Training

[pawelru]

• add training materials (incl. pdf)
• export get_ref_min and get_ref_min_incl_cran
• set default config arg to be a empty list to to avoid re-writting everything if one wants to change one option only
• when querying GH API - use release first and if it is empty then tags
• enhance imports from cli
• reorder functions putting the main ones to the top
• rename install_ip into execute_ip and split it into solve_ip, download_ip, install_ip, check_ip to better follow the logic (those are all private funs)
• enhance docs (especially about configuration)

[github-actions]

Code Coverage Summary

Filename                          Stmts    Miss  Cover    Missing
------------------------------  -------  ------  -------  ---------
R/check.R                           121     121  0.00%    26-330
R/deps_installation_proposal.R      182     182  0.00%    58-347
R/get_ref.R                         165     165  0.00%    13-365
R/utils.R                            12      12  0.00%    3-32
TOTAL                               480     480  0.00%

Diff against main

Filename                          Stmts    Miss  Cover
------------------------------  -------  ------  --------
R/check.R                           +48     +48  +100.00%
R/deps_installation_proposal.R      +98     +98  +100.00%
R/get_ref.R                         +58     +58  +100.00%
R/utils.R                           +12     +12  +100.00%
TOTAL                              +216    +216  +100.00%

Results for commit: 29e268b

Minimum allowed coverage is 80%

♻️ This comment has been updated with latest results

[github-actions]

Unit Tests Summary

  1 files    4 suites   1s ⏱️
41 tests 13 ✔️ 28 💤 0 ❌
94 runs  65 ✔️ 29 💤 0 ❌

Results for commit 1fd5899.

♻️ This comment has been updated with latest results.

[gmbecker]

Overall seems like a very cool and useful tool, and probably was pretty fun to put together.

I do think there are some things that we may want to rework though, please see my comments

[gmbecker]

This is a function of the system you're running your tests on, though, and not an inherent "code failure" in the sense that min is searching for.

That said we should be using versions of recursive dependencies that were concurrent with the versions of the direct deps being tested. switchr has code to do this. You'll need to transform a switcher manifest to a pak manifest, but that should be easily doable.

Testing old versions of direct dependencies with modern versions of their recursive dependencies is not a useful or realistic check, in my opinion. Easy to get breakages just from that mismatch that dont' reflect any real cohort that anyone is actually going to have in their renv/locked site library

[pawelru]

This is a function of the system you're running your tests on, though, and not an inherent "code failure" in the sense that min is searching for.

True. I tried to include that in the discussions down below about min deps putthing this as it's installable set of dependencies - i.e. not necessarily code-wise minimal set of dependencies. I will try to rephrase that section again.

That said we should be using versions of recursive dependencies that were concurrent with the versions of the direct deps being tested. switchr has code to do this.

That's a very interesting idea - thanks for putting this. I haven't thought about that this way. I will have to explore it. Maybe we can make a new strategy out of it? Just thinking... I am going to put this in the future work not to miss that.
The problem that I am seeing right now is that we would have to resolve (recursively) the whole dependency tree on our end. It's of course doable but from the very beginning I wanted to keep it as a somewhat thin wrapper on pkgdepends and relay on it when it comes to deps resolve, download, install and all of that. Putting custom steps into its workflow it's not an easy task and require so ugly workarounds (something that I did once here but I am not very proud of it). Having this fully custom also comes with a price of maintaining same interfaces and not incorporate all the edge cases that folks have already included. I will have to think about implementation but I agree that feels more correct in the sense of probability

Testing old versions of direct dependencies with modern versions of their recursive dependencies is not a useful or realistic check, in my opinion

Yes and no.

• Yes because it's very unlikely to have direct dependency on pkg of >10 years old alongside indirect dependency of few months old.
• No because it's technically possible hence some safeguards are required.
• No because it's quite likely if we are thinking about relatively new packages with many releases, e.g. in our field: citril imports chevron of version (newest - 3 releases) and we want to use the newest rtables. I can definitely imagine this scenario.

I am going to create a new slide to discuss it.

[gmbecker]

in my opinion, this should be an argument, but thats probably because I designed switchr that way.

If the manifest is something you pass the testing machinery, you can easily tell it to test new branches, etc, without editing the DESCRIPTION file which I hate the very concept of doing when the package has not changed. It changes the MD5, which means the package is different, even when its not different, and then you have package versions which have the same version number and different MD5s running around and its a huge awful mess that didn't need to happen.

[pawelru]

I actually don't think it is going to be changed that frequently. A typical use that I am for-seeing would be that if once specified it would remain unchanged unless a new dependency is added / removed which will anyway involve changes of the DESCRIPTION file.
Having said that, Config/Needs/* is generally recommended place to store such metadata for CI that is also used by others.

[gmbecker]

Disagree here. Conceptually, foo.package only needs tibble > 1.0.0 and dplyr 1.0.0. It does not care that dplyr 1.0.0 requires tibble 2.1.3. Thats dplyr's problem, and that requirement is already encapsulated and enforced in dplyr 1.0.0

Look at it this way. The point of this is to figure out if our packge is usable within a particular renv'ed environment, right. that renv has tibble 1.0.0, it isn't going to have dplyr 1.0.0, so we already know the answer is no. We don't get any extra information from also requiring tibble 2.1.3

Don't get me wrong, I'm a big fan of installable cohorts. I have literally written a paper and given numerous research talks about it. It was central in my promotion talk to scientist at genentech. BUT, that isn't the purpose of htis tool. No one is going to come along and say "man I really want to install the exact minimum requirements to use rlistings 0.5.3, but no later because I hate all package versions that have come out in the last 5 years!!!

This tool is for finding requirements, and in that case being discussed here, the only meaningful versioned requirement is dplyr 1.0.0. So long as you ahve that, you're guaranteed to have a version of tibble that works too, so you're good and nothing more need be stated.

[pawelru]

I was expecting this comment :) It is probably the weakest side and encapsulation and who is responsible of what resonates with me very well.

It all stems from the limitations of pkgdepends and its resolve dependency algorithm - or to be more fair: our specific requirements.

