Integration with a registry site #283
Comments
watzon
changed the title
|
Hi @watzon, there is also https://crystalshards.xyz/ (which is a fork of https://crystalshards.herokuapp.com/) listed in https://crystal-lang.org/community/ . I don't think you are pushing any boundaries here. I hope the site is written in Crystal 😎 . |
|
I know about crystslshards, but my goal with this is twofold. I want a centralized registry where we can keep track of shards with individual names, keep track of metrics such as downloads, etc and do it in such a way that it can be easily integrated directly into shards without requiring any real infrastructure changes. The benefit of this is
Also yes, it's definitely written in Crystal. Using Lucky. |
from people who happen to not have boycotted the project. What do I see:
|
|
I just had a thought, perhaps such a system could work without any change to shard.yml files but just by adding telemetry to shards project, but keep using the URL as the unique identifier (which is what it literally is) |
|
@oprypin I feel like there's a couple more upsides:
What do you mean by adding telemetry to the shards project? |
What does that even mean?
You can put any needed metadata into text / yaml files.
How exactly?
= Whenever This is specifically to keep track of download count, because I think it's the only problem of the ones listed here that can't be solved with the approach taken by https://crystalshards.xyz |
|
And if you wanted to instead just make a "better crystalshards", that would be very nice. |
With crystalshards' fuzzing approach not all the "shards" are actual shards. Other repos get listed just because they give the appearance of being a shard. I'm not saying that a lot of this stuff can't be done with shards and a completely decentralized approach, but this isn't really an attempt to completely centralize shards either. I'm not advocating that we get rid of github/gitlab integration, but just that another provider be added. One that could provide valuable statistics about shards, and one that could allow for organizations to create private shards (which would use the github api to link to private repos). Getting private organizations interested could equal sponsorships which would in turn mean more funding for the development of Crystal. But that's long term goals. Obviously Crystal has to hit v1 before most organizations will even consider touching it. |
|
Also tbh it doesn't really necessitate any changes to how |
Well yeah, that may indeed be a problem with it. Just one small problem, though. Could instead just try to mitigate it.
I suppose it doesn't, yeah. Just that this was presented as the main part of this project.
This can be done without a new provider though |
|
If we want a central repository without having to host something we could do what Julia does: https://github.com/JuliaRegistries/General Basically, have a YAML or JSON file in one github repository with all the registry. The repo seems to also record dependencies of each package. Then Just an idea. |
|
Rust does something similar: https://github.com/rust-lang/crates.io-index In comparison to Julia, instead of a couple of files for a package, it has a single file with JSON serialized forms of their ex: https://github.com/rust-lang/crates.io-index/blob/master/se/re/serenity |
|
I really like this project where is it deployed? I love the idea of decentralized repositories and feel like npm is a great example of the downsides of centralization. However I think this project would be a great place for searching, evaluated information of shards, and the thing I want most tagging and discoverability. I would love to see features "more like this" and "plugins here". |
|
@wontruefree currently it's in a private repo and not hosted yet as I've still got a lot of work to do. I'll take a look at those videos though and maybe that will influence my thinking a bit. |
|
The common ground from this discussion seems to be a centralized search like crystalshards with a package registry that's not reliant on github and shows additional statistics with build status. Goals:
This can be accomplished by:
Did I miss anything? |
|
@didactic-drunk seems about right |
|
Private shards are already supported using I'm strongly against telemetry. It's always totally irrelevant to the actual app, and a privacy issue. I won't add any calls to report downloads to some external website, be it the shards index. Not gonna happen. I don't think we need a registry. If decentralised, you must download the whole database locally, which means you must download it all (it can grow big) with the whole history (updating a shallow clone doesn't work well on github) then have to keep it updated... For private shards, you suddenly need to setup a private registry (not nice) or Shards must now deal with different ways to build its dependency graph (increased complexity). The benefit, thought, is that Shards could ask the registry for the dependency graph, but then the registry must build it, for everyone, all the time, which can consume lost of server resources, and... what if the registry fails? That being said, your registry looks nice. Having a central place to search for shards, with published shards by their author (not scrapped), that would display the README, the available versions with their release date, the list of required dependencies, the dependent shards, all tightly coupled with GitHub (so it's updated when a tag is created) and others, would be very nice. Add a tiny API to search for shards, and one to get infos on a shard, and I'll gladly integrate them as |
