Re: Validating tarballs against git repositories
Stefano Rivera <stefanor@debian.org> writes:
> Then you haven't come across any that are using this mechanism to
> install data, yet. You're only seeing the version determination. You
> will, at some point run into this problem. It's getting more popular.
Yup, we use this mechanism heavily at work, since it avoids having to
separately maintain a MANIFEST.in file. Anything that's checked in to Git
in the appropriate trees ships with the module. But this means that you
have to build the module from a Git repository, if you're not using the
artifact uploaded to PyPI (which expands out all the information derived
from Git).
If I correctly remember the failure mode, which I sometimes run into
during local development if I forget to git add new data files, the data
files are just not installed since nothing tells the build system they
should be included with the module.
I think a shallow clone of depth 1 is sufficient, although that's not
sufficient to get the correct version number from Git in all cases.
--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>
Reply to: