question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Hash of a github release changes because of versioneer

See original GitHub issue

Problem:

I created a github release, which makes use of versioneer to generate a version number. I downloaded the tar.gz archive and computed the hash (which is required by third-party package managers, like macports and homebrew-core). A few days later, however, I was notified that the hash of the released archive file changed.

Inspecting the original and subsequent tar.gz files, I found that the tar.gz archive did indeed change, and the cause of this change is git_refnames in the file _version.py generated by versioneer.

diff -r SHTOOLS-4.7.1 SHTOOLS2-4.7.1
diff -r SHTOOLS-4.7.1/pyshtools/_version.py SHTOOLS2-4.7.1/pyshtools/_version.py
26c26
<     git_refnames = " (HEAD -> master, tag: v4.7.1)"
---
>     git_refnames = " (HEAD -> master, tag: v4.7.1, develop)"

The only thing that makes sense is that Github recreated the project tar.gz file a few days later, and that for some reason, the git tag was modified somehow. Though I don’t know why github would recreate this file, I also question whether git_refnames is required by versioneer. and _version.py.

Additional context: The release of our project, along with the release tag “v4.7.1” was created using the Github release page. I then pulled the tags to my local repository using git pull --tags. We work on a parallel develop branch, and have since pushed new commits to the develop branch on Github.

Examples of other people having the same problem:

Solution I don’ know the solution, nor if there is one. I have opened an issue at GiHub support to find out why the tar.gz file was recreated after the release: This seems very dangerous to me, but perhaps there is a reason this was done.

If there is not a solution, then at a minimum, versioneer should provide a warning in the documentation as to how to avoid this problem. It is not 100% clear what I could have done differently to avoid this.

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:13 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
exquocommented, Jan 4, 2022

Side note: a convenient one-liner to get the contents of the archive’d VERSION file:

git archive main | tar -Oxf - VERSION 
1reaction
effigiescommented, Oct 16, 2020

No, unfortunately this is just how git archive works, providing all refnames for the commit.

It looks like you’re setting up a process to basically snapshot the initial archive. If you’d like to avoid the possibility of changes, you can also modify your process to never push a branch head and tag together. e.g.,

git tag -a vX.Y.Z
# Make some small change or commit with --allow-empty
git commit -m 'post-tag bump'
git push origin master

Another option is to use an uploaded sdist as your source distribution, rather than a git archive. You could fetch it from PyPI or add it to your GitHub release. Those do only have tag and commit information in them, and are not subject to the variability inherent to git archive.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Hash of a github release changes because of versioneer
Problem: I created a github release, which makes use of versioneer to generate a version number. I downloaded the tar.gz archive and computed...
Read more >
How can I rewrite python __version__ with git? - Stack Overflow
I considered using GitPython, but I would not like to introduce another dependency and I want users who download the module from SVN...
Read more >
#90 (upgrade versioneer) – pycryptopp - Tahoe-LAFS
I like having the commit hash in the version from the standpoint of "coolness". The purported advantage is that no two releases from...
Read more >
Version String Management in Python - The Mozilla Blog
Version String Management in Python: Introducing python-versioneer. What's a good way to manage version numbers in a Python project?
Read more >
versioneer module — PyGraphistry 0.11.8+0.g7edbc22.dirty ...
This overrides several distutils/setuptools commands to compute the version when invoked, and changes setup.py build and setup.py sdist to replace ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found