Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Hash of a github release changes because of versioneer
See original GitHub issueProblem:
I created a github release, which makes use of versioneer to generate a version number. I downloaded the tar.gz archive and computed the hash (which is required by third-party package managers, like macports and homebrew-core). A few days later, however, I was notified that the hash of the released archive file changed.
Inspecting the original and subsequent tar.gz files, I found that the tar.gz archive did indeed change, and the cause of this change is git_refnames in the file _version.py generated by versioneer.
diff -r SHTOOLS-4.7.1 SHTOOLS2-4.7.1
diff -r SHTOOLS-4.7.1/pyshtools/_version.py SHTOOLS2-4.7.1/pyshtools/_version.py
26c26
< git_refnames = " (HEAD -> master, tag: v4.7.1)"
---
> git_refnames = " (HEAD -> master, tag: v4.7.1, develop)"
The only thing that makes sense is that Github recreated the project tar.gz file a few days later, and that for some reason, the git tag was modified somehow. Though I don’t know why github would recreate this file, I also question whether git_refnames is required by versioneer. and _version.py.
Additional context:
The release of our project, along with the release tag “v4.7.1” was created using the Github release page. I then pulled the tags to my local repository using git pull --tags. We work on a parallel develop branch, and have since pushed new commits to the develop branch on Github.
Examples of other people having the same problem:
- https://github.com/jborg/attic/issues/335
- https://github.com/spack/spack/issues/7937
- https://trac.macports.org/ticket/41657#comment:2
- https://github.com/macports/macports-ports/pull/8518
Solution I don’ know the solution, nor if there is one. I have opened an issue at GiHub support to find out why the tar.gz file was recreated after the release: This seems very dangerous to me, but perhaps there is a reason this was done.
If there is not a solution, then at a minimum, versioneer should provide a warning in the documentation as to how to avoid this problem. It is not 100% clear what I could have done differently to avoid this.
Issue Analytics
- State:
- Created 3 years ago
- Comments:13 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Side note: a convenient one-liner to get the contents of the
archive’dVERSIONfile:No, unfortunately this is just how
git archiveworks, providing all refnames for the commit.It looks like you’re setting up a process to basically snapshot the initial archive. If you’d like to avoid the possibility of changes, you can also modify your process to never push a branch head and tag together. e.g.,
Another option is to use an uploaded sdist as your source distribution, rather than a git archive. You could fetch it from PyPI or add it to your GitHub release. Those do only have tag and commit information in them, and are not subject to the variability inherent to git archive.