Skip to content

Caching dependencies #1098

@panglesd

Description

@panglesd

The README says:

This action intentionally does not cache the results of opam install . --deps-only. Unlike package managers such as npm or Cargo, opam does not use a lock file by default — dependency versions are resolved against the current state of opam-repository at install time.

If these resolved dependencies were cached, opam-repository updates (bug fixes, security patches, new package versions) would not be picked up for as long as the cache remains valid. On active repositories where CI runs frequently, the cache would be hit continuously and never expire, effectively freezing dependencies indefinitely. This would make CI unreliable, as it could pass with stale dependencies whilst failing on a fresh install.

I don't understand why not cache the result of opam install . --deps-only, and then do something along the lines of:

$ opam install . --deps-only --depext-only  # to install depexts (they are not cached) 
$ opam upgrade                              # To ensure installed packages are up-to-date
$ opam install . --deps-only                # Just in case a *.opam file changed

This way, the last two command will say "nothing to do" when they are up to date, and upgrade only the packages needed otherwise, and we escape the dependency freeze.

Am I missing something?

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestwontfixThis will not be worked on

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions