Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Deterministic build?
See original GitHub issueIt seems like we can specify a specific git revision in fips.yml with rev when we import dependencies, but the dependencies of the imported library is up to the library’s fips.yml.
Is there a good way to ensure specific reversions so that we can get deterministic build if needed?
For example in Rust, Cargo.lock file maintains a snapshot of dependency versions https://github.com/rust-lang-nursery/rls/blob/master/Cargo.lock and it’s encurraged to check-in Git repository for reproduciability.
Issue Analytics
- State:
- Created 6 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yes I agree that a proper snapshot file would be better, especially together with “fips update” (which may be does the wrong thing at the moment). fips.yml is currently hardcoded, but I think the lock-file should not be a plain copy of fips.yml. fips.yml is more like a general project-config file, for instance besides imports (and exports) you can also put general values in there which can then be read by custom verb- or code-generator scripts.
It should be possible to override ‘sub-dependencies’ by listing them with their required versions in your top-level fips.yml before the dependency which imports those sub-dependencies.
Basically, fips should resolve dependencies in the order they are listed in fips.yml, depth-first, and it will not touch dependency-directories that already exists.
It’s a bit more work than the automatic lock-file snapshotting, but it should allow for the same level of control. If you try this let me know if this works, I did some changes to the dependency resolution fairly recently to ensure the right import-order, but the whole thing is a bit more complex than I’d like, there may be subtle bugs in it.