Closed teolemon closed 2 years ago
Also, this build is cursed 😈
cf. The Number of the Beef by Iron Maiden in Spinal Tap mode ;)
Hey I've got good news, it's never going to happen again. Until version 6.6.6.
Fix: cf. https://github.com/openfoodfacts/smooth-app/issues/1300#issuecomment-1075487899
I don't know how we can imagine Sentry version 7.18.0 from a line like this in pubspec.yaml
:
sentry_flutter: ^6.6.0 # careful with upgrading cf: https://github.com/openfoodfacts/smooth-app/issues/1300
[Edit: added]
In the Podfile.lock
:
- Sentry (7.18.0):
- Sentry/Core (= 7.18.0)
- Sentry/Core (7.18.0)
- sentry_flutter (0.0.1):
- Flutter
- FlutterMacOS
- Sentry (~> 7.18.0)
It's clearer now, isn't it? No it isn't.
I guess or rather hope running smoothie on a Mac and commit your so called "wtf" file changes could fix the issue.
But that's not a long term solution, we should find a way to make this secure.
Unfortunately I have no experience with cocoapods so nearly all of my knowledge comes from reading your comments.
I just checked and dependabot doesn't support cocoapods at the time being.
Is it enough to run the app once a day automatically and PR any changes to the Podfile
and Podfile.lock
, I don't know.
Another interesting comment from the before linked issue:
The source code from the dependencies is often checked in to the repo as well, so you're right there is a lot of vendoring. In some cases developers choose to not check in the
Pods/
directory, in which case simply updating thePodfile
andPodfile.lock
would be enough. But it wouldn't cover the case where thePods/
are checked in.
Could it be enough to just commit the Pods dir, then we wouldn't have a problem with deleted versions as we have a local copy right? I don't know either but that would save us a Mac VM running on schedule. It's free but looking at the world we don't need to waste any energy.
It's free but looking at the world we don't need to waste any energy.
There could be tons to write about that, including the interest of some attached videos or large screenshots that will stay forever. Or of Codecov mails I still haven't found what they were all about.
I have no experience with cocoapods, dependabot or Podfile and I don't even know what they're here for. I code in OOP and SQL, if possible the rest should be a black box to me - I have limited bandwidth in my brain and limited time.
So, let's be engineers: if we find a solution that works, we use it. When it becomes a priority to find another solution, then we'll think about it.
I've just PR'ed my Podfile.lock
. Don't know what could change. Just noticed that the latest change was 2 days ago by @g123k, and that's exactly were my Podfile.lock
is different. Not blaming, I don't even know how that file can change.
@teolemon Are we done now, after my suggestions in https://github.com/openfoodfacts/smooth-app/issues/1300#issuecomment-1075487899?
Yes we are done but we also need to add it to the new release workflow as we currently have two
What
.symlinks/plugins/sentry_flutter/ios
) was resolved to 0.0.1, which depends on Sentry (~> 7.19.0)