diff --git a/book/src/dev/continuous-integration.md b/book/src/dev/continuous-integration.md index f422efdf..b769c611 100644 --- a/book/src/dev/continuous-integration.md +++ b/book/src/dev/continuous-integration.md @@ -41,7 +41,7 @@ CI sync jobs near the tip will take different amounts of time as: - the blockchain grows, and - Zebra's checkpoints are updated. -To resolve a CI sync timeout: +To fix a CI sync timeout, follow these steps until the timeouts are fixed: 1. Check for recent PRs that could have caused a performance decrease 2. [Update Zebra's checkpoints](https://github.com/ZcashFoundation/zebra/blob/main/zebra-utils/README.md#zebra-checkpoints) 3. Wait for a full or update sync to finish with the new checkpoints @@ -52,3 +52,25 @@ To resolve a CI sync timeout: 5. If a Rust test fails with "command did not log any matches for the given regex, within the ... timeout": a. If it's the full sync test, [increase the full sync timeout](https://github.com/ZcashFoundation/zebra/commit/9fb87425b76ba3747985ea2f22043ff0276a03bd#diff-8fbc73b0a92a4f48656ffe7d85d55c612c755202dcb7284d8f6742a38a6e9614R367) b. If it's an update sync test, [increase the update sync timeouts](https://github.com/ZcashFoundation/zebra/commit/9fb87425b76ba3747985ea2f22043ff0276a03bd#diff-92f93c26e696014d82c3dc1dbf385c669aa61aa292f44848f52167ab747cb6f6R51) + +### Resolving Duplicate Dependencies in `Check deny.toml bans` + +Zebra's CI checks for duplicate crate dependencies: multiple dependencies on different versions of the same crate. +If a developer or dependabot adds a duplicate dependency, the `Check deny.toml bans` CI job will fail. + +You can view Zebra's entire dependency tree using `cargo tree`. It can also show the active features on each dependency. + +To fix duplicate dependencies, follow these steps until the duplicate dependencies are fixed: +1. Check for updates to the crates mentioned in the `Check deny.toml bans` logs, and try doing them in the same PR. + For an example, see [PR $5009](https://github.com/ZcashFoundation/zebra/pull/5009#issuecomment-1232488943). + a. Check for open dependabot PRs, and + b. Manually check for updates to those crates on https://crates.io . +2. If there are still duplicate dependencies, try removing those dependencies by disabling crate features: + a. Check for features that Zebra activates in its `Cargo.toml` files, and try turning them off, then + b. Try adding `default-features = false` to Zebra's dependencies (see [PR #4082](https://github.com/ZcashFoundation/zebra/pull/4082/files)). +3. If there are still duplicate dependencies, add an exception to [`deny.toml`](https://github.com/ZcashFoundation/zebra/blob/main/deny.toml): + * Prefer exceptions for dependencies that are closer to Zebra in the dependency tree (sometimes this resolves other duplicates as well), + * Add exceptions for the earlier version of duplicate dependencies, not the later version, and + * Add a comment about why the dependency exception is needed: what was the dependency update that caused it? + * For an example, see [PR #4890](https://github.com/ZcashFoundation/zebra/pull/4890/files). +4. Repeat step 3 until the dependency warnings are fixed. Adding a single exception can resolve multiple warnings.