Add source repository manifest#46
Conversation
16bbb54 to
be0399a
Compare
volen-silo
left a comment
There was a problem hiding this comment.
Reviewed closely — checked out locally, read the xtask generator end to end, and verified the prose against the repo. LGTM.
Generator (xtask/src/main.rs)
cargo xtask manifest --checkpasses clean on the branch, and a freshcargo xtask manifestleaves no git diff — generation is idempotent and the committed table is current.- Semver-aware sort (name, then parsed
semver::Version) is the right call; the comment correctly notes plain string order would put0.10.1before0.9.4. Falls back to string order if parsing ever fails, keeping output deterministic. splice_tablevalidates both markers exist and are ordered, with clear errors. Marker-bracketed regeneration keeps the surrounding prose hand-editable.- The deliberate omission of
--lockedis well reasoned and documented (keeps the command usable in the window after adding a dep but before the lock refreshes).
Host-independence (important for the CI gate)
Not passing --filter-platform means the table is the full resolved graph — I confirmed Windows-only (winapi-x86_64-pc-windows-gnu), macOS-only (apple-native-keyring-store), and dev/build deps (tempfile) all appear while generating on Linux. That's the correct choice: it makes the output identical regardless of which OS a contributor regenerates on, so the cargo xtask manifest --check step in the clippy job won't spuriously fail across platforms.
Non-blocking note: as a result the table is broader than the actually-distributed runtime closure (includes dev/build-time and all-platform crates). For an OSS license manifest that's conservative and safe — just worth being aware it's "everything Cargo resolves," not "what ships in the binary." The doc's framing ("all Rust crate dependencies … from cargo metadata") is accurate as written.
Prose sections verified against the repo
- Version
0.3.0matches workspace Cargo.toml. - Binaries:
apps/rocm,apps/rocmdpresent; engine cratesatom/lemonade/llama-cpp/pytorch/sglang/vllmall present. plans/,docs/,scripts/all exist as described.- "No media assets" — confirmed, no image/font/audio files tracked.
CI wiring
cargo xtask manifest --check added to the clippy job (which already has the toolchain) — appropriate placement. Cargo.lock delta is minimal (semver/serde/serde_json were already in the graph transitively).
All checks green incl. Windows. Approving.
There was a problem hiding this comment.
Pull request overview
Adds an OSS/compliance-focused source repository manifest (MANIFEST.md) and introduces a new cargo xtask manifest subcommand to keep the Cargo dependency/license table in that manifest reproducibly generated from cargo metadata, with a CI check to prevent drift.
Changes:
- Added
MANIFEST.mdwith repository composition details and a generated Cargo dependency/license table. - Implemented
cargo xtask manifest(and--check) to regenerate/verify the manifest dependency table fromcargo metadata. - Wired
cargo xtask manifest --checkinto CI and added required workspace deps (semver,serde,serde_json) for the generator.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
xtask/src/main.rs |
Adds the manifest xtask subcommand, metadata parsing, table rendering, and in-place marker-based splicing. |
xtask/Cargo.toml |
Adds workspace dependencies needed for parsing/sorting metadata output. |
MANIFEST.md |
Introduces the repository manifest, including generated dependency table markers and content. |
Cargo.toml |
Adds semver to workspace dependencies for shared use by xtask. |
Cargo.lock |
Updates lockfile to include new xtask dependencies. |
.github/workflows/ci.yml |
Adds a CI step to fail when the generated MANIFEST dependency table is stale. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
juhovainio
left a comment
There was a problem hiding this comment.
lgtm in general, just double check the license here as well in the manifest file
d62da14 to
dcdff23
Compare
Adds MANIFEST.md documenting the composition of this repository for OSS compliance: application identity, Cargo dependency table (name/version/ SPDX license), shipped binaries, runtime-downloaded assets, and per-directory structure notes. Adds cargo xtask manifest to regenerate the dependency table in place from cargo metadata, and cargo xtask manifest --check wired into CI to fail if the table drifts. splice_table searches for MANIFEST_END starting after MANIFEST_BEGIN so an earlier occurrence of the marker text cannot accidentally splice the wrong region.
dcdff23 to
fe2a6ef
Compare
Summary
MANIFEST.mddocumenting the composition of this repository for OSS compliance.cargo xtask manifestcommand that regenerates the dependency table in place fromcargo metadata(pure Rust), pluscargo xtask manifest --checkwired into CI to fail if the table drifts.Test plan
cargo xtask manifestregenerates the table;cargo xtask manifest --checkexits non-zero when stalecargo check/clippy/fmtclean(Recreated from a renamed branch; supersedes the previously-closed PR #43.)