ensure: always write vendor even if not empty

[bradleyfalzon]

What does this do / why do we need it?

If the vendor directory already exists, and the lock file hasn't
changed, even though a project may be missing from the vendor
directory, dep ensure would not add the dependency to the vendor
folder.

If the project is in the vendor folder, but it has been modified
(no longer in sync with lock file), ensure would not replace the
dependency in the vendor folder.

This change causes dep ensure to run anytime there's a solution,
regardless of the state vendor folder is in, erring on the side
of replacing vendor without checking existing state which is the
most correct behaviour given the ensure intention.

Future optimisations may want to check and verify the contents of
the vendor folder before blinding replacing it.

What should your reviewer look out for in this PR?

Check the original issue #883, and then my initial proposal PR in #884, sdboyer then gave this solution a tentative OK in #883 (comment)

Do you need help or clarification on anything?

Edge cases, or any thoughts where this might be a bad idea. Such as if we've ever recommended doing in place edits to vendor directory.

No tests are included, as this is pretty critical behaviour, I presume an integration test or similar would be in order?

Which issue(s) does this PR fix?

Fixes #883.

[sdboyer]

yeah, i think i'm good with this - @ibrasho, does this seem sane to you? obviously this is going to mean slowdowns from all the extra writes, but can you think of any actual side effects?

[bradleyfalzon]

I had been thinking about the slow downs, but dep ensure is a pretty deliberate action, I think users would be 100% OK with this.

But my main issue was dep ensure wasn't adding dependencies when they didn't exist, due to my workflow documented in README - we could implement the previous PR which only rebuilt vendor when the dependency was missing?

[sdboyer]

@bradleyfalzon oh no, no, i also think this is the right, safest solution for now, and that that's where need to start. i was just trying to draw @ibrasho's attention to some of the relevant considerations, here 😄

[ibrasho]

Can't think of anything wrong with this atm.

Only nit is that the solution != nil check is useless (always true), since this function will return before this check if solution is nil anyway. But there is no harm is keeping in case the Solve method behavior changed.

[bradleyfalzon]

Only nit is that the solution != nil check is useless (always true)

I agree @ibrasho, the docs suggests this too:

// Solve initiates a solving run. It will either complete successfully with
// a Solution, or fail with an informative error.

I think we should then remove the if block entirely.

[bradleyfalzon]

I've amended the commit, @ibrasho can you review again?

[ibrasho]

I'm good with this atm. 😁

@sdboyer I'm not sure where vendor verification is going to be triggered and how it affects the SafeWriter.writeVendor flag?

[sdboyer]

@sdboyer I'm not sure where vendor verification is going to be triggered and how it affects the SafeWriter.writeVendor flag?

once we have verification in place, we'll need to rewrite a few things, possibly including that flag. verification is likely to be at a different level, though, as verification will be on a per-project basis, not the whole vendor dir.

[sdboyer]

yep, i think we're good. in we go - thanks, @bradleyfalzon! 🎉