Please have a look at the example up above - let me re-paste it again here:

x <- pkgdepends::new_pkg_deps(c("[email protected]", "[email protected]"))
x$solve()
x$get_solution()

<pkg_solution>
+ result: FAILED
+ refs:
  - [email protected]
  - [email protected]
+ constraints (93):
  (...)
x failures:
* [email protected]: Can't install dependency tibble (>= 2.1.3)
* [email protected]: Conflicts with [email protected]
* tibble: Conflicts with [email protected]

This pair of packages are not installable together as there is an obvious conflict that [email protected] does not meet version criteria within dplyr. It's a significant limitation that we have to bear in mind if we want to keep it as a thin layer on pkgdepends.

I have spent considerable amount of time of how to overcome this (and also fit nicely within the whole framework) with no success :( I can't really ask package maintainers for it as I am aware that this is a very specific requirement. This is true that currently named "min" deps is not a code-compabilitywise set of minimal dependencies - it's more of an installable (not to mention compileable) set of packages that is a bit more strict. I will emphasise this once more in the slides.
My view on this is that even if it's imperfect - this is a big step forward. I totally got your point about no-one asking for a specific very old version of a package. This is very unlikely to happen. I was thinking more about set of interdependent packages that are developed in parallel - something we are doing a lot. Always blindly vbumping deps is probably not the best strategy. On the other hand - keeping it unchanged is not correct either. Wanted to find a good tool that will warn you when vbump is needed.

[pawelru]

Continuing our example I did a short experiment:

1. lower the requirements on tibble from package description file - i.e. tibble (>= 2.1.3) -> tibble (>= 2.0.0)
2. Remove dplyr and tibble packages
3. pak::pkg_install("[email protected]")
4. pak::pkg_install("[email protected]") - i.e. overinstall version 3.2.1 that has been installed with dplyr
5. run rcmd build:

$> rcmdcheck::rcmdcheck("./insightsengineering/tern")
── R CMD build ────────────────────────────────────────────────────────────────
✔  checking for file ‘.../DESCRIPTION’ ...
─  preparing ‘tern’: (880ms)
✔  checking DESCRIPTION meta-information ...
─  cleaning src
─  installing the package to process help pages
         -----------------------------------
─  installing *source* package ‘tern’
─  using staged installation
─  libs
   Warning: no source files found
─  R
─  data
   *** moving datasets to lazyload DB
─  inst
─  byte-compile and prepare package for lazy loading
   Error in loadNamespace(j <- i[[1L]], c(lib.loc, .libPaths()), versionCheck = vI[[j]]) : 
     namespace ‘tibble’ 2.0.0 is already loaded, but >= 2.1.3 is required
   Calls: <Anonymous> ... namespaceImportFrom -> asNamespace -> loadNamespace
   Execution halted
   ERROR: lazy loading failed for package ‘tern’
─  removing ‘/private/var/folders/m1/hrz0h_ls7gz57rc80tnj41t80000gp/T/RtmpmRIM0D/Rinst15a481d7e84a8/tern’
         -----------------------------------
   ERROR: package installation failed
Error in proc$get_built_file() : Build process failed

It seems that this is not possible to build your package if any of the direct dependencies cannot be loaded properly. It's not possible to have fully functional environment (on which you can validate your pkg compatibility) that is built using min versions specified in the DESCRIPTION file as is. Some adjustment needs to be done (here: [email protected] -> [email protected]).

[gmbecker]

This is... somewhat true, but backwards. The cascade goes the other way

1. You cannot load your hard dependency (dplyr needs tibble >=2.1.3 and can't get it), so
2. you cannot load your package, because you must load all hard dependencies to load your package
3. you cannot install your package (because the installation process includes loading the package, which would fail even if you slipped past the other checks)

Note how I'm framing this. It has nothing to do with tibble per se. Its the dplyr requirement for our package that failed here. That's important.

Packages (which have non-base-R dependencies) can never be considered in isolation. Ever. For anything, in any circumstances.

But this is a deeper issue. There was no reason to force tibble 2.0.0 here when one of the active dependencies forced a higher version. The fact that that happened is a sign something in the algorithm isn't doing the right thing.

Put another way, if dplyr 1.0.0 requires 2.1.3 (and has declared as much), there was no reason to even try with tibble 2.0.0 and dplyr 1.0.0. It was literally impossible for that test to be successful a priori. Thus it was impossible for us to get any new information from running it.

[pawelru]

But this is a deeper issue. There was no reason to force tibble 2.0.0 here when one of the active dependencies forced a higher version. The fact that that happened is a sign something in the algorithm isn't doing the right thing.

It was just an experiment (not part of any algorihtm) of an environment that reflects 1:1 with what specified by direct dependencies.

Put another way, if dplyr 1.0.0 requires 2.1.3 (and has declared as much), there was no reason to even try with tibble 2.0.0 and dplyr 1.0.0. It was literally impossible for that test to be successful a priori. Thus it was impossible for us to get any new information from running it.

Yes exactly. That was the goal for it - to show that such environment is non-fuctional and malformed. This makes me think that such configuration of dependencies is not really testable hence: not correct? (don't know if "correct" is the right term here but I hope you got my point). You can't specify [email protected] + [email protected] as you are not able to validate its correctness.

Like I said - some adjustment (here: vbump tibble) needs to be done. In the current implementation it just errors. This is well embedded in the dependency resolution algorighm in pkgdepends. I am currently playing with my own resolution logic that uses min for direct and concurrent for indirect deps. It's definitely not super nice as I am relaying on private class fields but it's sort of working. Let me polish it and I will reach out to you again soon for feedback. But to be clear: that not means that I am convinced about correctness of dependencies specifications. It's just a way how to handle incorrect inputs and correct it on-the-fly.

[gmbecker]

This honestly is a pretty fatal flaw in the paradigm, as I mentioned above, but it is one that you can get around with some work that is already done in switchr.

[gmbecker]

This is why GRAN only builds on version change. last version change is a bit more work (though switchr already knows how, so you can get it from that), but it's much much safer than HEAD of main

[pawelru]

Hi @gmbecker I have pushed a new version that renames "min" into "min_direct" (to emphasise that only direct deps are searched for min version and indirect are installed as usual) plus also add two more strategies:

• min_cohort - find maximum date of directly dependent packages release dates and use that as PPM snapshot date for dependency resolve. This will limit the versions of indirect dependencies by date of parent package release date.
• min_cohorts - for each direct dependency: find its release date and use it as PPM snapshot for that dependency resolve. Next, combine all the individual resolve outputs and resolve it again. This will limit the versions of indirect dependencies by date of parent package release date.

Both of them should be "stable" over time - unless it has a "@*release" dynamic pointer in any of tested package dependencies.

I believe is that the "min_cohort" strategy is what you had in your mind. When testing it, I discovered a relatively big limitation - when there are many interdependent packages developed in parallel and if one of them needs a recent (e.g. development) version of another then the rest of dependency specification of that package is basically disregarded and the newest versions are used. Therefore we are not testing against min versions specified in DESC but rather against env determined by the most recent dependency out of all your dependencies.
Since it's a common use-case for us, I was thinking how to overcome this and I came up with some middle ground strategy called "min_cohorts" - a similar algorithm but repeated for each dependency separately (and then combine step at the very end that takes maximum for duplicates). I believe that this is much closer to what we want but still theoretically it might happen that your direct dependent package won't work correctly with the newer version of indirect dependent package that came with another directly dependent package.

I am happy to hear your thoughts about that. We can even meet and discuss - that would be faster. Please ping me if you are ready.

UPDATE:
I am still thinking how to name all of it as I am aware that it might be a little confusing that there are three different min strategies. I probably need to take a break and came with a fresh head.

[pawelru]

Please also find intermediate result created for teal repo with a few modifications to pkg deps (doesn't really matter here). Please have a look at the dependencies versions.

min_cohort

r$> x$draw()
deps::/var/folders/m1/hrz0h_ls7gz57rc80tnj41t80000gp/T//RtmpvamTQG/file11dbc75078157 0.13.0.
├─shiny 1.7.4 ✨
│ ├─httpuv 1.6.11 ✨
│ │ ├─Rcpp 1.0.10 ✨
│ │ ├─R6 2.5.1 ✨
│ │ ├─promises 1.2.0.1 ✨
│ │ │ ├─R6
│ │ │ ├─Rcpp
│ │ │ ├─later 1.3.1 ✨
│ │ │ │ ├─Rcpp
│ │ │ │ └─rlang 1.1.1 ✨
│ │ │ ├─rlang
│ │ │ └─magrittr 2.0.3 ✨
│ │ └─later
│ ├─mime 0.12 ✨
│ ├─jsonlite 1.8.5 ✨
│ ├─xtable 1.8-4 ✨
│ ├─fontawesome 0.5.1 ✨
│ │ ├─rlang
│ │ └─htmltools 0.5.5 ✨
│ │   ├─digest 0.6.31 ✨
│ │   ├─base64enc 0.1-3 ✨
│ │   ├─rlang
│ │   ├─fastmap 1.1.1 ✨
│ │   └─ellipsis 0.3.2 ✨
│ │     └─rlang
│ ├─htmltools
│ ├─R6
│ ├─sourcetools 0.1.7-1 ✨
│ ├─later
│ ├─promises
│ ├─crayon 1.5.2 ✨
│ ├─rlang
│ ├─fastmap
│ ├─withr 2.5.0 ✨
│ ├─commonmark 1.9.0 ✨
│ ├─glue 1.6.2 ✨
│ ├─bslib 0.5.0 ✨
│ │ ├─base64enc
│ │ ├─cachem 1.0.8 ✨
│ │ │ ├─rlang
│ │ │ └─fastmap
│ │ ├─htmltools
│ │ ├─jquerylib 0.1.4 ✨
│ │ │ └─htmltools
│ │ ├─jsonlite
│ │ ├─memoise 2.0.1 ✨
│ │ │ ├─rlang
│ │ │ └─cachem
│ │ ├─mime
│ │ ├─rlang
│ │ └─sass 0.4.6 ✨
│ │   ├─fs 1.6.2 ✨
│ │   ├─rlang
│ │   ├─htmltools
│ │   ├─R6
│ │   └─rappdirs 0.3.3 ✨
│ ├─cachem
│ ├─ellipsis
│ └─lifecycle 1.0.3 ✨
│   ├─cli 3.6.1 ✨
│   ├─glue
│   └─rlang
├─teal.data=insightsengineering/[email protected] 0.1.2 ✨👷🏻‍♂️🔧
│ ├─shiny
│ ├─checkmate 2.2.0 ✨
│ │ └─backports 1.4.1 ✨
│ ├─digest
│ ├─formatters 0.5.0 ✨
│ │ ├─checkmate
│ │ └─htmltools
│ ├─lifecycle
│ ├─logger 0.2.2 ✨
│ ├─R6
│ ├─rlang
│ ├─shinyjs 2.1.0 ✨
│ │ ├─digest
│ │ ├─jsonlite
│ │ └─shiny
│ ├─teal.logger=insightsengineering/[email protected] 0.1.1 ✨👷🏻‍♂️🔧
│ │ ├─glue
│ │ ├─lifecycle
│ │ ├─logger
│ │ ├─shiny
│ │ └─withr
│ └─yaml 2.3.7 ✨
├─teal.transform=insightsengineering/[email protected] 0.2.0 ✨👷🏻‍♂️🔧
│ ├─magrittr
│ ├─checkmate
│ ├─dplyr 1.1.2 ✨
│ │ ├─cli
│ │ ├─generics 0.1.3 ✨
│ │ ├─glue
│ │ ├─lifecycle
│ │ ├─magrittr
│ │ ├─pillar 1.9.0 ✨
│ │ │ ├─cli
│ │ │ ├─fansi 1.0.4 ✨
│ │ │ ├─glue
│ │ │ ├─lifecycle
│ │ │ ├─rlang
│ │ │ ├─utf8 1.2.3 ✨
│ │ │ └─vctrs 0.6.3 ✨
│ │ │   ├─cli
│ │ │   ├─glue
│ │ │   ├─lifecycle
│ │ │   └─rlang
│ │ ├─R6
│ │ ├─rlang
│ │ ├─tibble 3.2.1 ✨
│ │ │ ├─fansi
│ │ │ ├─lifecycle
│ │ │ ├─magrittr
│ │ │ ├─pillar
│ │ │ ├─pkgconfig 2.0.3 ✨
│ │ │ ├─rlang
│ │ │ └─vctrs
│ │ ├─tidyselect 1.2.0 ✨
│ │ │ ├─cli
│ │ │ ├─glue
│ │ │ ├─lifecycle
│ │ │ ├─rlang
│ │ │ ├─vctrs
│ │ │ └─withr
│ │ └─vctrs
│ ├─formatters
│ ├─lifecycle
│ ├─logger
│ ├─rlang
│ ├─shiny
│ ├─shinyjs
│ ├─teal.code=insightsengineering/[email protected] 0.2.0 ✨👷🏻‍♂️🔧
│ │ ├─checkmate
│ │ ├─crayon
│ │ ├─lifecycle
│ │ ├─R6
│ │ ├─shiny
│ │ ├─styler 1.10.1 ✨
│ │ │ ├─cli
│ │ │ ├─magrittr
│ │ │ ├─purrr 1.0.1 ✨
│ │ │ │ ├─cli
│ │ │ │ ├─lifecycle
│ │ │ │ ├─magrittr
│ │ │ │ ├─rlang
│ │ │ │ └─vctrs
│ │ │ ├─R.cache 0.16.0 ✨
│ │ │ │ ├─R.methodsS3 1.8.2 ✨
│ │ │ │ ├─R.oo 1.25.0 ✨
│ │ │ │ │ └─R.methodsS3
│ │ │ │ ├─R.utils 2.12.2 ✨
│ │ │ │ │ ├─R.oo
│ │ │ │ │ └─R.methodsS3
│ │ │ │ └─digest
│ │ │ ├─rlang
│ │ │ ├─rprojroot 2.0.3 ✨
│ │ │ ├─vctrs
│ │ │ └─withr
