How to properly handle lock file diffs in CI? #1866

akostylev0 · 2025-03-11T17:22:27Z

akostylev0
Mar 11, 2025

I have a monorepo with Yarn and Cargo (both using workspaces). I'm using Dependabot to update dependencies, and sometimes only the lock file changes. However, my CI, configured as shown below, does not trigger in such cases.

Would it be correct to add /Cargo.lock and /yarn.lock to inputs? And if I do so, will a build be triggered by a dependency update in a different project?

Is it possible to configure moon so that it triggers only when a project's dependencies changes, and if so, how?

fileGroups:
  sources:
    - 'src/**/*'
    - 'Cargo.toml'

tasks:
  build:
    command: 'cargo build --release'
    inputs:
      - '@globs(sources)'
    outputs:
      - '/target/release/app'

btw, Thanks for your work — really awesome project!

Answered by milesj

Mar 12, 2025

Sorry you are correct, I misread the post. I was thinking about this at the task caching level, and not the CI affected level.

Right now affected checks are based on input files/env vars, and nothing else. Once we finish the plugin migration, it'll open up more pathways for features like this.

As a temporary solution, you could use implicitInputs in .moon/tasks/node.yml: https://moonrepo.dev/docs/config/tasks#implicitinputs But this would mark all node tasks as affected, and not just those with changed deps.

View full answer

milesj · 2025-03-11T19:49:10Z

milesj
Mar 11, 2025
Maintainer

@akostylev0 So this should work this way already. When generating the task hash, we parse the package.json/Cargo.toml/lockfiles and extract package/version information and include it in the hash. So updating a dependency should bust the task cache.

If you can verify that's not working, I can dig into it.

3 replies

akostylev0 Mar 12, 2025
Author

I have created two demo repositories to test this behavior (using Yarn, but I'm experiencing the same issue with Cargo):
https://github.com/akostylev0/demo-without-lock
https://github.com/akostylev0/demo-with-lock

akostylev0/demo-without-lock#1 no tasks were affected at all (run details)
akostylev0/demo-with-lock#2 both projects were affected (run details)

Neither case produced the expected results. Can you check it, please?

milesj Mar 12, 2025
Maintainer

Sorry you are correct, I misread the post. I was thinking about this at the task caching level, and not the CI affected level.

Right now affected checks are based on input files/env vars, and nothing else. Once we finish the plugin migration, it'll open up more pathways for features like this.

As a temporary solution, you could use implicitInputs in .moon/tasks/node.yml: https://moonrepo.dev/docs/config/tasks#implicitinputs But this would mark all node tasks as affected, and not just those with changed deps.

Answer selected by akostylev0

akostylev0 Mar 13, 2025
Author

Thanks for the clarification! I’ve created an issue for this: #1872

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to properly handle lock file diffs in CI? #1866

{{title}}

Replies: 1 comment 3 replies

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

How to properly handle lock file diffs in CI? #1866

akostylev0 Mar 11, 2025

Replies: 1 comment · 3 replies

milesj Mar 11, 2025 Maintainer

akostylev0 Mar 12, 2025 Author

milesj Mar 12, 2025 Maintainer

akostylev0 Mar 13, 2025 Author

akostylev0
Mar 11, 2025

Replies: 1 comment 3 replies

milesj
Mar 11, 2025
Maintainer

akostylev0 Mar 12, 2025
Author

milesj Mar 12, 2025
Maintainer

akostylev0 Mar 13, 2025
Author