KSP-CKAN / NetKAN-Infra

NetKAN Infrastructure Repo
MIT License
3 stars 6 forks source link

Inflator can erroneously detect .version files in bundled dependencies #327

Closed JonnyOThan closed 9 months ago

JonnyOThan commented 9 months ago

I'm pretty sure the inflator will warn if you have more than one .version file, but I just came across a case where a mod had bundled CustomBarnKit (which has a .version file) and didn't provide a .version file of its own. So the inflated .ckan file was using data from CustomBarnKit. This would be pretty easy to miss since the automated PRs from SpaceDock will fill out the $vref (I assume by using similar logic based on the presence of a .version file in the zip).

I'm not really sure what a good mitigation would be - maybe if the .version file isn't in the install_to paths, it should be ignored? That might break some cases. Maybe inspect the contents of the .version file itself and make sure it's actually related to the mod we're trying to generate data for somehow?

https://github.com/KSP-CKAN/NetKAN/actions/runs/7155156764/job/19483458664?pr=9871#logs

image

I just noticed that the mod version in the inflated netkan seems to come from SpaceDock rather than the .version file (CustomBarnKit's version is 1.1 something). Perhaps we can just warn if there's a mismatch between the .version file version and the SpaceDock/Github version number? Might help catch other errors anyway.

HebaruSan commented 9 months ago

This is (one of the reasons) why we have the manual review step. I don't think an automated solution is possible, because bundled mods look exactly like the "main" mod. If you think of one, a PR would be welcome.

JonnyOThan commented 9 months ago

This is (one of the reasons) why we have the manual review step. I don't think an automated solution is possible, because bundled mods look exactly like the "main" mod. If you think of one, a PR would be welcome.

I added this bit in an edit - seems maybe viable? The other ideas don't seem great.

I just noticed that the mod version in the inflated netkan seems to come from SpaceDock rather than the .version file (CustomBarnKit's version is 1.1 something). Perhaps we can just warn if there's a mismatch between the .version file version and the SpaceDock/Github version number? Might help catch other errors anyway.

HebaruSan commented 9 months ago

Mod versions are completely inconsistent and can't be relied on for anything.