03.4 Fetch, lock, update
Dependency resolution, Project.lock, frozen builds, and staying reproducible."
Fetch, lock, update
Manifests declare intent. Locks declare what actually happened—so CI and your laptop stop arguing.
The trio
Section titled “The trio”| Command | Role |
|---|---|
fetch | Resolve and materialize dependencies into obj/beskid |
lock | Synchronize Project.lock with current resolution |
update | Refresh resolution and materialized tree when policy allows |
Reference: fetch, lock, update, lockfile guide.
Frozen / locked builds
Section titled “Frozen / locked builds”CI should prefer reproducible resolution:
--frozen— fail if lock would change--locked— enforce lock consistency (see per-command docs for exact semantics)
flowchart LR M[Project.proj] --> R[Resolver] R --> L[Project.lock] R --> O[obj/beskid materialized] L --> CI[CI with --frozen]
When the lock changes
Section titled “When the lock changes”Expect Project.lock updates when:
- You add/remove/retarget dependencies
- Path dependencies move on disk (sometimes)
- Resolver policy or toolchain version changes resolution
Do not .gitignore the lock because “it is generated” unless you enjoy production roulette.
Path-only era (v1)
Section titled “Path-only era (v1)”With source = path as the enabled provider, “version drift” is often literally different folders on disk. Workspaces add shared override policy—chapter 06.