refactor(git): drop git2/libgit2 — full gix migration#487
Merged
Conversation
BryanFRD
force-pushed
the
feat/gix-full-migration
branch
from
71981da to
a8176fe
Compare
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Benchmark
Details
| Benchmark suite | Current: 26f3a98 | Previous: 0b5fe57 | Ratio |
|---|---|---|---|
changelog/build_50 |
7549 ns/iter (± 228) |
7955 ns/iter (± 147) |
0.95 |
changelog/build_500 |
68331 ns/iter (± 1986) |
68596 ns/iter (± 1303) |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
BryanFRD
force-pushed
the
feat/gix-full-migration
branch
2 times, most recently
from
cfc88fa to
33a14dd
Compare
BryanFRD
changed the title
BryanFRD
force-pushed
the
feat/gix-full-migration
branch
from
33a14dd to
91ce5e5
Compare
Removes the git2 dependency entirely. The cli feature now uses gix for all local repository operations (tag enumeration, commit walks, tree diffs, object lookups) and shells out to the user's installed git CLI for network operations (push, fetch, ls-remote) and write operations (commit, tag, branch creation, checkout, reset). This is the same hybrid strategy cargo uses. Why shell out for network and writes: - gix-protocol exists but its API surface is genuinely complex and the blocking-network-client feature pulls reqwest + a large transport stack. We were already shelling out for push tags (#459) and the credential-helper path requires shell-out anyway. - Writes through gix (create_commit, create_tag, create_branch) require hand-rolling index manipulation, tree writing, and ref edits. git's porcelain handles all the edge cases for free. - Diff via gix needs the blob-diff feature which pulls in gix-diff, gix-filter, gix-traverse - heavy for our use case (just list paths that changed). git diff-tree / git ls-tree is a one-liner. What gix is used for (the perf-sensitive read paths): - collect_all_tags, find_last_tag, find_highest_semver_tag, TagIndex (the hot path for monorepo tag scanning) - get_commits_since_oid (revwalk) - open_repo, get_repo_root, resolve_current_branch - find_object, find_commit, find_tree for tag-to-commit resolution - repo.references().tags() for tag iteration Auth path: - For shell-out calls (git push/fetch/ls-remote): inline credential helper via -c credential.helper config (no token in argv, no token in URL). - FERRFLOW_TOKEN / GITHUB_TOKEN / GITLAB_TOKEN env vars unchanged. Tests + benches: - Shell-out helpers in lib.rs::test_utils and main.rs::test_utils (git init/add/commit/tag) replace the git2-based fixture functions. - benches/ferrflow_benchmarks.rs uses the same shell-out fixture pattern; bench measurements stay comparable. - The fetch_and_rebase and reset_branch_to_remote integration tests (which set up two repos + a bare remote) were rewritten with shell-out — same scenarios, same assertions. - 512 lib tests pass, 614 bin tests pass, cargo clippy -D warnings clean. Cargo.lock no longer contains git2, libgit2-sys, or openssl-src. Also fixes two long-standing Publish workflow failures: - ferrflow-wasm: wasm-pack's bundled wasm-opt fails on the new compiler output. Disable it via [package.metadata.wasm-pack.profile.release]. - npm scope rename: @ferrflow/* -> @ferrlabs/ferrflow-* (platforms), ferrflow -> @ferrlabs/ferrflow (wrapper), and @ferrflow/wasm -> @ferrlabs/ferrflow-wasm. The old @FerrFlow user scope wasn't writable by the bot token; the @FerrLabs org scope is. The breaking-change marker (!) is dropped: v5.0.0 already shipped via #486 (the auth refactor) which is the SemVer-breaking piece of this work for downstream embedders of ferrflow::git::auth. This follow-up is a pure refactor with no public API change.
BryanFRD
force-pushed
the
feat/gix-full-migration
branch
from
91ce5e5 to
26f3a98
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #479
Summary
cargo treeconfirms zero git2/libgit2-sys/openssl-src crates in the lockfile.What runs through gix
The perf-sensitive read paths:
collect_all_tags,find_last_tag,find_highest_semver_tag,TagIndex(the monorepo hot path)get_commits_since_oid(revwalk viarepo.rev_walk(...).sorting(ByCommitTime(NewestFirst)))open_repo,get_repo_root,resolve_current_branchfind_object,find_commit,find_treefor tag-to-commit resolutionrepo.references().tags()for tag enumerationWhat shells out to git
git push,git fetch,git ls-remote— already partially shell-out (fix(release): make push_tags idempotent against pre-existing remote tags #459), now uniformly so.git add,git commit,git tag -a,git branch,git update-ref,git checkout,git reset --hard— the porcelain handles edge cases (file modes, .gitignore, hooks, line endings) for free.git diff-tree --name-only/git ls-tree -r --name-only. Avoids the gixblob-difffeature which pulls gix-diff + gix-filter for the same one-line result.Auth (the user constraint)
No token is ever embedded in the URL or appears in process argv. The shell-out path uses an inline
-c credential.helper='!f() { echo username=...; echo password=...; }; f'config so the token reaches git via stdin only.FERRFLOW_TOKEN/GITHUB_TOKEN/GITLAB_TOKENenv-var contract is unchanged.Tests
lib.rs::test_utilsandmain.rs::test_utilsprovide shell-out fixture helpers (init_repo_at,commit_file,git,git_with_env).fetch_and_rebaseandreset_branch_to_remoteintegration tests (two repos + a bare remote, simulating concurrent push) rewritten with shell-out — same scenarios, same assertions.credentials_callbacktests dropped (function deleted with git2);token_for_url+configure_git_commandtests cover the equivalent surface.benches/ferrflow_benchmarks.rsfixture rewritten with the same shell-out pattern — bench numbers stay comparable across the migration.Test plan
cargo clippy --features cli -- -D warningscleancargo build --benches --features clicompilescargo build --release --features cliproduces working binary