-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SemVer support #193
Comments
If the versions are available as git branches or tags, peru already supports fetching them. For example, this is valid: git module rack:
url: https://github.com/chneukirchen/rack
rev: 1.4.1 In general, whatever you put in git module rack:
url: https://github.com/chneukirchen/rack
reup: 1.4.1
rev: c78d30ae39b437420cc94b62002ccc1ac0337cc7 Since you mentioned tarballs, did you catch the |
The problem is, it will only fetch 1.4.1. What I need is when I speficy |
Yeah, peru (like git) has no notion of semver, or any other way that tags might be related. I could imagine implementing some kind of feature like "extract the latest tag name", but I think that would be error-prone. For example, how does it know to avoid a tag like I think if you've got a project with dependencies that are all in the same package format, like Ruby gems or whatever, it's probably going to be better to use a language-specific tool that understands their versions and their dependency relationships. But tell me more about the problems you're trying to solve. |
The common convention is to name tags as
Composer for example parses a tag name and if it finds
I am looking for a language agnostic dependency manager. It has to support tarballs and git (at least) and version constraints. The reason is that in our company we use a lot of shell, perl and python script to manage our servers. We wrote a lot of libraries and use them in a lot of scripts. We are now constantly fighting to keep the libraries up-to-date inside the projects (up-to-date = only versions that don't contain BC break). Peru would be a great candidate but it has to support this. I've been looking into plugins and I will have to probably extend the git and curl plugins to support this. The downside is as I stated - I will have to deploy the modified plugins in our company. |
Despite (or maybe because of) working on the peru project for so long, I still advise people to consider unifying their repos, especially if they're effectively a single organization working on a lot of related projects. A mono-repo approach makes a lot of these problems disappear. (Though I understand some of the limitations, especially around access permissions and things like that.) If you do want to stick with peru, and you do control all of the repos in question, but you don't want to generally reup from The reason I suggest that is that it lets the repo define its own conventions, so that tooling that already works with git branches doesn't need to know anything more. If you want to define conventions for peru to interpret branch names itself, I worry that it opens up a can of worms. Here are a couple of thoughts.
All of these questions are potentially answerable, but they make me feel like baking this sort of feature into peru would be a big commitment, especially if solutions that don't require special support are also viable. |
Did you check how composer implements this? It doesn't have solve any of the problems you describe, it's all up to the user to specify things. |
Ditto |
A mono-repo model or unified repositories seem preferable, but that's not always possible and I can see the appeal of using SemVer here. I don't think peru should ever attempt to understand SemVer and this should probably be supported within plugins if at all. Assuming we want to support this in some way, I have the following questions and thoughts.
At first glance, I think the answer to [1] and [2] is that these should be separate plugins provided by the peru installation. The configuration required for SemVer could be complex and would likely bloat the plugins we already ship today, creating unnecessary complexity and the possibility for bugs for most users. It could even create incompatibilities with existing fields. I think the semantics are different enough to warrant separate plugins. Shipping them with peru as separate plugins should be relatively harmless for users that don't need this functionality while eliminating difficulty with distribution for the users that do (we can effectively ignore [3]). However, we may want to get a better idea of just how often this is needed. If we think this is a bit too niche, then perhaps a separate source for these plugins could make more sense. Answering [4] may be tricky, as there are a lot of moving parts to consider. Looking to other projects that support some notion of SemVer is a good start. As already mentioned, it should be possible to support different encodings in tags, for example. |
Rust is a good example. Its ecosystem generally uses semver, and the Cargo package manager handles everything very well. I think here's a basic idea, possibly https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#caret-requirements |
I'm getting more interested in this as I think about it over time. I'm busy with other projects right now, but I'd be happy to mentor anyone who wants to try to tackle this. Some scattered thoughts:
|
I think complete opposite. I don't see the reason to program it to every plugin since the logic will be the same. I mean the calculation if version 1.3 passes the rule Honestly, I can't see anyone using any dependency manager without support for semver. Maybe for some small projects (scripts maybe). Once you start using this for some project with frameworks that introduces BC breaks and this project is running in production, you will miss semver support. |
Yeah I agree with this. It probably makes more sense to do it in the core. That means we'll need to design some kind of extension to the plugin protocol described in There's a lot to think about in terms of how the
The first approach will be pretty consistent with what the peru best practices have been so far. But the second approach will be pretty different, and I expect various issues will come up if we try it out. The first one I can think of, is that peru caching functions very similarly to the Cargo lockfile model, except that it's more hidden from the programmer. It might be that the current caching rules are too aggressive or something like that. We'll have to see. |
It's gonna be better to implement it as described in 1). You may change it to default in some future release if people use mainly this option. |
The more I think about this, the more I agree that SemVer support will require some centralized logic. This is especially true when considering I like to leverage the flexibility of the plugin system when possible, but this is probably not a good case for that! I hadn't really considered that this could easily expand beyond a niche git plugin. SemVer is definitely a core feature, not a one-off plugin.
I think option 1 would be the best thing to support and suggest to users. I'm not convinced that SemVer should completely subsume fixed versioning. |
I think a good design will be able to support both use cases at the same time. On the one hand you have projects that commit their |
That would be great. I know you guys are busy but do you have any idea when this could be implemented? Not a specific date but an estimation such as 6 month from now, a year? Thank you |
I'm afraid I don't. I have another project taking up the majority of my time right now, and I think after that ends it's likely I'll have other commitments. The best chance for this feature will be if someone else is willing to take point on it. I'd be happy to be a mentor for it though. |
I've spent several days looking for a language agnostic dependency manager but apart from peru I haven't found anything (maintained and feature rich as peru) so I'd like to try to implement this. I don't have much experience with python on this scale and I will need some guidance. Would you be willing to comment on my future PR @oconnor663 ? |
Absolutely. And let me know if you'd like to do a video chat or something like that beforehand to talk about the design. You can reach me at the same username at Gmail or Keybase. |
4 years later, any progress on this? @Hologos @oconnor663 I would start working on it myself, but sadly I never learned python I guess I could learn python, but is this feature even realistic? Can any one that tried implementing it give some feedback? |
Maybe instead of full semver support: If This would solve alooot of problems! You could specify a version and it gets updated automatically like other package managers... Actual semver support can be added later |
I hadn't had time to implement it when I needed it and moved to other projects where peru wasn't needed anymore. |
Thank you Hologos, i've opened another issue which should be much easier to implement (#233) |
@Hologos out of curiosity – what alternatives to peru are you using? |
Every language has its own dependency manager, for python it's pypi, for php it's composer, for java it's either maven or gradle, etc. |
I'm using peru to download specific vendor files from a repo, here's my use case: https://github.com/Araxeus/Youtube-Volume-Scroll/pull/34/files#diff-d24f12e22334138ae5c51d0d1b1791c3d46577c15ab1b71f2b6777e0d79a415b NPM, for example – doesn't allow downloading a specific file and choosing the output location :) |
Hi,
I just found peru and have played with that a little. I would really love to deploy this to our company but I am missing one key feature. We need the ability to lock modules to a specific version (tag preferably) or better, to be able to specify a constrain for version.
Example
This would fetch only module with version 1.3.*. We need this because our imaginary project is compatible with rack 1.3, not with 1.4 but we still want patches for 1.3. If I
peru reup
, it downloads the most recent version, which is 1.4.1.I know I can write my own plugin (and I probably will for tarballs), but I would really like to use builtin plugins so I wouldn't have to deploy all plugins to all new employees that join our company.
The best option would be to implement something like composer has (and other dependency managers).
The text was updated successfully, but these errors were encountered: