Passthrough --locked on contract build

[willemneal]

What

Add the option to pass "--locked" to cargo rustc. This ensures that the deps found in the lockfile won't be updated.

Why

Compiling contracts should be as deterministic as possible. While this won't ensure that the final wasm binary is the same it will ensure that the deps used remain the same.

Known limitations

[TODO or N/A]

[Copilot]

Pull request overview

Ensures contract compilation uses dependency resolution strictly from Cargo.lock by adding Cargo’s --frozen flag to the cargo rustc invocation.

Changes:

• Add --frozen to cargo rustc for deterministic dependency usage during contract builds.

[willemneal]

Hmm I didn't know that --locked prevented the creation of a Cargo.lock. I will change it so that it is an option.

[leighmcculloch]

@willemneal Could you open an issue with the problem you're experiencing, with an example? It sounds like there's a problem you're coming up against that isn't clearly captured here, and this may be one solution to it.

[leighmcculloch]

Generally this seems like it would discourage use of stellar contract build during development, which is a problem because stellar contract build is intended as a drop in for cargo build, and so their behaviours are intended to be as similar as possible. Look forward to seeing the issue and hearing more about the problem so we can hopefully find more solutions.

Sorry, just reviewed casually but it looks like Leigh has concerns.

[leighmcculloch]

Looks good to me. I think when I last left comments there was a race condition from when I started looking at the PR to submitting my comment, and the changes, because originally this PR I thought made all builds locked.

It looks like the PR exposes and passes through the --locked option, which is standard on cargo build and so good to surface here 👍🏻.

Thanks!

Tip: Opening issues first helps everyone better understand the problem being solved.