│ │ └─teal.widgets=insightsengineering/[email protected] 0.2.0 ✨👷🏻‍♂️🔧
│ │   ├─bslib
│ │   ├─checkmate
│ │   ├─ggplot2 3.4.2 ✨
│ │   │ ├─cli
│ │   │ ├─glue
│ │   │ ├─gtable 0.3.3 ✨
│ │   │ │ ├─cli
│ │   │ │ ├─glue
│ │   │ │ ├─lifecycle
│ │   │ │ └─rlang
│ │   │ ├─isoband 0.2.7 ✨
│ │   │ ├─lifecycle
│ │   │ ├─MASS 7.3-60 
│ │   │ ├─mgcv 1.8-42 
│ │   │ │ ├─nlme 3.1-162 
│ │   │ │ │ └─lattice 0.21-8 
│ │   │ │ └─Matrix 1.5-4.1 
│ │   │ │   └─lattice
│ │   │ ├─rlang
│ │   │ ├─scales 1.2.1 ✨
│ │   │ │ ├─farver 2.1.1 ✨
│ │   │ │ ├─labeling 0.4.2 ✨
│ │   │ │ ├─lifecycle
│ │   │ │ ├─munsell 0.5.0 ✨
│ │   │ │ │ └─colorspace 2.1-0 ✨
│ │   │ │ ├─R6
│ │   │ │ ├─RColorBrewer 1.1-3 ✨
│ │   │ │ ├─rlang
│ │   │ │ └─viridisLite 0.4.2 ✨
│ │   │ ├─tibble
│ │   │ ├─vctrs
│ │   │ └─withr
│ │   ├─htmltools
│ │   ├─lifecycle
│ │   ├─rtables 0.6.1 ✨
│ │   │ ├─formatters
│ │   │ ├─magrittr
│ │   │ └─htmltools
│ │   ├─shiny
│ │   ├─shinyjs
│ │   ├─shinyWidgets 0.7.6 ✨
│ │   │ ├─anytime 0.3.9 ✨
│ │   │ │ └─Rcpp
│ │   │ ├─bslib
│ │   │ ├─sass
│ │   │ ├─shiny
│ │   │ ├─htmltools
│ │   │ ├─jsonlite
│ │   │ └─rlang
│ │   └─styler
│ ├─teal.data=insightsengineering/[email protected]
│ ├─teal.logger=insightsengineering/[email protected]
│ ├─teal.slice=insightsengineering/[email protected] 0.2.0 ✨👷🏻‍♂️🔧
│ │ ├─shiny
│ │ ├─checkmate
│ │ ├─digest
│ │ ├─dplyr
│ │ ├─ggplot2
│ │ ├─lifecycle
│ │ ├─logger
│ │ ├─R6
│ │ ├─shinyjs
│ │ ├─shinyWidgets
│ │ ├─teal.data=insightsengineering/[email protected]
│ │ ├─teal.logger=insightsengineering/[email protected]
│ │ └─teal.widgets=insightsengineering/[email protected]
│ ├─teal.widgets=insightsengineering/[email protected]
│ ├─tidyr 1.3.0 ✨
│ │ ├─cli
│ │ ├─dplyr
│ │ ├─glue
│ │ ├─lifecycle
│ │ ├─magrittr
│ │ ├─purrr
│ │ ├─rlang
│ │ ├─stringr 1.5.0 ✨
│ │ │ ├─cli
│ │ │ ├─glue
│ │ │ ├─lifecycle
│ │ │ ├─magrittr
│ │ │ ├─rlang
│ │ │ ├─stringi 1.7.12 ✨
│ │ │ └─vctrs
│ │ ├─tibble
│ │ ├─tidyselect
│ │ └─vctrs
│ └─tidyselect
├─checkmate
├─lifecycle
├─logger
├─magrittr
├─rlang
├─shinyjs
├─styler
├─teal.code=insightsengineering/[email protected]
├─teal.logger=insightsengineering/[email protected]
├─teal.reporter=insightsengineering/[email protected] 0.1.1 ✨👷🏻‍♂️🔧
│ ├─bslib
│ ├─checkmate
│ ├─knitr 1.43 ✨
│ │ ├─evaluate 0.21 ✨
│ │ ├─highr 0.10 ✨
│ │ │ └─xfun 0.39 ✨
│ │ ├─xfun
│ │ └─yaml
│ ├─lifecycle
│ ├─R6
│ ├─rmarkdown 2.22 ✨
│ │ ├─bslib
│ │ ├─evaluate
│ │ ├─fontawesome
│ │ ├─htmltools
│ │ ├─jquerylib
│ │ ├─jsonlite
│ │ ├─knitr
│ │ ├─stringr
│ │ ├─tinytex 0.45 ✨
│ │ │ └─xfun
│ │ ├─xfun
│ │ └─yaml
│ ├─shiny
│ ├─shinyWidgets
│ ├─yaml
│ └─zip 2.3.0 ✨
├─teal.slice=insightsengineering/[email protected]
├─teal.widgets=insightsengineering/[email protected]
├─bslib
├─covr 3.6.2 ✨
│ ├─digest
│ ├─jsonlite
│ ├─rex 1.2.1 ✨
│ │ └─lazyeval 0.2.2 ✨
│ ├─httr 1.4.6 ✨
│ │ ├─curl 5.0.1 ✨
│ │ ├─jsonlite
│ │ ├─mime
│ │ ├─openssl 2.0.6 ✨
│ │ │ └─askpass 1.1 ✨
│ │ │   └─sys 3.4.2 ✨
│ │ └─R6
│ ├─crayon
│ ├─withr
│ └─yaml
├─dplyr
├─knitr
├─MultiAssayExperiment 1.24.0 ✨
│ ├─SummarizedExperiment 1.28.0 ✨
│ │ ├─MatrixGenerics 1.10.0 ✨
│ │ │ └─matrixStats 1.0.0 ✨
│ │ ├─GenomicRanges 1.50.2 ✨
│ │ │ ├─BiocGenerics 0.44.0 ✨
│ │ │ ├─S4Vectors 0.36.2 ✨
│ │ │ │ └─BiocGenerics
│ │ │ ├─IRanges 2.32.0 ✨
│ │ │ │ ├─BiocGenerics
│ │ │ │ └─S4Vectors
│ │ │ ├─GenomeInfoDb 1.34.9 ✨
│ │ │ │ ├─BiocGenerics
│ │ │ │ ├─S4Vectors
│ │ │ │ ├─IRanges
│ │ │ │ ├─RCurl 1.98-1.12 ✨
│ │ │ │ │ └─bitops 1.0-7 ✨
│ │ │ │ └─GenomeInfoDbData 1.2.9 ✨👷🏻‍♂️
│ │ │ └─XVector 0.38.0 ✨
│ │ │   ├─BiocGenerics
│ │ │   ├─S4Vectors
│ │ │   ├─IRanges
│ │ │   └─zlibbioc 1.44.0 ✨
│ │ ├─Biobase 2.58.0 ✨
│ │ │ └─BiocGenerics
│ │ ├─Matrix
│ │ ├─BiocGenerics
│ │ ├─S4Vectors
│ │ ├─IRanges
│ │ ├─GenomeInfoDb
│ │ └─DelayedArray 0.24.0 ✨
│ │   ├─Matrix
│ │   ├─BiocGenerics
│ │   ├─MatrixGenerics
│ │   ├─S4Vectors
│ │   └─IRanges
│ ├─GenomicRanges
│ ├─BiocBaseUtils 1.0.0 ✨
│ ├─BiocGenerics
│ ├─DelayedArray
│ ├─S4Vectors
│ ├─IRanges
│ ├─Biobase
│ └─tidyr
├─R6
├─scda=insightsengineering/[email protected] 0.1.5 ✨👷🏻‍♂️🔧
├─scda.2022=insightsengineering/[email protected] 0.1.3 ✨👷🏻‍♂️🔧
├─shinyvalidate 0.1.2 ✨
│ ├─shiny
│ ├─htmltools
│ ├─rlang
│ └─glue
├─testthat 3.1.9 ✨
│ ├─brio 1.1.3 ✨
│ ├─callr 3.7.3 ✨
│ │ ├─processx 3.8.1 ✨
│ │ │ ├─ps 1.7.5 ✨
│ │ │ └─R6
│ │ └─R6
│ ├─cli
│ ├─desc 1.4.2 ✨
│ │ ├─cli
│ │ ├─R6
│ │ └─rprojroot
│ ├─digest
│ ├─ellipsis
│ ├─evaluate
│ ├─jsonlite
│ ├─lifecycle
│ ├─magrittr
│ ├─pkgload 1.3.2 ✨
│ │ ├─cli
│ │ ├─crayon
│ │ ├─desc
│ │ ├─fs
│ │ ├─glue
│ │ ├─rlang
│ │ ├─rprojroot
│ │ └─withr
│ ├─praise 1.0.0 ✨
│ ├─processx
│ ├─ps
│ ├─R6
│ ├─rlang
│ ├─waldo 0.5.1 ✨
│ │ ├─cli
│ │ ├─diffobj 0.3.5 ✨
│ │ │ └─crayon
│ │ ├─fansi
│ │ ├─glue
│ │ ├─rematch2 2.1.2 ✨
│ │ │ └─tibble
│ │ ├─rlang
│ │ └─tibble
│ └─withr
├─withr
└─yaml