|
Note that a registry must only ever contain libraries released by their authors. Having a repository with a shard.yml for an experiment (just for fun) is totally different from publishing a library to be used by others. |
I agree 100%. That's one of my issues with the crystalshards approach. Don't get me wrong, I love it and use it all the time, but it is full of "shards" that aren't really shards. |
|
But then you might never get the critical mass of repos in your registry |
|
@oprypin you mean like NPM? Lol |
|
No, "critical mass" doesn't mean "too many", it means "enough" - enough not to languish from the get-go, because who needs a registry that doesn't have any packages that one would be looking for. That becomes a negative feedback loop. |
|
Talking about this
Nim language got a central registry early on and even they couldn't afford to be that strict. Instead they allowed anyone to register a package but have a reviewer to check if it makes sense |
|
Well here's my idea to prevent that. Every shard that is registered must have a release associated with it, that is the only real requirement. That and names must be unique. I'll have a job that runs automatically every so often and scours Github for crystal repositories and then creates a shard record for each unique repo that:
Then people will have the ability to connect their github account and claim the shards as theirs if they want to. This way I can avoid indexing small projects, but still build up a large collection very quickly. |
|
I personally hope for a registry in which claiming shards would not be typically necessary. But if there is such a feature, you'd need to support not just github. |
|
@oprypin that's not a bad idea. I do want to have it search Gitlab and BitBucket in the future as well, but only Github will be supported initially as that is the one I have an API wrapper for. The nice thing about this approach is that claiming would be optional. |
|
I'd like to add 2 optional pieces that are not requirements but my own personal pet peeves of missing functions.
|
|
@didactic-drunk if you want to share your code for the reverse dependency list I'd love to see it. I do have something like that planned. I also want to implement badges for various things and maybe do some kind of ranking system like they do with https://pub.dev. |
|
With the current set of features "owning" a repository on github may not be necessary. Can the entire site function via data scraping and telemetry? Perhaps user signups are only needed for 3rd party providers. Even then you could probably have a submit URL for inclusion page that starts scraping the repository regardless of who owns it. Delisting or special commands could take place in a special branch with a single file. @oprypin Authentication for github could use OAUTH. Special branches can contain tokens provided by the website for initial authentication. Authentication may not be necessary if the data is scraped automatically. @watzon Are there features that require manual configuration not available from scraping? @ysbaddaden A branch or other file could list the library versions with their compatibility information. The website and |
|
@didactic-drunk technically no. There's nothing currently that would require manual configuration. |
|
@watzon The dependency list code is in ruby and was made as a quick and dirty way to get information not available elsewhere. Do you care? It can output JSON/YAML/etc. |
I just wanted to take a look and get inspiration. I haven't started the code for dependency matching yet so anything helps. Thanks :) |
|
Is http://shards.info a better starting point? It already has forward and reverse dependency tracking. I've seen crystalshards.xyz but not shards.info before. Am I the only one that didn't know about it until now? |
|
@didactic-drunk I'd never heard of it either. But I do have 2 trending repos on the front page, so yay me! |
|
@watzon @oprypin Please, don't publish shards for authors that never asked to! Having a shard.yml and releases doesn't mean it's a library: it could be an app (e.g. shards, prax)! Of all the repositories I have, I'd only publish a few (e.g. minitest, earl, scrypt, pool): the ones I want to maintain and be used. Others are mere weekend side projects; I don't want to have those listed in an official registry! Let's have a central place to publish and search for shards. Let it be populated patiently with real libraries that people do care for in the long run, and let's avoid the junk that nobody uses, not even their own authors (including me). |
|
If you think it's useful to have a registry of an arbitrary subset of libraries (I expect <10% for a very long time), I can't stop you. |
|
http://shards.info is awesome! It needs to be advertised more (or at all!) It's exactly what I would want from such a tool and a living proof that centralization is not required to achieve these goals. |
|
@watzon have you thought about posting this on forum.crystal-lang.org ? I feel like most of the crystal community is watching the crystal-lang/shards repo but there might be some more people watching on the forum. |
|
@wontruefree really I only posted it here because I wanted to get the maintainers opinions and see if having this site and shards be integrated in some way would be something they'd be willing to do. I'm not aiming for much attention right now. |
|
@watzon feel free to contact me directly. I'd love a directory, and the few screenshots you posted above are very nice, and feel a lot like what I wanted. I'm closing for the time being, since I believe your questions are answered :) |
|
Thanks @ysbaddaden. Once I have it a bit more feature complete and make the repo public I'll consult with you about how to go about integration with shards. |
|
There shouldn't be any integration with shards and a registry. That's centralization. Any registry should be a community project, just a list of "these are maintained shards and here's their repositories" with a nice UI. Any other features can be obtained through the website without integration with |
Perhaps a publish flag and optional official url in shard.yaml would solve this issue and reduce friction? That way no one has to contact any registry. Multiple (decentralized) registries can use the same flag. |
|
I'd prefer |
|
@ysbaddaden Wanted opt in rather than opt out. For new projects I'm likely to agree with him. Low quality shards probably shouldn't be published. If the user can't add a single flag and/or official url to publish then it's probably not worth having the shard searchable. Filling out anything in What about old shards that won't/don't update their shard.yaml to indicate publishing is wanted? Let the search index grandfather them in. There's only ~1000 or so last I checked. You could have shards be smart and ask or warn about publishing if releases are detected or if the flag is ambiguous. Perhaps the best default is no default. Let the user decide or in new shards |
|
On 2nd thought: Would detecting releases solve the issue? No releases == don't publish? |
|
IMO https://shardbox.org solves this in an elegant way: The catalog is a list of explicitly opted-in projects. It doesn't depend on modifying individual projects' |
|
Is this issue closed because the subject is settled (no registry) or can the discussion be opened again ? I encountered an issue with some conflicting redis shards (https://shardbox.org/search?q=redis : there are 4 shards with the exact name shardbox is nice, but nothing stops / warns me from :
There should be an authoritative source (an official repository like #283 (comment)) used by It won't stop toy / week end project shards to be published in an obscure github repository, but if you want to secure your more serious shard name and make it easily discoverable, just spend 5 minutes to open a PR to the central repo. |
|
A problem is that to enforce it, you must have the registry, hence download it on each computer. In Rust, Cargo needs to download a several hundred megabytes file for example. Same with Nix where it downloads a 64MB archive once a day, sometimes multiple times a day 😨 Also, non clashing shard names won't magically prevent clashing type names, especially when your shard is about monkey-patching (c.f. |
I would rather scope it to sensible templates for shards init rather than a whole registry. I agree that not having a central package authority of packages makes some stories harder (like discovery), but it also simplifies a lot other stories and maintenance. |
|
@bcardiff @straight-shoota maybe crystal-lang.org could start considering shardbox.org as the "official registry" of shards? |
Right now, the uncompressed content of https://github.com/shardbox/catalog/tree/master/catalog is 100 kb. It could of course grow as Crystal gets more popular but we'd all wish for the Crystal ecosystem to have this kind of problem :-)
Error shard name (lasagna) has ambiguous sources: 'git: https://github.com/peter/lasagna.git' and 'git: https://github.com/alice/crystal-lasagna.git'.could become Error shard name (lasagna) has conflicting sources: 'git: https://github.com/peter/lasagna.git' and 'git: https://github.com/alice/crystal-lasagna.git'.
'git: https://github.com/alice/crystal-lasagna.git' is the registered source on shardbox.org for 'lasagna'A registery wouldn't magically fix the existing conflicts / issues but it'd be a starting point for a (very !) long journey where the idiomatic content of a dependencies:
hammer:
version: ~> 1.0.0
glass:
version: ~> 1.0.0
window:
version: ~> 0.3.0 |
I've started working on a project which I think could benefit the Crystal community, a real registry for shards. Notice I didn't say repository, because that is both expensive and very hard to pull off, especially given my limited time, but I have been working on a shards registry which would allow people to:
I have taken inspiration from rubygems.org and npmjs.com for the design and the functionality. To start with, my idea was that we could allow dependencies to be listed in
shard.ymllike thisBasically if the value of the dependency is a String you'd fetch it from the registry (and by fetch I really mean you'd send an API request to the registry which would return the github info for that repo), otherwise you'd continue to handle requests for specific git repositories as normal.
I am definitely open to suggestions and can add up to 3 people to the repo if anyone wants to run it locally or help out. Here are some screenshots of the current design.
Hopefully I'm not pushing any boundaries or being too presumptuous here. I just love Crystal and want to give back to the community. Thanks!
The text was updated successfully, but these errors were encountered: