-
-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement option to yank/blacklist a release. #726
Conversation
Some questions: ["0.1.0"]
git-tree-sha1 = "..."
["0.2.0"]
git-tree-sha1 = "..."
yanked = true which is also backward compatible.
|
|
Exactly the same as if the yanked version was not in the registry? |
What should happen if |
Probably wouldn't allow yanking that release in that case. |
So that should be checked on registry CI then. |
In some cases, wouldn't you want to break the code if it has been blacklisted (i.e. if the code was malicious?) |
Triage: In favor, but recorded in the registry as #726 (comment) rather than fredrikekre/Registry@97919d3 |
bors try |
Should be good to go now, but would be good if someone could review the calls to |
tryBuild failed |
bors try |
tryBuild succeeded |
src/Operations.jl
Outdated
@@ -77,7 +80,7 @@ end | |||
function set_maximum_version_registry!(env::EnvCache, pkg::PackageSpec) | |||
pkgversions = Set{VersionNumber}() | |||
for path in registered_paths(env, pkg.uuid) | |||
pathvers = keys(load_versions(path)) | |||
pathvers = keys(load_versions(path; include_yanked = true)) # ?? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably false
here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, what does this do? So we can add a test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is for backward compatibility with 0.6 stuff so not sure we need to add a test really. It just sets the version to the maximum one in the registry, only used when no Project file is present.
I wonder whether we should have this |
We need to collect yanked versions when instantiating a Manifest (I think). |
... but maybe we can go look directly for the tree hash instead of first collecting all versions |
If it complicates things not having it, keeping is fine, I was just wondering about it. |
bors try |
tryBuild succeeded |
Let's leave it there for now, can be revisited. bors r+ |
726: Implement option to yank/blacklist a release. r=fredrikekre a=fredrikekre Implement support for yanking versions in a package registry. 938: better error message when we cant find uuid in manifest r=fredrikekre a=KristofferC This should not really happen but it seems to happen anyway, so at least give a better error message for it. Co-authored-by: Fredrik Ekre <ekrefredrik@gmail.com> Co-authored-by: Kristoffer Carlsson <kcarlsson89@gmail.com>
Implement support for yanking versions in a package registry.
Very WIP, but this allows us to blacklist releases on the registry level. They can not be installed, but they can still be used, and you can
instantiate
aProject.toml
+Manifest.toml
with it, so it should not break working code. Here https://github.com/fredrikekre/Registry/blob/97919d39c95a3d917ea3b69e78aad68c7c02bf7c/I/ImportMacros/Versions.toml I have blacklisted version 0.2.0 of ImportMacros, and consequently:installs version 0.1.0. But we can
instantiate
aManifest.toml
with version 0.2.0 in it:fix #355