Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add reup-tag option to git plugin #234

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add reup-tag option to git plugin #234

wants to merge 3 commits into from

Conversation

Araxeus
Copy link

@Araxeus Araxeus commented Feb 17, 2023
edited

Specifying reup-tag: true will cause peru reup to update the rev to the latest Tag instead of the latest Commit Hash

This allows 2 things that I can think of:

  1. Dependency version readability – instead of some random hash, it's an actual version number you can easily find the source to.
  2. Avoid fetching unreleased code – sometimes the main branch isn't stable, and only tags are

fix #233 and #193 (comment)

Note

  • This is my first time writing any code in Python, so please excuse me if I made some mistake
  • Added the install/uninstall to Makefile because I wasted a lot of time figuring out how to test it locally 😅

Araxeus added a commit to Araxeus/Youtube-Volume-Scroll that referenced this pull request Feb 17, 2023
@Araxeus
use buildinspace/peru#234
55264a1
@Araxeus Araxeus changed the title add fetch-tags option to git plugin Add reup-tag option to git plugin Feb 17, 2023
@Araxeus Araxeus mentioned this pull request Feb 17, 2023
Open
@oconnor663
Copy link
Member

oconnor663 commented Mar 2, 2023
edited

One downside of using tags instead of commit hashes is that tags aren't truly immutable. You need to run git tag --delete if you want to change a tag, which isn't a common thing to do, but I'll admit to doing it occasionally when I screw up one of my releases :) Peru wants to make some modest security guarantees about how peru.yaml uniquely defines a tree of files, and that relies on rev generally pointing to a real commit hash. (Questions about SHA-1 collisions and git commits aside.)

@Araxeus
Copy link
Author

Araxeus commented Mar 2, 2023

I see how it's not truly immutable, but nowadays a lot of repo's have verifiable github actions that automatically build, tag, and release

This feature is optional, you can enable it only for repo's you trust

And also you could just manually input tag versions in your peru.yml then run peru sync to get the same result

Questions about SHA-1 collisions and git commits aside.

What do you mean? Doesn't git just pull the specified rev?

@Araxeus
Copy link
Author

Araxeus commented Apr 2, 2023

Well I got tired of waiting so I coded an alternative to peru

https://github.com/Araxeus/vendorfiles

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

on reup update rev with latest tag if rev is a tag
2 participants
@Araxeus @oconnor663