fix(manage): don't overwrite lockfile when lockfile=true#2127
Open
OleksandrChekhovskyi wants to merge 1 commit into
Open
fix(manage): don't overwrite lockfile when lockfile=true#2127OleksandrChekhovskyi wants to merge 1 commit into
OleksandrChekhovskyi wants to merge 1 commit into
Conversation
When `lockfile=true` (used by `install.missing` on startup and `:Lazy restore`), the lockfile is the source of truth and should not be overwritten. Previously, `lock.update()` was called unconditionally after install/update, rewriting the entire lockfile from the current disk state of all plugins — discarding pinned versions for already-installed plugins. Skip `lock.update()` when `opts.lockfile` is set, so that: - startup auto-install (`install.missing`) no longer overwrites the lockfile - `:Lazy restore` no longer overwrites the lockfile - explicit `:Lazy install` and `:Lazy update` still update it Fixes folke#1279
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When
opts.lockfileistrue, skip thelock.update()call afterinstall()andupdate(). This is a two-line change.The problem
lock.update()rewrites the entirelazy-lock.jsonfrom the current on-disk state of all installed plugins — not just the ones touched by the current operation. This means that even whenlockfile=truecorrectly checks out pinned versions for the target plugins, the lockfile gets overwritten with whatever commits all other plugins happen to be at.This affects two code paths:
Startup auto-install (
install.missing) —loader.luacallsinstall({ lockfile = true }), which correctly clones new plugins at their lockfile versions. But thenlock.update()runs and rewrites the lockfile for every plugin, including ones already installed at stale versions. The lockfile silently drifts to match local state.:Lazy restore— callsupdate({ lockfile = true }). Same issue: plugins are checked out at lockfile versions, thenlock.update()immediately overwrites the lockfile. In practice this is mostly a no-op (since restore just moved everything to the right versions), but it shouldn't be rewriting the lockfile at all — the whole point of restore is that the lockfile is the source of truth.Concrete scenario
Machine A updates plugins, commits
lazy-lock.json. Machine B pulls the config. On next startup:install.missinginstalls any new plugins at lockfile versions ✓lock.update()rewrites the lockfile from disk state of all plugins, including ones that were already locally installed at older versions ✗The user has no window to run
:Lazy restore— the lockfile is already overwritten by step 2. Even checking out the old lockfile and restarting Neovim repeats the same cycle (if new plugins exist in the spec, triggeringinstall.missing→lock.update()).The fix
The
lockfileoption already means "use lockfile versions for checkout." This PR makes it also mean "don't overwrite the lockfile afterward":lockfile=true→ lockfile is an input (check out pinned versions, preserve it)lockfile=false/nil → lockfile is an output (use latest, record what we got)Explicit user commands (
:Lazy install,:Lazy update,:Lazy sync) don't passlockfile=true, so their behavior is unchanged — they still update the lockfile as before.Testing
Verified both scenarios locally with the patched
init.lua:Missing plugin: Deleted
plenary.nvimfrom disk. Started Neovim →install.missingcloned it at the lockfile-pinned commit. Lockfile was not modified.Wrong version: Checked out
plenary.nvimto an older commit. Started Neovim →install.missingdidn't trigger (plugin exists). Ran:Lazy restore→ plugin updated to lockfile commit. Lockfile was not modified.Relates to #1279.