Closed lildude closed 5 years ago
jonabc
commented
6 years ago @lildude ah it's not bogus. This (😞 unanticipated but arguably correct) change in behavior is because licensed no longer moves into the target directory before obtaining a commit SHA. Those SHA's that you're seeing are the linguist commits that updated the submodules, not the SHAs of the individual submodules.
I don't think this is a bug.
lildude
commented
6 years ago This (😞 unanticipated but arguably correct) change in behavior is because licensed no longer moves into the target directory before obtaining a commit SHA. Those SHA's that you're seeing are the linguist commits that updated the submodules, not the SHAs of the individual submodules.
🤯 yup, definitely unanticipated, and sort of makes sense now you mention it.
I don't think this is a bug.
🤔 If this is expected, it means new licenses won't be picked up until submodule updates have been committed:
$ git submodule update --remote
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 4 (delta 3), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (4/4), done.
From https://github.com/codemirror/CodeMirror
af3bd431..ab3e78af master -> origin/master
Submodule path 'vendor/CodeMirror': checked out 'ab3e78afb0bc7f0bf56a2038539b2853715e38aa'
Submodule path 'vendor/grammars/JSyntax': checked out 'daf9ff2cb011571825338b57c48b87fa8cca065d'
Submodule path 'vendor/grammars/MagicPython': checked out 'ad6bd6211944a1b24c6594fa75ee3b15f60d7559'
Submodule path 'vendor/grammars/NimLime': checked out 'd71fd1ae94a8597cec72445bc87c760497a9763c'
[...]
$
$ script/licensed | grep Caching
Caching licenses for linguist: <--- I'D EXPECT LICENSE CHANGE DETECTION HERE
$
$ git commit -am 'Updqte grammars'
[testing be906be4] Updqte grammars
38 files changed, 38 insertions(+), 38 deletions(-)
$
$ script/licensed | grep Caching
Caching licenses for linguist:
Caching atom-language-purescript (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching language-apl (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching quake (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching sublime-MuPAD (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching language-csound (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching language-roff (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching objective-c.tmbundle (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
[...]
$This seems very counter-intuitive to me and is likely to lead to the assumption by many using a similar approach to us, that there has been no change to the license(s) until much later, possibly too late. Some may also not like the pollution of their history that comes from having to commit the submodule updates and then the license updates separately.
We're effectively in the same boat as the way Go dependencies currently work, which I note you implemented a workaround for as part of the change in https://github.com/github/licensed/pull/78 so I guess I'm going to need to do the same for Linguist and our custom source.
I'm not sure if or how this should be documented as I suspect we're in a unique position at the moment.
jonabc
commented
6 years ago If this is expected, it means new licenses won't be picked up until submodule updates have been committed: This seems very counter-intuitive to me and is likely to lead to the assumption by many using a similar approach to us, that there has been no change to the license(s) until much later, possibly too late.
IMO this is desired and how it should be working, at least when using the Git commit SHA as a version identifier. Having licensed pick up changes before they're committed into a repo sounds like a bug to me, as it doesn't necessarily reflect the state of the project that is distributed to others.
We're effectively in the same boat as the way Go dependencies currently work, which I note you implemented a workaround for as part of the change in #78
To be clear, that was not a workaround for submodules that are committed into the repo. That was a workaround for downloaded external projects that exist outside the repo.
I guess I'm going to need to do the same for Linguist and our custom source.
Sure. To be honest I'm not sure thats the correct thing to be doing as you're opening Linguist up to having mismatches between the committed submodule reference and whats in the license metadata.
lildude
commented
6 years ago To be honest I'm not sure thats the correct thing to be doing as you're opening Linguist up to having mismatches between the committed submodule reference and whats in the license metadata.
I'm not sure I follow how. Can you please elaborate.
From my experimenting this morning, having it this way means the cached license is tied to the version in the submodule SHA that we reference in Linguist. Both are committed to the repo at the same time as part of the slightly modified release process.
jonabc
commented
6 years ago Can you please elaborate.
Sure! If someone were to update a submodule reference, cache license metadata then update a submodule reference again, there would be a mismatch.
I guess as long as the method of obtaining the submodule reference is consistent then licensed would complain about the metadata being out of date when checking metadata status.
🤔
jonabc
commented
5 years ago @lildude theres now a source available for git submodules that will use the SHA of the submodule as the version string. With that source available then any manifest can and should continue to use commit SHAs for the root repo as opposed to the submodule.
👍 to close this issue?
lildude
commented
5 years ago 👍 to close this issue?
👍 looks like it might do what I've implemented in Linguist. I'll look to update Linguist when I've got the bandwidth. Thanks for implementing this. 🙇 Closing.
As part of updating the cached licenses in Linguist in https://github.com/github/linguist/pull/4268, I've just updated the Licensed gem (locally) from
~> 1.1.0to~> 1.3.0which has pulled in Licensed 1.3.3.Within
script/licensedwe're callingLicensed::Git.version()as follows:... where
directoryis a git submodule for each grammar.With Licensed 1.1.0, this determined the correct SHA for each submodule, but on 1.3.3 it returns a completely bogus SHA as seen with the most recent update of the cached licenses I performed after updating the gem:
That same SHA has been applied to multiple license files:
Further digging shows we're getting a lot of duplicate SHAs:
Every single license now has a new version and they're all wrong from what I can see from a quick glimpse - I don't fancy checking all 309 right now 😉