Files · 72806dd4ef8952a27310c9bc0bc0c8bd93b816d1 · open / python-poetry

Resolve git refs to git revisions [#1331] (#1337) · 72806dd4

* Check that a git dependency resolves to a revision

A git dependency should be resolved to a full git revision (SHA-1).
When dealing with a git dependency, this is the only way to lock
the dependency in-place (because revisions are immutable).

* Check that a pinned git dependency resolves to a revision

There are three mutually exclusive parameters that can be used to
pin a git dependency: `branch`, `tag`, and `rev`.  Since they all
can be moving targets, they should be resolved to a full git
revision (SHA-1) to ensure a proper in-place lock.

This change highlights bug #1331 and currently fails.

* Make sure a git reference resolves to a revision

Do not lock a git dependency to a named reference but to a full
git revision instead.  This ensures reproducibility and security
as git revisions are immutable.

Fixes: #1331

committed Oct 11, 2019

72806dd4

Name	Last commit	Last Update
.github		Loading commit data...
assets		Loading commit data...
docs		Loading commit data...
poetry		Loading commit data...
tests		Loading commit data...
.coveragerc		Loading commit data...
.gitignore		Loading commit data...
.pre-commit-config.yaml		Loading commit data...
CHANGELOG.md		Loading commit data...
CONTRIBUTING.md		Loading commit data...
LICENSE		Loading commit data...
Makefile		Loading commit data...
README.md		Loading commit data...
get-poetry.py		Loading commit data...
make-linux-release.sh		Loading commit data...
mypy.ini		Loading commit data...
poetry.lock		Loading commit data...
pyproject.toml		Loading commit data...
sonnet		Loading commit data...
tox.ini		Loading commit data...

README.md