Open kpcyrd opened 2 years ago
I have a different plan for this, where you run a command and it generates a local repo containing the packages used. You could then use this “lock repo” for this purpose. That way there are no ambiguities with the packages.
Pushing to v0.2 because the prerequisites for lock repos won't land in apko until apko v0.5.
hi!
It would be cool to have lockfiles like
.melange.lock
that work similar toCargo.lock
.With a configuration like this:
The lockfile would contain the resolved versions for make, go, git, etc and help achieve reproduce builds even if one of the packages was updated in alpine in the meantime.
The file could be generated with a command like
melange update
and toml would probably be a good fit since it works well in git diff and has good machine readability.