Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support native dependencies #2386

Closed
wants to merge 4 commits into from

Conversation

mattsse
Copy link
Member

@mattsse mattsse commented Jul 19, 2022

Motivation

dependency management is currently done via git submodules: forge install

Instead of managing submodules, dependencies could also be managed via a foundry registry. and a [dependencies] table in foundry.toml

this has the advantage that dependencies don't need to be submodules anymore and can be reuused by multiple projects.

however this introduces some challenges:

keep up to date

via submodules this is a simple update and a commit for the updated submodules. for native dependencies we can add tag|rev options to pin the specific commit.

dependency conflict

what if there multiple versions of the same repository in the dependency graph. Currently this can only be handled via different remappings, otherwise, the top most submodule has precedence, see also #1855. in other build env this problem is handled via lock files. Unsure if beneficial here.

tooling/auditing

tracking dependencies somewhere else (~/.foundry/registry) could mean that we need to add support for existing editors/lsp so they can be found in the editor.

maybe this makes auditing harder

This PR is merely an initial exploration effort, but imo it would be possible

todo:

  • better git management, luckily foundry_binder already has some rudimentary support for this
  • dependency graph support
  • full forge build pipeline: resolve imports, checkout, build

Solution

@onbjerg
Copy link
Member

onbjerg commented Jul 19, 2022

So the idea is to move away from submodules, but still depend on git for fetching/updating (at least for now)?

In terms of ~/.foundry/registry we could symlink to the package on platforms that support it for easier auditing/traversing and on platforms that don't we could copy

@gakonst
Copy link
Member

gakonst commented Jul 20, 2022

One thing is that people really like that you can grep through your deps when they're in submodules.

@onbjerg
Copy link
Member

onbjerg commented Jul 20, 2022

Would this not work with symlinks? Otherwise I think it would be ok to just copy and have ~/.foundry/registry act as a cache

@onbjerg
Copy link
Member

onbjerg commented Aug 5, 2022

Another idea as well: since we would have better insight into dependencies/packages, for packages that support it we can generate more "sane" automatic remappings. For example, could provide a way to add package info about your project in foundry.toml (name, version, paths), so e.g. if OZ had a simple foundry.toml people could access it via @openzeppelin like for Hardhat

@onbjerg onbjerg linked an issue Aug 10, 2022 that may be closed by this pull request
@gakonst
Copy link
Member

gakonst commented Aug 12, 2022

doubt this will make it into 1.0 so closing to keep the PRs clean. we should revisit for 2.0

@gakonst gakonst closed this Aug 12, 2022
@mattsse
Copy link
Member Author

mattsse commented Aug 13, 2022

+1
was just some weekend hacking, should followup on #2618 for this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

feat: improve dependency model / package management
3 participants