Skip to content

Prefixing manifest dependencies with organization name #814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
minhqdao opened this issue Dec 20, 2022 · 6 comments
Closed

Prefixing manifest dependencies with organization name #814

minhqdao opened this issue Dec 20, 2022 · 6 comments
Labels
enhancement New feature or request

Comments

@minhqdao
Copy link
Contributor

minhqdao commented Dec 20, 2022
edited
Loading

To avoid name collisions and squatting, the current state (especially for the registry) would be that every dependency has to be part of a namespace (or organization or publisher). The question is now how that should look like within the fpm manifest.

Without namespace, get this dependency from the registry:

[dependencies]
name = "dependency_name"
version = "0.1.0"

With namespace:

[dependencies]
name = "organization%dependency_name"
version = "0.1.0"

This would, in theory, allow multiple packages with the same name to be incorporated:

[dependencies]
name = "organization%same_dependency_name"
version = "0.1.0"
name2 = "organization2%same_dependency_name"
version = "0.2.0"

I could envisage multiple kinds of separators for separating the namespace from the package name, like _, -, / or% (the latter is probably the most Fortran 😄). But distinguishing the namespace from package name in organization_name_package_name might be difficult using _ as the separator.

Of course, we could also add an additional required field as such:

[dependencies]
name = "dependency_name" (required)
organization = "organization" (required)
version = "0.1.0" (if not specified, get the newest version)

However, having to add another field might be overkill? 🤔

We also thought about adding namespaces for git dependencies in the same go.

How do feel about all of this?
@minhqdao minhqdao added the enhancement New feature or request label Dec 20, 2022
@arteevraina
Copy link
Member

I feel that specifying the organization name for every dependency that you use in the project using fpm is an overkill. Mostly, the package managers require you to type the dependency with their version number and that's it nothing more. This makes the developer worry less about the manifest configuration.

But, yes since we allow multiple packages of the same name under different organizations in the Fortran registry. I think the third option seems to be easier to read and less prone to commit errors.

@minhqdao
Copy link
Contributor Author

minhqdao commented Dec 21, 2022
edited
Loading

I feel that specifying the organization name for every dependency that you use in the project using fpm is an overkill. Mostly, the package managers require you to type the dependency with their version number and that's it nothing more. This makes the developer worry less about the manifest configuration.

The thing is that specifying an organization name is supposed to be mandatory when uploading a package. If we'd need to resolve a dependency without an organization name specified, we'd need to query all orgs to find a package that has that name. And then throw an error if the package name was found more than once.

If a package has to be part of an organization, I think indicating the organization should be mandatory.

@perazz
Copy link
Member

perazz commented Dec 23, 2022
edited
Loading

I also agree with @arteevraina. I would avoid polluting the name field with additional stuff. I think the manifest would be cleaner and parsing would be more standard with just one or more optional keywords like

[dependencies]
name = "dependency_name"
origin = "registry_name_or_address"
version = "0.1.0"

@perazz perazz mentioned this issue Dec 27, 2022
Open
@minhqdao
Copy link
Contributor Author

minhqdao commented Jan 24, 2023
edited
Loading

I think my initial suggestions were a bit confusing. Currently, there are three ways to include dependencies (they are the same internally):

[dependencies]
toml-f = { git = "https://github.com/toml-f/toml-f", branch = "main" }

[dependencies]
toml-f.git = "https://github.com/toml-f/toml-f"
toml-f.branch = "main"

[dependencies]
[dependencies.toml-f]
git = "https://github.com/toml-f/toml-f"
branch = "main"

I therefore think it makes most sense if we just add another namespace key. We will map its value to a new field in dependency_config_t so we will be able to differentiate path and git dependencies that have the same name, too. This might be interesting for @perazz.

Furthermore, we will add an optional v key (the version key is already used to indicate the package version). If not specified, the newest version will be automatically obtained from the registry. We can later use it for semantic versioning and version constraints, too.

@minhqdao minhqdao mentioned this issue Jan 24, 2023
Merged
4 tasks
@minhqdao minhqdao moved this to Discussion in Sovereign Tech Fund project Feb 23, 2023
@minhqdao minhqdao moved this from Discussion to In Progress in Sovereign Tech Fund project Feb 23, 2023
@minhqdao
Copy link
Contributor Author

minhqdao commented Mar 8, 2023

Added namespace and v as additional keys.

@minhqdao minhqdao closed this as completed Mar 8, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in Sovereign Tech Fund project Mar 8, 2023
@minhqdao minhqdao moved this from Done to In Progress in Sovereign Tech Fund project Mar 8, 2023
@arteevraina
Copy link
Member

@minhqdao Yeah looks pretty clean.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Sovereign Tech Fund project
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
3 participants
@perazz @minhqdao @arteevraina