In order to leverage other existing tooling, consider replacing the git retrieval mechanism used as part of the opencontrol.yaml "dependencies" section with alternative content retrieval mechanisms, specifically k14s/vendir (https://github.com/k14s/vendir)
The idea being that vendir can retrieve content from multiple git sources, multiple alternative sources like github releases, http endpoints, etc., and from private repositories. Vendir also has download lockfiles for reproducibility, and it stores the content retrieved in the local git repo copy directly rather than using git submodules or anything like that.
I'm not sure if I'm advocating for this to be incorporated directly into opencontrol. Vendir can be used to pull in dependencies as a separate process from opencontrol itself. I guess I'm just saying, it's an option that may be interesting to consider.
In order to leverage other existing tooling, consider replacing the git retrieval mechanism used as part of the opencontrol.yaml "dependencies" section with alternative content retrieval mechanisms, specifically k14s/vendir (https://github.com/k14s/vendir)
The idea being that vendir can retrieve content from multiple git sources, multiple alternative sources like github releases, http endpoints, etc., and from private repositories. Vendir also has download lockfiles for reproducibility, and it stores the content retrieved in the local git repo copy directly rather than using git submodules or anything like that.
I'm not sure if I'm advocating for this to be incorporated directly into opencontrol. Vendir can be used to pull in dependencies as a separate process from opencontrol itself. I guess I'm just saying, it's an option that may be interesting to consider.