tasks: add lock task

nyonson · nyonson · commit ff78240002f9 · 2025-11-10T11:20:04.000-08:00
diff --git a/tasks/README.md b/tasks/README.md
@@ -61,6 +61,43 @@ features_with_no_std = ["serde", "rand"]
 
 * `RBMT_LOG_LEVEL=quiet` - Suppress verbose output and reduce cargo noise.
 
+## Lock Files
+
+To ensure your crate works with the full range of declared dependency versions, `rbmt` requires two lock files in your repository.
+
+* `Cargo-minimal.lock` - Minimum versions that satisfy your dependency constraints.
+* `Cargo-recent.lock` - Recent/updated versions of dependencies.
+
+The `rbmt lock` command generates and maintains these files for you. You can then use `--lock-file` with any command to test against either version set.
+
+### Usage
+
+**Generate/update lock files**
+
+```bash
+rbmt lock
+```
+
+1. Verify that direct dependency versions aren't being bumped by transitive dependencies.
+2. Generate `Cargo-minimal.lock` with minimal versions across the entire dependency tree.
+3. Update `Cargo-recent.lock` with conservatively updated dependencies.
+
+**Use a specific lock file**
+
+```bash
+# Test with minimal versions.
+rbmt --lock-file minimal test stable
+
+# Test with recent versions.
+rbmt --lock-file recent test stable
+
+# Works with any command.
+rbmt --lock-file minimal lint
+rbmt --lock-file minimal docs
+```
+
+When you specify `--lock-file`, the tool copies that lock file to `Cargo.lock` before running the command. This allows you to test your code against different dependency version constraints.
+
 ## Workspace Integration
 
 `rbmt` can simply be installed globally, or as a dev-dependency for more granular control of dependency versions.
diff --git a/tasks/src/lock.rs b/tasks/src/lock.rs
@@ -0,0 +1,113 @@
+//! Manage cargo lock files for minimal and recent dependency versions.
+
+use crate::environment::quiet_println;
+use crate::quiet_cmd;
+use crate::toolchain::{check_toolchain, Toolchain};
+use clap::ValueEnum;
+use std::fs;
+use xshell::Shell;
+
+/// The standard Cargo lockfile name.
+const CARGO_LOCK: &str = "Cargo.lock";
+
+/// Represents the different types of managed lock files.
+#[derive(Debug, Clone, Copy, ValueEnum)]
+pub enum LockFile {
+    /// Uses minimal versions that satisfy dependency constraints.
+    Minimal,
+    /// Uses recent/updated versions of dependencies.
+    Recent,
+}
+
+impl Default for LockFile {
+    fn default() -> Self {
+        LockFile::Recent
+    }
+}
+
+impl LockFile {
+    /// Get the filename for this lock file type.
+    pub fn filename(&self) -> &'static str {
+        match self {
+            LockFile::Minimal => "Cargo-minimal.lock",
+            LockFile::Recent => "Cargo-recent.lock",
+        }
+    }
+}
+
+/// Update Cargo-minimal.lock and Cargo-recent.lock files.
+///
+/// * `Cargo-minimal.lock` - Uses minimal versions that satisfy dependency constraints.
+/// * `Cargo-recent.lock` - Uses recent/updated versions of dependencies.
+///
+/// The minimal versions strategy uses a combination of `-Z direct-minimal-versions`
+/// and `-Z minimal-versions` to ensure two rules.
+///
+/// 1. Direct dependency versions in manifests are accurate (not bumped by transitive deps).
+/// 2. The entire dependency tree uses minimal versions that still satisfy constraints.
+///
+/// This helps catch cases where you've specified a minimum version that's too high,
+/// or where your code relies on features from newer versions than declared.
+pub fn run(sh: &Shell) -> Result<(), Box<dyn std::error::Error>> {
+    check_toolchain(sh, Toolchain::Nightly)?;
+
+    let repo_dir = sh.current_dir();
+    quiet_println(&format!("Updating lock files in: {}", repo_dir.display()));
+
+    // The `direct-minimal-versions` and `minimal-versions` dependency resolution strategy
+    // flags each have a little quirk. `direct-minimal-versions` allows transitive versions
+    // to upgrade, so we are not testing against the actual minimum tree. `minimal-versions`
+    // allows the direct dependency versions to resolve upward due to transitive requirements,
+    // so we are not testing the manifest's versions. Combo'd together though, we can get the
+    // best of both worlds to ensure the actual minimum dependencies listed in the crate
+    // manifests build.
+
+    // Check that all explicit direct dependency versions are not lying,
+    // as in, they are not being bumped up by transitive dependency constraints.
+    quiet_println("Checking direct minimal versions...");
+    remove_lock_file(sh)?;
+    quiet_cmd!(sh, "cargo check --all-features -Z direct-minimal-versions").run()?;
+
+    // Now that our own direct dependency versions can be trusted, check
+    // against the lowest versions of the dependency tree which still
+    // satisfy constraints. Use this as the minimal version lock file.
+    quiet_println("Generating Cargo-minimal.lock...");
+    remove_lock_file(sh)?;
+    quiet_cmd!(sh, "cargo check --all-features -Z minimal-versions").run()?;
+    copy_lock_file(sh, LockFile::Minimal)?;
+
+    // Conservatively bump of recent dependencies.
+    quiet_println("Updating Cargo-recent.lock...");
+    restore_lock_file(sh, LockFile::Recent)?;
+    quiet_cmd!(sh, "cargo check --all-features").run()?;
+    copy_lock_file(sh, LockFile::Recent)?;
+
+    quiet_println("Lock files updated successfully");
+
+    Ok(())
+}
+
+/// Remove Cargo.lock file if it exists.
+fn remove_lock_file(sh: &Shell) -> Result<(), Box<dyn std::error::Error>> {
+    let lock_path = sh.current_dir().join(CARGO_LOCK);
+    if lock_path.exists() {
+        fs::remove_file(&lock_path)?;
+    }
+    Ok(())
+}
+
+/// Copy Cargo.lock to a specific lock file.
+fn copy_lock_file(sh: &Shell, target: LockFile) -> Result<(), Box<dyn std::error::Error>> {
+    let source = sh.current_dir().join(CARGO_LOCK);
+    let dest = sh.current_dir().join(target.filename());
+    fs::copy(&source, &dest)?;
+    Ok(())
+}
+
+/// Restore a specific lock file to Cargo.lock.
+pub fn restore_lock_file(sh: &Shell, source: LockFile) -> Result<(), Box<dyn std::error::Error>> {
+    let src_path = sh.current_dir().join(source.filename());
+    let dest_path = sh.current_dir().join(CARGO_LOCK);
+    fs::copy(&src_path, &dest_path)?;
+    Ok(())
+}
diff --git a/tasks/src/main.rs b/tasks/src/main.rs
@@ -2,6 +2,7 @@ mod bench;
 mod docs;
 mod environment;
 mod lint;
+mod lock;
 mod test;
 mod toolchain;
 
@@ -10,12 +11,17 @@ use std::process;
 use xshell::Shell;
 
 use environment::{change_to_repo_root, configure_log_level};
+use lock::LockFile;
 use toolchain::Toolchain;
 
 #[derive(Parser)]
 #[command(name = "rbmt")]
 #[command(about = "Rust Bitcoin Maintainer Tools", long_about = None)]
 struct Cli {
+    /// Lock file to use for dependencies (defaults to recent).
+    #[arg(long, global = true, value_enum)]
+    lock_file: Option<LockFile>,
+    
     #[command(subcommand)]
     command: Commands,
 }
@@ -36,6 +42,8 @@ enum Commands {
         #[arg(value_enum)]
         toolchain: Toolchain,
     },
+    /// Update Cargo-minimal.lock and Cargo-recent.lock files.
+    Lock,
 }
 
 fn main() {
@@ -44,6 +52,16 @@ fn main() {
     configure_log_level(&sh);
     change_to_repo_root(&sh);
 
+    // Restore the specified lock file before running any command (except Lock itself).
+    if let Some(lock_file) = cli.lock_file {
+        if !matches!(cli.command, Commands::Lock) {
+            if let Err(e) = lock::restore_lock_file(&sh, lock_file) {
+                eprintln!("Error restoring lock file: {}", e);
+                process::exit(1);
+            }
+        }
+    }
+
     match cli.command {
         Commands::Lint => {
             if let Err(e) = lint::run(&sh) {
@@ -75,5 +93,11 @@ fn main() {
                 process::exit(1);
             }
         }
+        Commands::Lock => {
+            if let Err(e) = lock::run(&sh) {
+                eprintln!("Error updating lock files: {}", e);
+                process::exit(1);
+            }
+        }
     }
 }
