-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential problem for commit finder when packages do not use semver. #706
Comments
Macaron's commit finder can correctly find the commit for black and flake8-bugbear even though they follow a date-based version pattern. But these versions fail to communicate breaking changes via major versions. It would be nice to have a check in Macaron that reports if a project does not follow semantic versioning? |
@behnazh-w have you tried |
No I haven't tried this package. @benmss what do you think? |
That would be useful information in the final report. If my project depends on packages that don’t programmatically communicate breaking changes then that needs to be considered when declaring my project’s deps. So, if Macaron could alert me to such funky deps, that’d be schnufte indeed. |
It appears the commit finder does not work with the IANA format currently. Thanks @jenstroeger for bringing this to our attention. For the |
@benmss looks like this issue can be closed? Did you sample a (large) set of package metadata from PyPI and check what version strings they’re using? For example
gives you all pytz releases, however, you might have more luck digging through the Project Metadata Table. One more question: macaron/src/macaron/repo_finder/commit_finder.py Lines 331 to 332 in e8ce555
|
For now only the
This is because some versions have one or more additional zeros when compared to their tag.
@behnazh-w @jenstroeger I have created a new issue for this, and I encourage discussion of that there. |
Hmm 🤔 I ask because the RHS Instead, I think Python provides interesting iterators1 that you can use to compare two version strings for equality (I assume that’s your primary goal). Now let’s assume that a version string is composed of numbers separated by e.g. a >>> from itertools import zip_longest
>>>
>>> v = "2.0.0.0" # A version string.
>>> t = "2" # A tag string representing a version.
>>> all(int(sv) == int(st) for sv, st in zip_longest(v.split("."), t.split("."), fillvalue="0"))
True compares these two version strings, no matter how many fragments and how many zeroes each of the version fragments is made of.
Thank you, I’ll take a look. Footnotes
|
Package versioning in the Python ecosystem doesn’t always follow semantic versioning; in fact, alternative versioning schemes are documented here.1 For example for final release versions,
and then
For example, black or flake8-bugbear are popular packages following a date based version scheme. It might be interesting to pull metadata of existing packages from the PyPI API and correlate a package’s release date with its version number, and perhaps other non-semver versioning schemes… 2 🤔
With that in mind, I suspect the commit finder might need to be reviewed?
Footnotes
See also romantic versioning and sentimental versioning. ↩
Unfortunately, the current pyproject.toml spec doesn’t seem to contain a “versioning scheme” entry, so Macaron might be stuck with a few heuristics-based wild-wild guesses… ↩
The text was updated successfully, but these errors were encountered: