Make fetching source tarball by git commit more robust #4680
Conversation
|
I also think this checkout only works until github garbage collects. This dangling commit it just held on by reflog, and will disappear with a git gc. So, 90 days or so and it's gone i think. I am in favor of just fetching what we need for the requested checkout, but it wouldn't actually solve the underlying issue; UV devs are throwing away their old patches. I think the devs here should tag/branch their commit and not leave it detached, and the old method would still work (I think). So the cost here would be that we wouldn't detect this issue until the source is truly forever gone. Note: I think you meant reqwest-middleware as that's the onethat has the commit you mention here: (edit: I could be wrong, maybe github never GC's? But i doubt that) |
Not sure: I locally created a commit, amended and ran
Yes, mis-pasted. Fixed in the description |
|
I think it does go out, unless github sets up their reflog expiry date to something infinite. Testing it out: mkdir test-gc
cd test-gc
git init
echo "First version" > file.txt
git add file.txt
git commit -m "First version"
echo "Modified version" > file.txt
git add file.txt
git commit --amend -m "Modified version"
git reflog # both show up and i can checkout either
git reflog expire --expire=now --all # default is 90 days but i don't want to wait
git gc
git switch ca00a7a # now gives me "fatal: invalid reference: ca00a7a"Just gc isn't enough, the reglof need to expire before that's cleaned up. |
|
Ah ok, so the reflog needs to be GCed. I guess in that case we cannot do anything. At least the change makes the checkouts faster and gives us 90 days more time. |
|
Yes the UV devs should at least just add a |
|
It isn't actually uv but a dependency of it. And that repo doesn't has an issue tracker so I could complain. Also the commit is currently only in a branch, not somewhere in main, i.e. not merged yet. So can't help that for now. |
|
But it's the UV devs patching their dependencies is it not? (on several repos under https://github.com/astral-sh) |
|
Ah it's the same GitHub org, haven't seen that. I opened an issue in the |
Flamefire
force-pushed
the
20241011131511_new_pr_TIItVuOUVw
branch
from
2d2e09d to
18600e0
Compare
A `git fetch <repo> <hash>` requires a full hash and fails with a short hash with > could not find remote ref Disable the depth=1 optimization and remove the fetch call for those cases.
Flamefire
force-pushed
the
20241011131511_new_pr_TIItVuOUVw
branch
from
18600e0 to
caf4537
Compare
|
@lexming You know this part of the code well, can you take a look at this one? |
|
My understanding to the suggested changes:
|
That is possible. I wasn't really sure why that commit was missing. Especially for the rust crates this is going to be an issue I guess: It really asks for a specific commit and if that is permanently gone we can't do anything I guess. Probably patching the commit if we still know a similar enough commit. |
|
I double checked: That tag was created on my request and didn't exist back then which is why it failed. So we have 2 cases:
We want to detect the first, i.e. not do the explicit fetch. And I think it is worth to mitigate the 2nd. How about guarding the explicit fetch behind a command line option like BTW; We have a bug when neither a commit nor a tag is given: We'd do So my proposal:
|
(created using
eb --new-pr)I had a crate that was supposed to fetch a git commit from https://github.com/astral-sh/reqwest-middleware. However the specified git commit
21ceec9a5fd2e8d6f71c3ea2999078fecbd13cbewas not available forgit checkoutafter the clone.My understanding is, that this commit is not reachable from the default (main) branch that is fetched, possibly after same rebase.
The approach done here is to add a separate
git fetchcall to fetch the specified commit. That resolves the issue in my case.We could go even further and don't use
git cloneat all: