New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lock dependencies #12
Comments
We probably should also aim for defining a formal format for the lockfile in the midterm too so we can ease retaining backwards compatibility when we have to do changes or additions to it. |
Yes, probably. For now it's merely a list of dependencies with either a version requirement or a commit sha1. Maybe we should have them under a |
Yes, that sounds like a good idea. Maybe we should just version the lockfile independently, so if worst comes to worst we can have entirely different codepaths for legacy versions. version: 0.1.0
shards:
- source: ...
version: ... Or so (didn't look at the current version tbh :P) |
Almost: version: x.y.z
shards:
name:
github: url
version: x.y.z
name:
git: url
commit: <sha1> |
Shards is missing a mechanism to lock the state of installed dependencies, so installs could be repeatable, always installing the same exact set of dependencies across developer machines, CI, ...
The format of the lock file is
undecided. I think it should containthe flattened list of dependencies, along with their Git URL and either the version or Git commit (if a git tag/commit/branch refs is specified).The lock file will impact the install command which must abide to the locked versions/refs and do its best to install new dependencies that match. The lock file may be seen as an initial set of requirements for dependencies —yet not be injected as dependencies, which could install removed dependencies.
The update command must not be impacted, but must generate the lock file.
The text was updated successfully, but these errors were encountered: