-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SR-666] swiftpm should allow me to depend on latest commit of a branch #5430
Comments
Comment by Kostiantyn Koval (JIRA) I think this was already discussed somewhere. The main idea is that it's not 100% secure. When you rely on specific version you can guaranty that it will build in future (the code and binary will not change) If you make a package that depends on other package from master branch, it can build successfully now, but it could fails if new code is pushed to the master. |
It should only be possible for the root package to depend on HEAD. |
Comment by Jay Buffington (JIRA) I totally agree with kkoval (JIRA User), we shouldn't be able to publish packages that have dependencies on packages that don't explicitly depend on a version (range). We should still do this to support the dev case, though. like @mxcl said, if you can only do it for the root package, then it will be safe. |
Comment by Kostiantyn Koval (JIRA) Example: let package = Package(
name: "Hello",
dependencies: [
.Package(url: "ssh://git@example.com/Greeter.git", head: true),
]
) The root package in that case is Hello. It depends on the Greeter from head. What happens if I commit this and push package code? let package = Package(
name: "Answering",
dependencies: [
.Package(url: "ssh://git@example.com/Hello.git" version: Version(1,0,0))
]
)
//swift build Answering -> Error, can't use "Hello" as a dependency, it's unsafe because .... But the Hello project itself is now not stable, because it relies on external dependency without specified locked-commit. |
Comment by Jay Buffington (JIRA) How about for now we do something less controversial for now: just allow for depending on a commit sha. |
This would be nice to get in the 3.0 release timeframe. |
Comment by Anindha Parthy (JIRA) I disagree with kkoval (JIRA User)'s example. If Hello was depending on an unlocked commit, then I wouldn't tag that as 1.0.0. My use case is that I am using Swift 3.0 and some of dependencies have a branch that is Swift 3.0 compatible. At the moment I check out each of these dependencies, and locally tag the Swift 3.0 branch. I could also fork the dependency and tag that. My solution would be: .Package(url: "ssh://git@example.com/Hello.git" branch: "swift-3.0") The sha is also fine, but isn't self documenting. |
Comment by Kostiantyn Koval (JIRA) You can still depend on the head and mark your package with `1.0` tag. The SwiftPM has to handle this situation. |
When working on an app has various dependencies that are being developed as a whole, the whole |
Comment by Kostiantyn Koval (JIRA) Here is a proposal for Editable packages |
Time has run out for Swift 3, unfortunately. |
This is up for active review: |
Additional Detail from JIRA
md5: b10f288e55add23846354603cdc57b6c
is duplicated by:
Issue Description:
I want the ability to depend on the latest version of a particular branch in a repo (master being the most common).
Sometimes upstream library authors might have a fix or a feature in the latest version, but they haven't done a release yet. For development I'd like to try that out before the release is official.
The text was updated successfully, but these errors were encountered: