /// per-dependency desired versions, extract those here.
-    fn get_dependencies(&self, only_update: Vec<String>) -> Result<DesiredUpgrades> {
+    fn get_all_requested_dependencies(&self) -> Vec<cargo_metadata::Dependency> {
         /// Helper function to check whether a `cargo_metadata::Dependency` is a version dependency.
         fn is_version_dep(dependency: &cargo_metadata::Dependency) -> bool {
             match dependency.source {
@@ -153,13 +159,69 @@ impl Manifests {
             }
         }
 
+        self.0
+            .iter()
+            .flat_map(|&(_, ref package)| package.dependencies.clone())
+            .filter(is_version_dep)
+            .collect()
+    }
+
+    fn get_locked_dependencies(&self) -> Result<Vec<cargo_metadata::Package>> {
+        Ok(self
+            .0
+            .iter()
+            .map(|(manifest, _package)| {
+                let mut cmd = cargo_metadata::MetadataCommand::new();
+                cmd.manifest_path(manifest.path.clone());
+                cmd.other_options(vec!["--locked".to_string()]);
+
+                let result = cmd
+                    .exec()
+                    .map_err(|e| Error::from(e.compat()).chain_err(|| "Invalid manifest"))?;
+
+                Ok(result
+                    .packages
+                    .into_iter()
+                    .filter(|p| p.source.is_some())
+                    .collect::<Vec<_>>())
+            })
+            .collect::<Result<Vec<_>>>()?
+            .into_iter()
+            .flatten()
+            .collect())
+    }
+
+    /// Get the the combined set of dependencies to upgrade. If the user has specified
+    /// per-dependency desired versions, extract those here.
+    fn get_dependencies(
+        &self,
+        only_update: Vec<String>,
+        to_lockfile: bool,
+    ) -> Result<DesiredUpgrades> {
+        if to_lockfile {
+            let locked = self.get_locked_dependencies()?;
+            return Ok(DesiredUpgrades(
+                self.get_all_requested_dependencies()
+                    .into_iter()
+                    .filter_map(|d| {
+                        for p in &locked {
+                            // The requested depenency may be present in the lock file with different versions,
+                            // but only one will be semver-compatible with requested version.
+                            if d.name == p.name && d.req.matches(&p.version) {
+                                return Some((d.name, Some(p.version.to_string())));
+                            }
+                        }
+                        return None;
+                    })
+                    .collect(),
+            ));
+        }
+
         Ok(DesiredUpgrades(if only_update.is_empty() {
             // User hasn't asked for any specific dependencies to be upgraded, so upgrade all the
             // dependencies.
-            self.0
-                .iter()
-                .flat_map(|&(_, ref package)| package.dependencies.clone())
-                .filter(is_version_dep)
+            self.get_all_requested_dependencies()
+                .into_iter()
                 .map(|dependency| (dependency.name, None))
                 .collect()
         } else {
@@ -255,6 +317,7 @@ fn process(args: Args) -> Result<()> {
         all,
         allow_prerelease,
         dry_run,
+        to_lockfile,
         ..
     } = args;
 
@@ -268,7 +331,7 @@ fn process(args: Args) -> Result<()> {
         Manifests::get_local_one(&manifest_path)
     }?;
 
-    let existing_dependencies = manifests.get_dependencies(dependency)?;
+    let existing_dependencies = manifests.get_dependencies(dependency, to_lockfile)?;
 
     let upgraded_dependencies =
         existing_dependencies.get_upgraded(allow_prerelease, &find(&manifest_path)?)?;

src/manifest.rs

@@ -355,7 +355,7 @@ impl str::FromStr for Manifest {
 #[derive(Debug)]
 pub struct LocalManifest {
     /// Path to the manifest
-    path: PathBuf,
+    pub path: PathBuf,
     /// Manifest contents
     manifest: Manifest,
 }

tests/cargo-add.rs

@@ -1101,7 +1101,9 @@ fn adds_sorted_dependencies() {
 
     // and all the dependencies in the output get sorted
     let toml = get_toml(&manifest);
-    assert_eq!(toml.to_string(), r#"[package]
+    assert_eq!(
+        toml.to_string(),
+        r#"[package]
 name = "cargo-list-test-fixture"
 version = "0.0.0"
 
@@ -1112,4 +1114,3 @@ toml_edit = "0.1.5"
 "#
     );
 }
-

tests/cargo-upgrade.rs

@@ -1,7 +1,7 @@
 #[macro_use]
 extern crate pretty_assertions;
 
-use std::fs;
+use std::{fs, path::Path};
 
 mod utils;
 use crate::utils::{clone_out_test, execute_command, get_command_path, get_toml};
@@ -309,6 +309,23 @@ For more information try --help ",
     .unwrap();
 }
 
+// Verify that an upgraded Cargo.toml matches what we expect.
+#[test]
+fn upgrade_to_lockfile() {
+    let (tmpdir, manifest) = clone_out_test("tests/fixtures/upgrade/Cargo.toml.source");
+    fs::copy(
+        Path::new("tests/fixtures/upgrade/Cargo.lock"),
+        tmpdir.path().join("Cargo.lock"),
+    )
+    .unwrap_or_else(|err| panic!("could not copy test lock file: {}", err));;
+    execute_command(&["upgrade", "--to-lockfile"], &manifest);
+
+    let upgraded = get_toml(&manifest);
+    let target = get_toml("tests/fixtures/upgrade/Cargo.toml.lockfile_target");
+
+    assert_eq!(target.to_string(), upgraded.to_string());
+}
+
 #[test]
 #[cfg(feature = "test-external-apis")]
 fn upgrade_prints_messages() {