CI: Verify Cargo.lock sync with Cargo.toml without updating dependencies #1470
Description
Context
- From discussion in PR fix(ci): Run Rust workflows only when changes affect Rust code (fixes #1463, resolves #1464); Update Cargo lock file. #1466 (link below). We want to verify that the Rust Cargo.lock file is in sync with Cargo.toml without updating dependencies, to maintain deterministic builds and CI runs.
Problem
- The current "Validate lock files" step in clp-rust-checks may perform an update or otherwise mutate the lockfile, which undermines deterministic behaviour and creates noisy diffs.
Goals
- Determine a reliable, non-mutating way to fail CI when Cargo.lock is out-of-sync with Cargo.toml.
- Keep the step fast and side-effect free.
Ideas to evaluate
- Use "cargo metadata --locked" (fast, no build; fails if the lockfile needs updates).
- Use "cargo check --locked" (compiles; also fails if the lockfile needs updates).
- Use "cargo fetch --locked" (network-only; fails if the lockfile is missing/out-of-date).
- Ensure all workspace members are covered.
Acceptance criteria
- A documented command/script that exits non-zero when Cargo.lock is not in sync with Cargo.toml and never modifies files.
- CI updated to run this command as part of clp-rust-checks.
- Taskfile target (e.g., deps:lock:check-rust) updated accordingly.
- Works for both PRs and direct pushes.
References
- PR: fix(ci): Run Rust workflows only when changes affect Rust code (fixes #1463, resolves #1464); Update Cargo lock file. #1466
- Request comment: fix(ci): Run Rust workflows only when changes affect Rust code (fixes #1463, resolves #1464); Update Cargo lock file. #1466 (comment)
- Related: CI: Rust lock file validation step failing in clp-rust-checks workflow #1463, CI: Skip Rust checks workflow when no Rust-related changes are detected #1464
Metadata
Metadata
Assignees
Labels
No labels