[all OSs] Pin Rust to 1.89.0 due to a 1.90.0 breaking change by erik-bershel · Pull Request #13044 · actions/runner-images

2 min read Original article ↗

Hello!

I'm a co-lead of the Rust infrastructure team. I'm posting as an interested party and semi-officially: I've gotten light agreement but haven't sought a project-wide consensus on this post.

As always, GitHub Actions should do what it thinks is best for its broad range of users, including not updating to the newest version of Rust. However, the Rust project would like to take the opportunity to share our views about this case.

Rust's general policy

The Rust project does not consider new warnings to be breaking changes as warnings do not prevent code from compiling or running. For example, Rust 1.89 introduced a new warning that affected a comparatively large chunk of the ecosystem.

End users may opt-in to converting warnings to errors1, which can cause their code to fail to compile any time a new warning is introduced. To mitigate this, we recommend that projects do one of:

  1. Pin a specific Rust version for these tests. rustup allows people to specify versions in multiple ways.
  2. Not gate their CI pipeline on jobs that convert warnings to errors. Instead, report the failed job in a non-blocking manner.
  3. Be aware that their code may fail to compile whenever a new version of Rust is released.

This specific case

The change introduced in Rust 1.90 causes a new warning to be reported in certain cases. We do not believe that this specific warning will affect many projects, and have no plans to issue a patch release. This warning may receive refinement in future releases of Rust as part of normal development activity.

Going forward

@erik-bershel said:

we intend to buy our users some time with these fixes. We'll return to a stable update model within a month or two, depending on how things develop.

I am curious what tools and techniques you are using to gauge impact in order to make the joint decisions of holding back a specific version and then later reinstating it. Rust uses tools like crater to get an estimate2 of the fallout from given changes. We are always on the hunt for further high-signal information we could incorporate into our decisions to make changes; perhaps we could collaborate on sharing what information GitHub Actions has!

Footnotes

  1. Such as by using the command line flag -D warnings

  2. For example, we don't have visibility into private source code.