min_cohorts

r$> x$draw()
deps::/var/folders/m1/hrz0h_ls7gz57rc80tnj41t80000gp/T//RtmpxF0P7B/file120042b154b29 0.13.0.
├─shiny 1.6.0 ✨👷🏾
│ ├─httpuv 1.6.6 ✨👷🏾🔧
│ │ ├─Rcpp 1.0.9 ✨👷🏾🔧
│ │ ├─R6 2.5.0 ✨👷🏾
│ │ ├─promises 1.2.0.1 ✨👷🏾🔧 ⬇ (3.12 MB)
│ │ │ ├─R6
│ │ │ ├─Rcpp
│ │ │ ├─later 1.2.0 ✨👷🏾🔧
│ │ │ │ ├─Rcpp
│ │ │ │ └─rlang 1.1.1 ✨👷🏾🔧 ⬇ (762.53 kB)
│ │ │ ├─rlang
│ │ │ └─magrittr 2.0.1 ✨👷🏾🔧
│ │ └─later
│ ├─mime 0.5 ✨👷🏾🔧
│ ├─jsonlite 1.7.2 ✨👷🏾🔧
│ ├─xtable 1.8-2 ✨👷🏾
│ ├─digest 0.6.27 ✨👷🏾🔧
│ ├─htmltools 0.5.1.1 ✨👷🏾🔧
│ │ ├─digest
│ │ ├─base64enc 0.1-3 ✨👷🏾🔧 ⬇ (7.83 kB)
│ │ └─rlang
│ ├─R6
│ ├─sourcetools 0.1.6 ✨👷🏾🔧
│ ├─later
│ ├─promises
│ ├─crayon 1.3.4 ✨👷🏾
│ ├─rlang
│ ├─fastmap 1.1.0 ✨👷🏾🔧
│ ├─withr 2.5.0 ✨👷🏾 ⬇ (102.09 kB)
│ ├─commonmark 1.7 ✨👷🏾🔧
│ ├─glue 1.6.2 ✨👷🏾🔧 ⬇ (106.51 kB)
│ ├─bslib 0.2.5.1 ✨👷🏾
│ │ ├─htmltools
│ │ ├─jsonlite
│ │ ├─sass 0.4.0 ✨👷🏾🔧
│ │ │ ├─fs 1.5.0 ✨👷🏾🔧
│ │ │ ├─rlang
│ │ │ ├─htmltools
│ │ │ ├─R6
│ │ │ └─rappdirs 0.3.1 ✨👷🏾🔧
│ │ ├─jquerylib 0.1.3 ✨👷🏾
│ │ │ └─htmltools
│ │ ├─rlang
│ │ └─magrittr
│ ├─cachem 1.0.5 ✨👷🏾🔧
│ │ ├─rlang
│ │ └─fastmap
│ ├─ellipsis 0.3.1 ✨👷🏾🔧
│ │ └─rlang
│ └─lifecycle 1.0.3 ✨👷🏾 ⬇ (106.85 kB)
│   ├─cli 3.4.1 ✨👷🏾🔧
│   ├─glue
│   └─rlang
├─teal.data=insightsengineering/[email protected] 0.1.2 ✨👷🏾🔧
│ ├─shiny
│ ├─checkmate 2.1.0 ✨👷🏾🔧
│ │ └─backports 1.1.5 ✨👷🏾🔧
│ ├─digest
│ ├─formatters 0.3.2 ✨👷🏾
│ │ └─htmltools
│ ├─lifecycle
│ ├─logger 0.2.0 ✨👷🏾
│ ├─R6
│ ├─rlang
│ ├─shinyjs 2.1.0 ✨👷🏾 ⬇ (1.02 MB)
│ │ ├─digest
│ │ ├─jsonlite
│ │ └─shiny
│ ├─teal.logger=insightsengineering/[email protected] 0.1.1 ✨👷🏾🔧
│ │ ├─glue
│ │ ├─lifecycle
│ │ ├─logger
│ │ ├─shiny
│ │ └─withr
│ └─yaml 2.3.7 ✨👷🏾🔧 ⬇ (94.33 kB)
├─teal.transform=insightsengineering/[email protected] 0.2.0 ✨👷🏾🔧
│ ├─magrittr
│ ├─checkmate
│ ├─dplyr 1.0.0 ✨👷🏾🔧
│ │ ├─ellipsis
│ │ ├─generics 0.0.2 ✨👷🏾
│ │ ├─glue
│ │ ├─lifecycle
│ │ ├─magrittr
│ │ ├─R6
│ │ ├─rlang
│ │ ├─tibble 3.0.1 ✨👷🏾🔧
│ │ │ ├─cli
│ │ │ ├─crayon
│ │ │ ├─ellipsis
│ │ │ ├─fansi 0.4.1 ✨👷🏾🔧
│ │ │ ├─lifecycle
│ │ │ ├─magrittr
│ │ │ ├─pillar 1.4.4 ✨👷🏾
│ │ │ │ ├─cli
│ │ │ │ ├─crayon
│ │ │ │ ├─fansi
│ │ │ │ ├─rlang
│ │ │ │ ├─utf8 1.1.4 ✨👷🏾🔧
│ │ │ │ └─vctrs 0.6.3 ✨👷🏾🔧 ⬇ (967.34 kB)
│ │ │ │   ├─cli
│ │ │ │   ├─glue
│ │ │ │   ├─lifecycle
│ │ │ │   └─rlang
│ │ │ ├─pkgconfig 2.0.3 ✨👷🏾 ⬇ (6.08 kB)
│ │ │ ├─rlang
│ │ │ └─vctrs
│ │ ├─tidyselect 1.2.0 ✨👷🏾 ⬇ (101.50 kB)
│ │ │ ├─cli
│ │ │ ├─glue
│ │ │ ├─lifecycle
│ │ │ ├─rlang
│ │ │ ├─vctrs
│ │ │ └─withr
│ │ └─vctrs
│ ├─formatters
│ ├─lifecycle
│ ├─logger
│ ├─rlang
│ ├─shiny
│ ├─shinyjs
│ ├─teal.code=insightsengineering/[email protected] 0.2.0 ✨👷🏾🔧
│ │ ├─checkmate
│ │ ├─crayon
│ │ ├─lifecycle
│ │ ├─R6
│ │ ├─shiny
│ │ ├─styler 1.0.0 ✨👷🏾
│ │ │ ├─backports
│ │ │ ├─cli
│ │ │ ├─enc 0.1 ✨👷🏾🔧
│ │ │ ├─magrittr
│ │ │ ├─purrr 1.0.1 ✨👷🏾🔧 ⬇ (220.63 kB)
│ │ │ │ ├─cli
│ │ │ │ ├─lifecycle
│ │ │ │ ├─magrittr
│ │ │ │ ├─rlang
│ │ │ │ └─vctrs
│ │ │ ├─rematch2 2.0.1 ✨👷🏾
│ │ │ │ └─tibble
│ │ │ ├─rlang
│ │ │ ├─rprojroot 1.2 ✨👷🏾
│ │ │ │ └─backports
│ │ │ ├─tibble
│ │ │ └─withr
│ │ └─teal.widgets=insightsengineering/[email protected] 0.2.0 ✨👷🏾🔧
│ │   ├─bslib
│ │   ├─checkmate
│ │   ├─ggplot2 3.3.6 ✨👷🏾
│ │   │ ├─digest
│ │   │ ├─glue
│ │   │ ├─gtable 0.3.1 ✨👷🏾
│ │   │ ├─isoband 0.2.6 ✨👷🏾🔧
│ │   │ ├─MASS 7.3-60 
│ │   │ ├─mgcv 1.8-42 
│ │   │ │ ├─nlme 3.1-162 
│ │   │ │ │ └─lattice 0.21-8 
│ │   │ │ └─Matrix 1.5-4.1 
│ │   │ │   └─lattice
│ │   │ ├─rlang
│ │   │ ├─scales 1.2.1 ✨👷🏾 ⬇ (270.61 kB)
│ │   │ │ ├─farver 2.1.1 ✨👷🏾🔧 ⬇ (1.27 MB)
│ │   │ │ ├─labeling 0.4.2 ✨👷🏾 ⬇ (10.16 kB)
│ │   │ │ ├─lifecycle
│ │   │ │ ├─munsell 0.5.0 ✨👷🏾 ⬇ (182.65 kB)
│ │   │ │ │ └─colorspace 2.0-3 ✨👷🏾🔧
│ │   │ │ ├─R6
│ │   │ │ ├─RColorBrewer 1.1-3 ✨👷🏾 ⬇ (11.64 kB)
│ │   │ │ ├─rlang
│ │   │ │ └─viridisLite 0.4.1 ✨👷🏾
│ │   │ ├─tibble
│ │   │ └─withr
│ │   ├─htmltools
│ │   ├─lifecycle
│ │   ├─rtables 0.5.1 ✨👷🏾
│ │   │ ├─magrittr
│ │   │ ├─formatters
│ │   │ └─htmltools
│ │   ├─shiny
│ │   ├─shinyjs
│ │   ├─shinyWidgets 0.7.4 ✨👷🏾
│ │   │ ├─anytime 0.3.9 ✨👷🏾🔧 ⬇ (348.90 kB)
│ │   │ │ ├─Rcpp
│ │   │ │ └─BH 1.78.0-0 ✨👷🏾
│ │   │ ├─bslib
│ │   │ ├─sass
│ │   │ ├─shiny
│ │   │ ├─htmltools
│ │   │ ├─jsonlite
│ │   │ └─rlang
│ │   └─styler
│ ├─teal.data=insightsengineering/[email protected]
│ ├─teal.logger=insightsengineering/[email protected]
│ ├─teal.slice=insightsengineering/[email protected] 0.2.0 ✨👷🏾🔧
│ │ ├─shiny
│ │ ├─checkmate
│ │ ├─digest
│ │ ├─dplyr
│ │ ├─ggplot2
│ │ ├─lifecycle
│ │ ├─logger
│ │ ├─R6
│ │ ├─shinyjs
│ │ ├─shinyWidgets
│ │ ├─teal.data=insightsengineering/[email protected]
│ │ ├─teal.logger=insightsengineering/[email protected]
│ │ └─teal.widgets=insightsengineering/[email protected]
│ ├─teal.widgets=insightsengineering/[email protected]
│ ├─tidyr 1.2.1 ✨👷🏾🔧
│ │ ├─dplyr
│ │ ├─ellipsis
│ │ ├─glue
│ │ ├─lifecycle
│ │ ├─magrittr
│ │ ├─purrr
│ │ ├─rlang
│ │ ├─tibble
│ │ ├─tidyselect
│ │ ├─vctrs
│ │ └─cpp11 0.4.3 ✨👷🏾 ⬇ (304.53 kB)
│ └─tidyselect
├─checkmate
├─lifecycle
├─logger
├─magrittr
├─rlang
├─shinyjs
├─styler
├─teal.code=insightsengineering/[email protected]
├─teal.logger=insightsengineering/[email protected]
├─teal.reporter=insightsengineering/[email protected] 0.1.1 ✨👷🏾🔧
│ ├─bslib
│ ├─checkmate
│ ├─knitr 1.40 ✨👷🏾
│ │ ├─evaluate 0.20 ✨👷🏾
│ │ ├─highr 0.10 ✨👷🏾 ⬇ (15.08 kB)
│ │ │ └─xfun 0.36 ✨👷🏾🔧
│ │ ├─stringr 1.4.1 ✨👷🏾
│ │ │ ├─glue
│ │ │ ├─magrittr
│ │ │ └─stringi 1.7.12 ✨👷🏾🔧 ⬇ (7.60 MB)
│ │ ├─yaml
│ │ └─xfun
│ ├─lifecycle
│ ├─R6
│ ├─rmarkdown 2.17 ✨👷🏾
│ │ ├─bslib
│ │ ├─evaluate
│ │ ├─htmltools
│ │ ├─jquerylib
│ │ ├─jsonlite
│ │ ├─knitr
│ │ ├─stringr
│ │ ├─tinytex 0.42 ✨👷🏾
│ │ │ └─xfun
│ │ ├─xfun
│ │ └─yaml
│ ├─shiny
│ ├─shinyWidgets
│ ├─yaml
│ └─zip 2.2.1 ✨👷🏾🔧
├─teal.slice=insightsengineering/[email protected]
├─teal.widgets=insightsengineering/[email protected]
├─bslib
├─covr 3.0.0 ✨👷🏾🔧
│ ├─jsonlite
│ ├─rex 1.1.1 ✨👷🏾
│ │ ├─magrittr
│ │ └─lazyeval 0.2.0 ✨👷🏾🔧
│ ├─httr 1.3.1 ✨👷🏾
│ │ ├─jsonlite
│ │ ├─mime
│ │ ├─curl 3.0 ✨👷🏾🔧
│ │ ├─openssl 0.9.7 ✨👷🏾🔧
│ │ └─R6
│ ├─crayon
│ └─withr
├─dplyr
├─knitr
├─MultiAssayExperiment 1.24.0 ✨
│ ├─SummarizedExperiment 1.28.0 ✨
│ │ ├─MatrixGenerics 1.10.0 ✨
│ │ │ └─matrixStats 1.0.0 ✨👷🏾🔧 ⬇ (210.65 kB)
│ │ ├─GenomicRanges 1.50.2 ✨
│ │ │ ├─BiocGenerics 0.44.0 ✨
│ │ │ ├─S4Vectors 0.36.2 ✨
│ │ │ │ └─BiocGenerics
│ │ │ ├─IRanges 2.32.0 ✨
│ │ │ │ ├─BiocGenerics
│ │ │ │ └─S4Vectors
│ │ │ ├─GenomeInfoDb 1.34.9 ✨
│ │ │ │ ├─BiocGenerics
│ │ │ │ ├─S4Vectors
│ │ │ │ ├─IRanges
│ │ │ │ ├─RCurl 1.98-1.12 ✨👷🏾🔧 ⬇ (731.48 kB)
│ │ │ │ │ └─bitops 1.0-7 ✨👷🏾🔧 ⬇ (10.81 kB)
│ │ │ │ └─GenomeInfoDbData 1.2.9 ✨👷🏾
│ │ │ └─XVector 0.38.0 ✨
│ │ │   ├─BiocGenerics
│ │ │   ├─S4Vectors
│ │ │   ├─IRanges
│ │ │   └─zlibbioc 1.44.0 ✨
│ │ ├─Biobase 2.58.0 ✨
│ │ │ └─BiocGenerics
│ │ ├─Matrix
│ │ ├─BiocGenerics
│ │ ├─S4Vectors
│ │ ├─IRanges
│ │ ├─GenomeInfoDb
│ │ └─DelayedArray 0.24.0 ✨
│ │   ├─Matrix
│ │   ├─BiocGenerics
│ │   ├─MatrixGenerics
│ │   ├─S4Vectors
│ │   └─IRanges
│ ├─GenomicRanges
│ ├─BiocBaseUtils 1.0.0 ✨
│ ├─BiocGenerics
│ ├─DelayedArray
│ ├─S4Vectors
│ ├─IRanges
│ ├─Biobase
│ └─tidyr
├─R6
├─scda=insightsengineering/[email protected] 0.1.5 ✨👷🏾🔧
├─scda.2022=insightsengineering/[email protected] 0.1.3 ✨👷🏾🔧
├─shinyvalidate 0.1.0 ✨👷🏾
│ ├─shiny
│ ├─htmltools
│ ├─rlang
│ └─glue
├─testthat 3.1.5 ✨👷🏾🔧
│ ├─brio 1.1.3 ✨👷🏾🔧 ⬇ (12.63 kB)
│ ├─callr 3.7.2 ✨👷🏾
│ │ ├─processx 3.7.0 ✨👷🏾🔧
│ │ │ ├─ps 1.7.1 ✨👷🏾🔧
│ │ │ └─R6
│ │ └─R6
│ ├─cli
│ ├─desc 1.4.2 ✨👷🏾 ⬇ (79.25 kB)
│ │ ├─cli
│ │ ├─R6
│ │ └─rprojroot
│ ├─digest
│ ├─ellipsis
│ ├─evaluate
│ ├─jsonlite
│ ├─lifecycle
│ ├─magrittr
│ ├─pkgload 1.3.0 ✨👷🏾
│ │ ├─cli
│ │ ├─crayon
│ │ ├─desc
│ │ ├─fs
│ │ ├─glue
│ │ ├─rlang
│ │ ├─rprojroot
│ │ └─withr
│ ├─praise 1.0.0 ✨👷🏾 ⬇ (6.10 kB)
│ ├─processx
│ ├─ps
│ ├─R6
│ ├─rlang
│ ├─waldo 0.4.0 ✨👷🏾
│ │ ├─cli
│ │ ├─diffobj 0.3.5 ✨👷🏾🔧 ⬇ (479.28 kB)
│ │ │ └─crayon
│ │ ├─fansi
│ │ ├─glue
│ │ ├─rematch2
│ │ ├─rlang
│ │ └─tibble
│ └─withr
├─withr
└─yaml

[pawelru]

I have pushed a new commit that does the following:

• remove "min_direct" (formerly "min") strategy
• rename "min_cohorts" into "min_isolated" so that it's not confused with "min_cohort".

So the current state is as follows

• max
• release
• min_cohort - find maximum date of directly dependent packages release dates and use that as PPM snapshot date for dependency resolve.
• min_isolated - for each direct dependency: find its release date and use it as PPM snapshot for resolving itself. Next, combine all the individual resolutions and resolve it altogether again.

Both min strategies relies on CRAN PPM snapshots so as to limit the versions of indirect dependencies. The most "correct" strategy is the "min_cohort" where there is only one snapshot used determined by the most recently released direct dependent package. We take all the packages from the whole dependency tree (incl. indirect deps) using the greatest version as of certain date.
The biggest advantage is also its biggest limitation. It's very common that packages are developed in parallel and bumping up dep version to the development version of a package would basically mean to take the rest of dependencies using the greatest version. That makes little value in the context of minimal dependency tests. Moreover, this assumption (that all packages are updated as of given time point) is often not fulfilled and every dependency issues we encountered so far were due to outdated but still completely valid package version.
Because of the above, we have another strategy "min_isolated" where we resolve dependency tree separately (!) for each dependency using above described logic and then combine resolution and solve it once again (using the greatest version if duplicated). This makes it possible to have more messy environment with direct dependent packages from different dates while keeping trying to keep indirect deps to be not newer than its parent direct dep. The latter is actually potential point of failure as technically it is possible that indirect dep will be newer than direct dep. That's true when there is an indirect dependency present in more than one directly dependent package dependency tree. Example: let's say a package imports A (last released on 2021/01/01) and B (last released on 2022/01/01). Both A and B imports package C (released on a monthly basis). Isolated resolve of dependency sub-trees results in A and C as of 2021/01/01 plus another subtree with B and C as of 2022/01/01. Combining those two subtrees results in A as of 2021/01/01 that imports C as of 2022/01/01. This is not guaranteed to be fully compatible. CRAN includes such check (i.e. reverse dependency checks) but only against the most recent versions - so it's not guaranteed that it's covered. Plus also we have non-cran dependencies.

PPM-based strategies makes dependency tree to be always resolvable and there is no need to break encapsulation and collapse the whole dependency tree into the tested package dependency specification. That was probably the biggest drawback of the "min_direct" strategy.

Having said that, I think we need to acknowledge these limitations and move forward with what we have now. Of course we can improve as we go.

[gmbecker]

A few more non-exhaustive comments

[averissimo]

It looks good!

After this PR is merged 2 others should also be merged for the action to use the new strategies (and stops using min)

• Supports new strategies min_isolated and min_cohort r-verdepcheck-action#16
• Update strategies on R min deps check workflow r.pkg.template#175