From 692c4aa34190a15a9527621d01bc10389d0b08a2 Mon Sep 17 00:00:00 2001
From: teor <teor@riseup.net>
Date: Wed, 31 Aug 2022 15:49:34 +1000
Subject: [PATCH 1/4] Explain how to resolve duplicate dependency warnings

---
 book/src/dev/continuous-integration.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/book/src/dev/continuous-integration.md b/book/src/dev/continuous-integration.md
index f422efdf90e..17454621191 100644
--- a/book/src/dev/continuous-integration.md
+++ b/book/src/dev/continuous-integration.md
@@ -52,3 +52,11 @@ To resolve a CI sync timeout:
 5. If a Rust test fails with "command did not log any matches for the given regex, within the ... timeout":
    a. If it's the full sync test, [increase the full sync timeout](https://github.com/ZcashFoundation/zebra/commit/9fb87425b76ba3747985ea2f22043ff0276a03bd#diff-8fbc73b0a92a4f48656ffe7d85d55c612c755202dcb7284d8f6742a38a6e9614R367)
    b. If it's an update sync test, [increase the update sync timeouts](https://github.com/ZcashFoundation/zebra/commit/9fb87425b76ba3747985ea2f22043ff0276a03bd#diff-92f93c26e696014d82c3dc1dbf385c669aa61aa292f44848f52167ab747cb6f6R51)
+   
+### Resolving Duplicate Dependencies in `cargo deny`
+
+1. Check for other dependency updates that are mentioned in the `cargo deny` logs, and try doing them in the same PR
+2. Add an exception to [`deny.toml`](https://github.com/ZcashFoundation/zebra/blob/main/deny.toml). If possible:
+  a. Choose immediate dependencies of the Zebra crates, sometimes this resolves other duplicates as well
+  b. Choose the earlier version of duplicate dependencies
+  c. Add a comment about why the dependency exception is needed - what was the dependency update that caused it?

From 7bdc03213cc45d9ffb399da3c79670cc66d062b5 Mon Sep 17 00:00:00 2001
From: teor <teor@riseup.net>
Date: Thu, 1 Sep 2022 08:03:11 +1000
Subject: [PATCH 2/4] Explain why the errors happen and add the CI job name

---
 book/src/dev/continuous-integration.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/book/src/dev/continuous-integration.md b/book/src/dev/continuous-integration.md
index 17454621191..fdd871167e5 100644
--- a/book/src/dev/continuous-integration.md
+++ b/book/src/dev/continuous-integration.md
@@ -53,9 +53,13 @@ To resolve a CI sync timeout:
    a. If it's the full sync test, [increase the full sync timeout](https://github.com/ZcashFoundation/zebra/commit/9fb87425b76ba3747985ea2f22043ff0276a03bd#diff-8fbc73b0a92a4f48656ffe7d85d55c612c755202dcb7284d8f6742a38a6e9614R367)
    b. If it's an update sync test, [increase the update sync timeouts](https://github.com/ZcashFoundation/zebra/commit/9fb87425b76ba3747985ea2f22043ff0276a03bd#diff-92f93c26e696014d82c3dc1dbf385c669aa61aa292f44848f52167ab747cb6f6R51)
    
-### Resolving Duplicate Dependencies in `cargo deny`
+### Resolving Duplicate Dependencies in `Check deny.toml bans`
 
-1. Check for other dependency updates that are mentioned in the `cargo deny` logs, and try doing them in the same PR
+Zebra's CI checks for duplicate crate dependencies: multiple dependencies on different versions of the same crate.
+If a developer or dependabot adds a duplicate dependency, the `Check deny.toml bans` CI job will fail.
+
+Here is how you can fix those failures:
+1. Check for other dependency updates that are mentioned in the `Check deny.toml bans` logs, and try doing them in the same PR
 2. Add an exception to [`deny.toml`](https://github.com/ZcashFoundation/zebra/blob/main/deny.toml). If possible:
   a. Choose immediate dependencies of the Zebra crates, sometimes this resolves other duplicates as well
   b. Choose the earlier version of duplicate dependencies

From ba5c2be935027fb547b7bbc3f28d7a9eed86a5ea Mon Sep 17 00:00:00 2001
From: teor <teor@riseup.net>
Date: Thu, 1 Sep 2022 08:13:09 +1000
Subject: [PATCH 3/4] Add extra steps

---
 book/src/dev/continuous-integration.md | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/book/src/dev/continuous-integration.md b/book/src/dev/continuous-integration.md
index fdd871167e5..3d8cd93dc8c 100644
--- a/book/src/dev/continuous-integration.md
+++ b/book/src/dev/continuous-integration.md
@@ -41,7 +41,7 @@ CI sync jobs near the tip will take different amounts of time as:
 - the blockchain grows, and
 - Zebra's checkpoints are updated.
 
-To resolve a CI sync timeout:
+To fix a CI sync timeout, follow these steps until the timeouts are fixed:
 1. Check for recent PRs that could have caused a performance decrease
 2. [Update Zebra's checkpoints](https://github.com/ZcashFoundation/zebra/blob/main/zebra-utils/README.md#zebra-checkpoints)
 3. Wait for a full or update sync to finish with the new checkpoints
@@ -58,9 +58,14 @@ To resolve a CI sync timeout:
 Zebra's CI checks for duplicate crate dependencies: multiple dependencies on different versions of the same crate.
 If a developer or dependabot adds a duplicate dependency, the `Check deny.toml bans` CI job will fail.
 
-Here is how you can fix those failures:
-1. Check for other dependency updates that are mentioned in the `Check deny.toml bans` logs, and try doing them in the same PR
-2. Add an exception to [`deny.toml`](https://github.com/ZcashFoundation/zebra/blob/main/deny.toml). If possible:
-  a. Choose immediate dependencies of the Zebra crates, sometimes this resolves other duplicates as well
-  b. Choose the earlier version of duplicate dependencies
-  c. Add a comment about why the dependency exception is needed - what was the dependency update that caused it?
+To fix duplicate dependencies, follow these steps until the duplicate dependencies are fixed:
+1. Check for updates to the crates mentioned in the `Check deny.toml bans` logs, and try doing them in the same PR:
+  a. Check for open dependabot PRs
+  b. Manually check for updates to those crates on https://crates.io
+2. If there are still duplicate dependencies, try removing those dependencies by disabling crate features:
+  a. Check for features that Zebra activates, and try turning them off
+  b. Try `default-features = false`
+3. If there are still duplicate dependencies, add an exception to [`deny.toml`](https://github.com/ZcashFoundation/zebra/blob/main/deny.toml):
+  a. Add exceptions for direct dependencies of the Zebra crates (sometimes this resolves other duplicates as well)
+  b. Add exceptions for the earlier version of duplicate dependencies, not the later version
+  c. Add a comment about why the dependency exception is needed: what was the dependency update that caused it?

From d317ef5e474d9b62d45961a0201f9528b5bb3de2 Mon Sep 17 00:00:00 2001
From: teor <teor@riseup.net>
Date: Thu, 1 Sep 2022 08:27:58 +1000
Subject: [PATCH 4/4] Add some examples, tools, and extra steps

---
 book/src/dev/continuous-integration.md | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/book/src/dev/continuous-integration.md b/book/src/dev/continuous-integration.md
index 3d8cd93dc8c..b769c6112f3 100644
--- a/book/src/dev/continuous-integration.md
+++ b/book/src/dev/continuous-integration.md
@@ -58,14 +58,19 @@ To fix a CI sync timeout, follow these steps until the timeouts are fixed:
 Zebra's CI checks for duplicate crate dependencies: multiple dependencies on different versions of the same crate.
 If a developer or dependabot adds a duplicate dependency, the `Check deny.toml bans` CI job will fail.
 
+You can view Zebra's entire dependency tree using `cargo tree`. It can also show the active features on each dependency.
+
 To fix duplicate dependencies, follow these steps until the duplicate dependencies are fixed:
-1. Check for updates to the crates mentioned in the `Check deny.toml bans` logs, and try doing them in the same PR:
-  a. Check for open dependabot PRs
-  b. Manually check for updates to those crates on https://crates.io
+1. Check for updates to the crates mentioned in the `Check deny.toml bans` logs, and try doing them in the same PR.
+   For an example, see [PR $5009](https://github.com/ZcashFoundation/zebra/pull/5009#issuecomment-1232488943).
+  a. Check for open dependabot PRs, and
+  b. Manually check for updates to those crates on https://crates.io .
 2. If there are still duplicate dependencies, try removing those dependencies by disabling crate features:
-  a. Check for features that Zebra activates, and try turning them off
-  b. Try `default-features = false`
+  a. Check for features that Zebra activates in its `Cargo.toml` files, and try turning them off, then
+  b. Try adding `default-features = false` to Zebra's dependencies (see [PR #4082](https://github.com/ZcashFoundation/zebra/pull/4082/files)).
 3. If there are still duplicate dependencies, add an exception to [`deny.toml`](https://github.com/ZcashFoundation/zebra/blob/main/deny.toml):
-  a. Add exceptions for direct dependencies of the Zebra crates (sometimes this resolves other duplicates as well)
-  b. Add exceptions for the earlier version of duplicate dependencies, not the later version
-  c. Add a comment about why the dependency exception is needed: what was the dependency update that caused it?
+  * Prefer exceptions for dependencies that are closer to Zebra in the dependency tree (sometimes this resolves other duplicates as well),
+  * Add exceptions for the earlier version of duplicate dependencies, not the later version, and
+  * Add a comment about why the dependency exception is needed: what was the dependency update that caused it?
+  * For an example, see [PR #4890](https://github.com/ZcashFoundation/zebra/pull/4890/files).
+4. Repeat step 3 until the dependency warnings are fixed. Adding a single exception can resolve multiple warnings.