search

hbmartin / danger-spm_version_updates

A Danger plugin to detect if there are any updates to your Swift Package Manager dependencies.
https://hbmartin.github.io/danger-spm_version_updates/Danger/DangerSpmVersionUpdates.html
MIT License
5 stars 1 forks source link

Handle or ignore dependencies using commit hash instead of version number #5

Open BartoszCichecki opened 2 months ago

BartoszCichecki commented 2 months ago

Due to legacy reasons, some of our dependencies target specific commit hash instead of version number:

      {
        "package": "OHHTTPStubs",
        "repositoryURL": "https://github.com/AliSoftware/OHHTTPStubs",
        "state": {
          "branch": "9.1.0",
          "revision": "12f19662426d0434d6c330c6974d53e2eb10ecd9",
          "version": null
        }
      },

This results in an error like this being thrown:

/Users/vagrant/.asdf/installs/ruby/3.2.3/lib/ruby/gems/3.2.0/gems/semantic-1.6.1/lib/semantic/version.rb:15:in `initialize': 12f19662426d0434d6c330c6974d53e2eb10ecd9 is not a valid SemVer Version (http://semver.org/) (ArgumentError)
      raise ArgumentError.new("#{version_str} is not a valid SemVer Version (http://semver.org/)") if v.nil?
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    from /Users/vagrant/.asdf/installs/ruby/3.2.3/lib/ruby/gems/3.2.0/gems/danger-spm_version_updates-0.2.0/lib/spm_version_updates/plugin.rb:110:in `new'
    from /Users/vagrant/.asdf/installs/ruby/3.2.3/lib/ruby/gems/3.2.0/gems/danger-spm_version_updates-0.2.0/lib/spm_version_updates/plugin.rb:110:in `warn_for_new_versions'
    from /Users/vagrant/.asdf/installs/ruby/3.2.3/lib/ruby/gems/3.2.0/gems/danger-spm_version_updates-0.2.0/lib/spm_version_updates/plugin.rb:70:in `block in check_for_updates'
    from /Users/vagrant/.asdf/installs/ruby/3.2.3/lib/ruby/gems/3.2.0/gems/danger-spm_version_updates-0.2.0/lib/spm_version_updates/plugin.rb:45:in `each'
    from /Users/vagrant/.asdf/installs/ruby/3.2.3/lib/ruby/gems/3.2.0/gems/danger-spm_version_updates-0.2.0/lib/spm_version_updates/plugin.rb:45:in `check_for_updates'
    from Dangerfile:54:in `eval_file'

Not sure what is the best approach to this, maybe ignore these?

hbmartin commented 2 months ago

This should be handled 🤔 Can you post the config for this package from Project.xcodeproj/project.xcodeproj

hbmartin commented 2 months ago

What version of Xcode is being used? This plugin thinks the dependency was configured to be an "up to next major" package version and not commit pinned

BartoszCichecki commented 2 months ago

Hmmm you are right, it is configured "upToNextMajor"... Apologies! Not sure what is going on here then. Xcode is 15.3 (latest).

41321DAA28FED725007FBACA /* XCRemoteSwiftPackageReference "OHHTTPStubs" */ = {
            isa = XCRemoteSwiftPackageReference;
            repositoryURL = "https://github.com/AliSoftware/OHHTTPStubs";
            requirement = {
                kind = upToNextMajorVersion;
                minimumVersion = 9.1.0;
            };
        };
hbmartin commented 2 months ago

No apologies needed! I don't know of any spec for these things so reverse engineering Xcode's behavior(s) is the best I can do and these reports really help. I'll have something out tomorrow or Thurs to handle this scenario. Thinking I might treat this as a branch dependency or otherwise try to reverse-resolve the commit hash.

BartoszCichecki commented 1 month ago

Hey @hbmartin, any news?