Carton 1.0 at OSCON 2013

Carton 1.0 managing CPAN deps the right way Tatsuhiko Miyagawa
@miyagawa O'Reilly OSCON 2013 Wednesday, July 24, 13

Me • Tatsuhiko Miyagawa • Lives in San Francisco •
{github,twitter,CPAN}/miyagawa Wednesday, July 24, 13

Managing CPAN Dependencies Wednesday, July 24, 13

How many CPAN modules your app depends on? Wednesday, July
24, 13

When is the last time upgrading a CPAN module broke
your app? Wednesday, July 24, 13

Case Study: Web App Development Wednesday, July 24, 13

You’re writing a new web app using as many CPAN
modules. Wednesday, July 24, 13

Get them from CPAN, install on your machine. Wednesday, July
24, 13

john@local> cpanm Web::Framework installed LWP-‐5.912 installed Plack-‐0.9980 installed Web-‐Framework-‐1.10 Wednesday,
July 24, 13

Test it... Wednesday, July 24, 13

Works? Ship it! Wednesday, July 24, 13

What if ... Wednesday, July 24, 13

• Jul 2nd: Started working on project • using Web::Framework
1.1 • Jul 9th: Finished version 1.0 • Jul 10-15th: internal beta, QA • Jul 16th: Deploy to the production Wednesday, July 24, 13

• Jul 2nd: Started working on project • using Web::Framework
1.1 • Jul 9th: Finished version 1.0 • Jul 10-15th: internal beta, QA • Jul 15th: Web::Framework 1.2 is released • Jul 16th: Deploy to the cloud/production Wednesday, July 24, 13

root@prod> cpanm Web::Framework installed LWP-‐5.912 installed Plack-‐0.9980 installed Web-‐Framework-‐1.20 Wednesday,
July 24, 13

Web::Framework 1.2 API changes! Wednesday, July 24, 13

Wednesday, July 24, 13

“Upgrading CPAN modules broke my app” Wednesday, July 24, 13

Dependencies are part of your app. Wednesday, July 24, 13

a solution cpanm 1.6 Wednesday, July 24, 13

> cpanm Web::Framework@1.10 installed Web-‐Framework-‐1.10 Wednesday, July 24, 13

> cpanm Web::Framework~">= 1.0, < 1.2" installed Web-‐Framework-‐1.19 Wednesday, July
24, 13

♥ MetaCPAN Wednesday, July 24, 13

a solution cpanﬁle + cpanm 1.6 Wednesday, July 24, 13

> cat cpanfile requires 'Web::Framework', '== 1.10'; > cpanm -‐-‐installdeps
. installed Web-‐Framework-‐1.10 Wednesday, July 24, 13

cpanfile DSL to describe prereqs Wednesday, July 24, 13

requires 'Catalyst', '5.8000'; recommends 'JSON::XS', '2.0'; on 'test' =>
sub { requires 'Test::More', '>= 0.96' }; on 'develop' => sub { recommends 'Devel::NYTProf'; }; feature 'sqlite' => sub { requires 'DBD::SQLite'; }; Wednesday, July 24, 13

inspired by: gemﬁle(5) Wednesday, July 24, 13

Backward compatible to: Module::Install(::DSL) Wednesday, July 24, 13

Converted to to: CPAN::Meta::Prereqs Wednesday, July 24, 13

Toolset Module::CPANﬁle Module::Install::CPANﬁle Dist::Zilla plugins Wednesday, July 24, 13

Supported by dzil, Milla & cpanm 1.6 Wednesday, July 24,
13

cpanfile + cpanm • Simple • Yet powerful and flexible
way to describe dependencies and version requirements • Version control cpanfile Wednesday, July 24, 13

caveats • Locking each dependency with speciﬁc version is tedious
work • Can only lock direct dependencies • MetaCPAN as SPOF • No easy/reliable way to fallback Wednesday, July 24, 13

Many other solutions Needs servers, Needs databases Too simple, Too
complicated, etc. Wednesday, July 24, 13

the Solution Wednesday, July 24, 13

Carton https://github.com/miyagawa/carton Wednesday, July 24, 13

Inspired by... Wednesday, July 24, 13

Basic idea: Describe CPAN dependencies snapshot tarball pathnames Wednesday, July
24, 13

Built on top of: cpanﬁle + cpanm 1.6 Wednesday, July
24, 13

• App-speciﬁc local environment • Fast and safe install with
caches • Dep-tree analysis, including versions • Freezing module versions • Conservative updates • Easy Redeployment, Rollback • Single-ﬁle, VCS friendly Wednesday, July 24, 13

Local perl environment Using local::lib and cpanm -L Each app
has an isolated local library path Wednesday, July 24, 13

Fast and safe install Saves MYMETA.json and install meta info

Dep tree analysis Rebuild the dependency tree from snapshot Checks
if anything is missing/superﬂuous Wednesday, July 24, 13

Freezing versions Versions are saved in snapshots including dependencies Wednesday,
July 24, 13

Easy Redeployment Reinstall exactly the same set of modules on
another prod/development machines. Wednesday, July 24, 13

Conservative Update Modules won't be upgraded unless it is required,
or manually updated. Wednesday, July 24, 13

Single-ﬁle, VCS friendly You can add cpanﬁle.snapshot to git update
whenever you update modules "Dependencies are part of your app." Wednesday, July 24, 13

Safe and easy rollback revert the lock ﬁle and redeploy

DEMO Wednesday, July 24, 13

Deployment with Carton Wednesday, July 24, 13

@local> carton install @local> git commit cpanfile.snapshot @local> git push
@remote> carton install -‐-‐deployment @remote> carton exec plackup ... Wednesday, July 24, 13

Example: github.com/miyagawa/cpanmetadb-perl capistrano, Server::Starter, carton, plackup (twiggy) Wednesday, July 24,
13

PaaS/Cloud github.com/miyagawa/heroku-buildpack-perl Wednesday, July 24, 13

http://weblog.bulknews.net Wednesday, July 24, 13

Support to come! Dokku, DotCloud, Travis CI, Cloud Foundry etc.

carton 1.0 later this week Wednesday, July 24, 13

> cpanm -‐-‐dev Carton Wednesday, July 24, 13

Towards 1.1 • Inject patched versions (DarkPAN) • Install from
github • bootstrap with fatpack Wednesday, July 24, 13

github.com/miyagawa/carton irc.perl.org #carton Wednesday, July 24, 13

speakerdeck.com /miyagawa Wednesday, July 24, 13

Questions? Wednesday, July 24, 13

Carton 1.0 at OSCON 2013

Carton 1.0 at OSCON 2013

More Decks by Tatsuhiko Miyagawa

Other Decks in Technology

Featured

Transcript