zig fetch: resolve branch/tag names to commit SHA
#19349
Conversation
|
I'm not too familiar with
The current behavior informs the user when the remote was modified, which I think would be valid for use cases always wanting the newest commit (f.e. to be informed of bugfixes and safety/security patches upstream). The naming
|
|
Considering how zig package manager works, I think this behavior should be the default. Update checking / security vuln checking should be a separate tool or pass imo. |
I'm inclined to agree. The package manager expects that the contend pointed to by the
This may work fine in a top-level application, but what happens if this is in a library with transitive dependencies? Consider three projects
In order to support updating/scanning we would have to preserve the original name of the branch/tag in addition to the latest commit. For example, running the command .@"def" = .{
.url = "git+https://github.com/abc/def#123403399058fd83f7fbb597f3f8304007ff6a3c",
.refspec = "master",
.hash = "...",
},Where |
|
Since the git url already has special syntax, another option would be to use query parameters to encode more information for example. |
Stores the original ref as a query parameter in the URL so that it is possible to automatically check the upstream if there are any newer commits. Also adds a flag which opts-out of the new behaivour, restoring the old.
That's a nice solution! I updated the PR:
|
|
Nice work! |
|
Reverted in 6ca4ed5. When I went to fix the compile errors, I noticed a bunch more problems that I didn't see the first time around and I will now do a post-hoc review. |
There was a problem hiding this comment.
The idea is good, thanks for working on it.
The implementation needs to be updated to the latest master branch (merging it caused compile errors due to changes in the std.Uri API since this PR was opened).
Also there is one more thing to consider: URLs that use git tags. Those should probably be preserved by default. If the git tag is modified such that the package now has a different set of files, that should probably trigger a hash mismatch failure.
| var save: union(enum) { no, yes, name: []const u8 } = .no; | ||
| var preserve_url: bool = false; |
There was a problem hiding this comment.
This needs to be incorporated into the type of save. I think a better set of flags would be --save-exact and --save-exact=[name].
| if (fetch.latest_commit) |*latest_commit| { | ||
| var uri = try std.Uri.parse(path_or_url); | ||
| const target_ref = uri.fragment orelse ""; | ||
| if (!std.mem.eql(u8, target_ref, latest_commit)) { | ||
| std.log.info("resolved ref '{s}' to commit {s}", .{ | ||
| target_ref, | ||
| std.fmt.fmtSliceHexLower(latest_commit), | ||
| }); | ||
|
|
||
| if (!preserve_url) { | ||
| if (target_ref.len != 0) { |
There was a problem hiding this comment.
Too much nesting. Give the block a label and use break statements.
Don't use string length 0 to mean null.
| var query = try std.ArrayList(u8).initCapacity(arena, 4 + target_ref.len); | ||
| try std.Uri.writeEscapedQuery(query.writer(), "ref="); | ||
| try std.Uri.writeEscapedQuery(query.writer(), target_ref); | ||
| uri.query = try query.toOwnedSlice(); |
There was a problem hiding this comment.
std.Uri.Component supports format() so you can instead do something like this:
std.fmt.allocPrint(arena, "ref={}", .{target_ref}
…commit"" This reverts commit 6ca4ed5.
4 participants
When adding a dependency using
zig fetch --saveI usually just want the latest thing on themaster/mainbranch. However, when runningzig fetch --save git+https://github/abc/def#masterthis gets saved verbatim inbuild.zig.zon:Now, when compiling this in the future, the branch may point to another commit, leading to a hash-mismatch.
Old Proposal
Old Proposal
This PR adds the new flag
--resolve-committozig fetchwhich instead saves whatever commit the refspec points at instead:Naming
I'm open to other names for this flag. Some alternatives I've come up with:
--save-commit--latestOpen Questions
Are there any drawbacks to making this the default behavior and instead add a flag to restore the old behaviour?
New Proposal
This PR makes it so that
zig fetch --save <URI>#<ref>now replaces the<ref>with the commit SHA inbuild.zig.zon. The old<ref>is moved to a query parameter?ref=<ref>so that automated tooling still can check for changes upstream. See the discussion below for the rationale behind this decision. The example above would now become:It is possible to restore the old behavior by adding the
--preserve-urlflag to thezig fetchinvocation. This saves the URL verbatim tobuild.zig.zon.