search

abelsiqueira / BestieTemplate.jl

Template for Julia Programming Language packages using the copier engine.
http://abelsiqueira.com/BestieTemplate.jl/
Mozilla Public License 2.0
38 stars 9 forks source link

Why not make it a git repo? #402

Open oxinabox opened 1 month ago

oxinabox commented 1 month ago

Description

The docs say:

The resulting folder will not be a git package yet (to avoid trust issues), so you need to handle that yourself. You should see a short guide on screen, but here it is again

What are these trust issues? (I am already running arbitrary code that is in this package after all)

abelsiqueira commented 1 month ago

TL;DR: to decrease maintenance burden.

Trust issues are from the copier side. To execute commands in the generated repo, you have to use --trust or --unsafe on copier.

For new packages, we could run git commands from the Julia side to create the repo, but I've been trying to keep it light (maintenance). From your experience, does it involves many corner cases? Also, pre-commit should be run (when added) between some git commands, so in addition to running git commands, we would need to run pre-commit as well, which adds more corner cases.

For existing packages, the user has to look at the result and decide what to add/restore, so no automatic commands.

Thanks for the question and let me know what you think of the reasoning.

oxinabox commented 1 month ago

I guess my question then becomes why does this involve more trust for copier? Maybe we can just always run copier with those flags?

I haven't found that git has caused much maintainance burden I think this is the only one I personally have hit: https://github.com/JuliaCI/PkgTemplates.jl/issues/327 And browsing the others: https://github.com/JuliaCI/PkgTemplates.jl/issues?q=is%3Aissue+git I can't remember any being too burdensome. Nothing has forced me to look at the code for this, so I don't actually know how it works. Which itself is an argument for it not being too bad

abelsiqueira commented 4 weeks ago

When you run copier copy URL here/, you are implicitly trusting copier, but not the template in URL, so you don't run the tasks that the URL template defines by default. Trusting in this context means allowing the tasks in URL to run. Here we mix both, since the template is also the package.

I'm still on the fence, but we can split into two issues:

  1. Implement optional automatic repo creation with git
  2. Whether to make it the default

I'm not picking this up right now, but for someone wanting to pick up 1, I think the following is needed: