New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SR-679] swiftpm should support rewriting dependent package urls for vendoring #5400
Comments
Max and I have been discussing using the upcoming lockfiles proposal as a way to support this, rather than supporting it directly in the Package.swift. |
Comment by Ramon Nogueira (JIRA) It doesn't seem appropriate to put this in lock files. Lock files are generated by a tool when updating dependencies, while this would be a per-project configuration that would be hand-written. In the code above, I don't see how this could be used to support vendoring. My understanding is that vendoring (usually) means that the sources for a given dependency are checked in to your repository (or are submodules). In this case, there is no version, we just need to point spm directly at the checked-out copy. It seems to me that what we really want is to replace wholesale the mapping func findDependency(package: Package) throws -> File |
Comment by Jay Buffington (JIRA) I recently discovered this git config option that may be relevant here:
|
@aciidb0mb3r/ @neonichu isn't this done with the mirroring support? |
Comment by Mustafa YALCIN (JIRA) 3 |
1 similar comment
Comment by Mustafa YALCIN (JIRA) 3 |
Additional Detail from JIRA
md5: 2a3c7f12451e616747e3dc55507e86d4
relates to:
Issue Description:
We would like a method to munge dependency urls for a number of reasons. We want to "vendor" dependencies. Vendoring would give us a number of benefits:
integrity - no one would be able to change a tag out from under us
customization - place to put custom patches
availability - we don't have to depend on uptime of an external system
I imagine a hook that we could register in the top
Package.swift
that would have a signature like this:This is partially related to the "scheme" problem where the user running
swift build
rather than the developer writingPackage.swift
should be controlling if thegit clone
is happening using thehttps
orgit
protocol.The text was updated successfully, but these errors were encountered: