New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Add source.revision #623
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(This is my first time using the new code-review feature in Github, hope I'm doing this right!)
src/luarocks/type_check.lua
Outdated
@@ -58,6 +58,7 @@ local rockspec_types = { | |||
dir = string_1, | |||
tag = string_1, | |||
branch = string_1, | |||
revision = string_1, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should use revision = { _type = "string", _version = "3.0" }
here (or you can even create a string_3
variable)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can do this, but I'm wondering where I should be putting my more complex validation. I need to make sure
- the URL specifies either a git or hg repo when revision is specified
- that revision is a 40-character hex string
I spotted _pattern, which led me to try _pattern = string.rep("%x", 40)
, and that works, but it has a very silly error message:
Error: Error loading rockspec: /home/kyle/src/luarocks/test/testfiles/invalid_revision-1.0-1.rockspec: Type mismatch on field source.revision: invalid value HEAD does not match '%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x'
src/luarocks/fetch.lua
Outdated
@@ -235,6 +235,10 @@ function fetch.load_local_rockspec(filename, quick) | |||
if rockspec.source.cvs_module then rockspec.source.module = rockspec.source.cvs_module end | |||
if rockspec.source.cvs_tag then rockspec.source.tag = rockspec.source.cvs_tag end | |||
|
|||
if rockspec.source.revision and not deps.format_is_at_least("3.0") then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the version checking for the revision
field in the type checker, you don't need to version-check again here.
Yay, thanks for taking on this feature! I added some comments. |
Thanks for the review, I'm working on a commit that resolves it and adds a few of the simpler tests right now. Something else: I noticed that luarocks already calls the "-1" part of a rockspec version a "rockspec revision", so I'm worried about the two getting confused for each other. Wikipedia suggests changeset as a possible alternate name I'd be okay with. |
|
|
This is not a big practical problem at luarocks.org because |
So does luarocks install |
b385a44
to
9137141
Compare
Current coverage is 87.93% (diff: 100%)
@@ luarocks-3 #623 diff @@
============================================
Files 66 69 +3
Lines 6936 6998 +62
Methods 0 0
Messages 0 0
Branches 0 0
============================================
+ Hits 6083 6154 +71
+ Misses 853 844 -9
Partials 0 0
|
When a branch is specified, only that branch will be cloned, even when revision is specified.
Something I noticed: right now, if you use luarocks with an http/https/ssh url, luarocks is forced to do a full clone. Do you remember the reasoning behind it? At least on my machine doing a shallow clone works fine for all three types. Anyways, an in-words description of how cloning works in this PR:
|
else | ||
-- otherwise, we need a full clone to make sure we fetch all available | ||
-- revisions | ||
depth = "--" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems prone to later issues: --
signifies "things after this point are arguments not options".
end | ||
end | ||
|
||
local command = {fs.Q(git_cmd), "clone", depth, rockspec.source.url, module} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do url and module need to be quoted?
|
||
local committish = rockspec.source.revision or tag_or_branch | ||
if committish then | ||
if not fs.execute(fs.Q(git_cmd), "checkout", committish) then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quote commitish (and/or use --
before it)
-- TODO: if revision is specified and so are tag/branch, then validate to | ||
-- make sure tag/branch matches revision | ||
local rev = rockspec.source.revision | ||
rev = rev or rockspec.source.tag |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need to keep assigning, just start the line from or
rev = rev or rockspec.source.branch | ||
|
||
if rev then | ||
command = {hg_cmd, "clone", "--rev", rev, url, module} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did git_cmd need fs.Q
but hg_cmd doesn't?
This was auto-closed by accident when the (now merged) |
Resolves #569.
In hg, this is implemented by passing revision into the clone command (
hg clone myrepo --rev myrev
).In git, this is implemented by performing a full clone (
git clone myrepo
) and then doinggit checkout myrev
.Originally I planned to have a special case that compares
source.tag
andsource.revision
when both are defined. This would double check the tag's commit-id, but from a security perspective that just moves the trust from the repository host to the rockspec host. Git already supports tag/commit signing with GPG, which are better ways to verify trust.todo:
tests:
--single-branch
this can be special-cased to avoid full clone)