[V2:03] Add Repository Manifest Identity#17
Conversation
ritorhymes
changed the title
ritorhymes
force-pushed
the
v2/03-repo-manifest-identity
branch
2 times, most recently
from
bb2c3ee to
786ba1e
Compare
SamWilsn
left a comment
SamWilsn
left a comment
There was a problem hiding this comment.
So this makes the preprocessor very configurable. Do we need this level of complexity?
Is the point to allow someone to point the preprocessor at their own forks of our repositories? I'm just struggling a bit to see what the use case for this will be.
| #[derive(Debug, Snafu)] | ||
| pub enum RepoManifestError { | ||
| #[snafu(display("i/o error while accessing `{}`", path.to_string_lossy()))] | ||
| RepoFs { |
There was a problem hiding this comment.
| RepoFs { | |
| Io { |
| "unable to parse repo manifest `{}`", | ||
| manifest_path.to_string_lossy() | ||
| ))] | ||
| RepoParse { |
There was a problem hiding this comment.
| RepoParse { | |
| Parse { |
| } | ||
| } | ||
|
|
||
| fn required_manifest_value<T>( |
There was a problem hiding this comment.
This should be a member of RepoManifest (unless it's used elsewhere and I missed it).
| pub fn active_endpoint(&self, staging: bool) -> RepositoryEndpoint { | ||
| if staging { | ||
| self.staging.clone() | ||
| } else { | ||
| self.production.clone() | ||
| } | ||
| } |
There was a problem hiding this comment.
| pub fn active_endpoint(&self, staging: bool) -> RepositoryEndpoint { | |
| if staging { | |
| self.staging.clone() | |
| } else { | |
| self.production.clone() | |
| } | |
| } | |
| pub fn active_endpoint(&self, staging: bool) -> &RepositoryEndpoint { | |
| if staging { | |
| &self.staging | |
| } else { | |
| &self.production | |
| } | |
| } |
Unless there's a reason not to?
| }) | ||
| } | ||
|
|
||
| fn validate_repo_key( |
There was a problem hiding this comment.
Same here. The validate functions should be private members of the struct that needs them.
Add the .build-eips.repo.toml schema, loader, validation rules, and manifest tests for active proposal repositories and declared sibling repositories. Introduce ActiveRepoIdentity so later workspace lifecycle and execution layers can select manifest-backed repository metadata while the legacy EIPs/ERCs fallback continues to operate.
ritorhymes
force-pushed
the
v2/03-repo-manifest-identity
branch
from
786ba1e to
9fec377
Compare
This is not meant to make arbitrary forks first-class through local config. It is meant to move proposal-repo identity and sibling topology out of hardcoded preprocessor config and into tracked repo metadata, because the local build system needs that information to operate inside a multi-repo workspace. Theme is intentionally kept out of this and remains shared workspace infrastructure at The current The limitation shows up once the local build system lands, because the tool stops being just “render one of two known upstream repos” and becomes “operate inside a multi-repo workspace.” At that point it needs to know the active repo, sibling proposal repos, and staging/production endpoints so build, serve, init, doctor, and execution-policy resolution can derive the right workspace layout and repository sources. Hardcoded binary config becomes friction there because every new proposal repo or split requires a code change and release before the local tooling can identify and wire it correctly. The current So this is not general fork configurability; it is the narrow tracked-data alternative to hardcoding each proposal repo and sibling relationship into the binary. The trade-off is that, in a multi-repo workspace, either the preprocessor remains the central authority for every repo relationship, or each proposal repo carries the tracked metadata needed to declare its own identity and reconnect to the larger build system. This PR chooses the repo-owned metadata path so new or split proposal repos do not require a preprocessor release before they can be identified locally. |
|
Pushed updates for the inline review items:
I also updated the PR description with the rationale for the manifest layer. |
2 participants
Summary
This PR adds the manifest-backed repository identity layer that later workspace lifecycle and execution-policy PRs consume. It introduces the
.build-eips.repo.tomlschema with validation and anActiveRepoIdentityselector that prefers a manifest when present and falls back to legacy EIPs/ERCs config; nothing inmain.rscalls this yet, so review should focus on schema rules and fallback semantics rather than integration..build-eips.repo.tomlschema for active proposal repositories and declared sibling repositories.ActiveRepoIdentityfor selecting either manifest-backed identity or the legacy EIPs/ERCs fallback.tempfiledev dependency used by manifest tests.Rationale
The manifest is tracked proposal-repo identity and sibling topology, not general local fork configuration. The existing
identifying_commitfallback fits the legacy EIPs/ERCs-only architecture, but the local build system needs repo-owned identity data once it operates inside a multi-repo workspace.Keeping this in tracked repo metadata lets build, serve, init, doctor, and execution-policy resolution identify the active proposal repo and its sibling repos without hardcoding every repo relationship into the preprocessor binary. Theme remains shared workspace infrastructure at
workspace/theme, and local execution preferences remain in.build-eips.toml.Review Notes
This PR defines the manifest-backed identity model; it does not complete adoption by itself. The EIPs/ERCs rollout PRs (V2:20 and V2:21) add the tracked
.build-eips.repo.tomlfiles that make those repos use this path. Until a repo carries that manifest, the legacy EIPs/ERCs fallback remains available.Later workspace lifecycle PRs (V2:06-V2:07) and execution policy V2:08 consume this layer to identify the active repo, discover sibling repos, and resolve repository metadata.
Review
config.rsfor the manifest schema and validation rules. Reviewidentity.rsfor the fallback behavior: repositories with a manifest use that metadata, while existing EIPs/ERCs-style repositories can still resolve through legacy config.ActiveRepoIdentity::loadis defined here but not yet called frommain.rs; the workspace lifecycle and execution policy PRs wire it in. Manifest-backed accessors such asRepoManifest::sibling_repositoriesare also foundation in this slice and are consumed by those later PRs.Security note: identity assertion shifts from “the binary recognizes you by commit content” to “the repo declares its identity in tracked metadata.” The security boundary is the same in both cases: you trust the checkout you ran the preprocessor on. The new model is explicit and reviewable rather than implicit, and reserved repo ids (
theme,preprocessor,eipw) prevent shadowing workspace infrastructure.Verification
src/config.rsfor.build-eips.repo.tomlparsing, validation, and tests.src/identity.rsfor manifest-backed identity selection and legacy fallback behavior.Cargo.tomlandCargo.lockfor thetempfiletest dependency.