Vcpkg support #7135
Comments
JamieMagee
added
type:feature
|
Is it an alternative to Conan, or somehow complementary? |
|
It's an alternative. Currently vcpkg appears to be much earlier in development than conan is, so if I had to prioritise one I'd prioritise conan right now. |
rarkins
added
the
status:requirements
|
Is there any plan to implement vcpkg support at this point? |
|
I'm not actively working on it right now, and I don't think I'll be working on it in the near-term. I'm busy with #8647. We can give help and guidance if it's something you're interested in implementing yourself? We have a Slack for contributors if you'd like to join. |
HonkingGoose
added
priority-4-low
I'll label this |
|
I agree with the Though if support for either comes via the community, we'll obviously accept it. |
|
@JamieMagee sorry for the late reply. I've done some reconnaissance for possible implementation methods and I think I can try to work on this. Here is my idea of how it could be implemented, so even if I'm not able to implement it for some reason others will have somewhere to start. To start, we keep an index of package versions. This is updated when needed. vcpkg does versioning by commit, and so to check for new versions, I see two decent options to monitor the latest commit on the main branch:
If there is a new commit, we can now update our package index. (The following step can be ignored if we use strategy 3 above.) In order to get the package versions, we have to clone the repo. However, if we clone it with Once we have the repo, we can get the package versions which are hard-coded into the repo. In figuring out how to do this, the script used by the vcpkg website will probably be good place to start. Once we've updated this package index, it's just a matter of comparing against the last one for differences (which can probably be done as we create the updated package index), and sending out PRs. (I'm guessing there's an internal API/module to handle this.) Note: Any
That would be great if you can! |
|
@applemonkey496 great! Am I understanding correctly that vpkg keeps a central git repository of packages and versions instead of having a traditional "registry"? And I'm guessing it's https://github.com/microsoft/vcpkg/tree/master/ports ? This reminds me of Cocoapods, who moved away from this approach as it was non-performant and crushing GitHub as the host. Also similar to homebrew, who now changed the client to not do shallow clones AFAIK. Any similar concerns about vcpkg? I think that doing a clone the first time that there's a vcpkg datasource lookup would be ok, regardless of shallow or full. Then we could maybe limit our fetching to every x minutes instead of every single time there's another lookup. |
rarkins
added
priority-3-medium
Yes, I believe so.
If by concerns you mean whether vcpkg may also move away from this approach of a centralised git repository for packages, I wasn't able to find any mention of this in the repository (I tried several search terms). I don't think it's a concern for them, at least not at the moment.
To clarify, what do you mean by "vcpkg datasource lookup"? Do you mean like strategy 3, cloning on deployment? |
|
I think that the microsoft/vcpkg repository is the default registry, but vcpkg also supports custom registries as well. Here's a few articles that I think will help: @rarkins Yes it's going via GitHub, but Microsoft might have a bit more leeway than the Cocoapods team did 😉 We might be able to avoid cloning the whole repository as well. The official website has an API that we might be able to use. There are also community supported package indexes and APIs:
IMO some of the unofficial APIs seem more powerful than the official one. Either we'll have to reach out to the people running the community ones, or push for improvements in the official one (I can reach out within MSFT). Also we'll need to be careful with vcpkg's versioning, which actually encompasses 4 different versioning schemes to cover all the possible versioning schemes in the C++ ecosystem. The relevant docs are: I know this seems like a lot, but there are some clear pieces that can be broken down (manager, datasource, versioning) |
|
Can't believe I missed that! I was sifting through vcpkg.io's source code to see how they got their data (that's where I found that PowerShell script), and I even saw the committed |
In Renovate we separate out the concept of "managers" (and their associated package files) from "datasources" (which are registries with lists of packages and versions). Sometimes they are very related, e.g. the npm manager uses npm datasources, but sometimes they may be separate such as poetry manager and pypi datasource. In this case we'll probably call both the manager and datasource to be "vcpkg" but would implement the datasource part first. |
|
I'd prefer to avoid unofficial APIs if possible, because they are more likely to disappear one day or have downtime. Do we think they are basing their data wholly on the Is the |
|
However, looking at the unofficial APIs, they update much more frequently:
I do also see similar "unstable" concerns for the unofficial APIs. None of them appear to be documented and so they may be for internal use. Whichever API we choose (if any), official or unofficial, I think it's important that we reach out to the maintainers to ensure a stable interface. (Or, we could fork one of them and host a stable version on GitHub Pages.) |
|
@rarkins @JamieMagee I am still willing to work on this. However, I am unable to do so unless a consensus is reached on API choice. |
|
I think it's best if we construct our index from the repo itself, unless there were any good reasons against that which I missed? We can clone it if cold but then fetch it every hour perhaps, and only re-clone if the fetch fails. Ideally this should be long-lived and not cleared per-run or per-repo |
|
Ok, I'll start some work on this. Once I have something, I can open a draft PR for feedback. This may take a bit because I'm quite busy and I'll be working on this in the background. |
|
I think I forgot to mention, but there is a GitHub repository for the official website, and there is an open issue about adding automation to keep the package list up-to-date: vcpkg/vcpkg.github.io#21 |
|
I'm working on this upstream vcpkg/vcpkg.github.io#60 |
rarkins
added
status:ready
and removed
status:requirements
btw, this has been finalized: https://learn.microsoft.com/en-us/vcpkg/reference/vcpkg-json#version |
What would you like Renovate to be able to do?
Vcpkg is a dependency manager for C++ projects. It's still in the early stages, but it's backed by Microsoft, and is likely to be widely used.
Currently vcpkg doesn't have support for versioning, but there is currently an RFC open at microsoft/vcpkg#11758. The format of
vcpkg.jsonis likely to be:{ "name": "project", "version": "1.0.0", "version-scheme": "semver", "dependencies": [ { "name": "zlib", "version": "1.2.11" }, { "name": "rapidjson", "version": "2020-02-08", "version-scheme": "date" }] }There are more complex examples in the PR, including minimum versions, overrides, and exclusions.
Did you already have any implementation ideas?
Are there any workarounds or alternative ideas you've tried to avoid needing this feature?
Also need to wait for registry support to be complete microsoft/vcpkg#13038
Is this a feature you'd be interested in implementing yourself?
Yes, whenever the RFC is complete.
The text was updated successfully, but these errors were encountered: