Support arbitrary repository types for private cocoapods datasource #29049
mitchins
started this conversation in
Suggest an Idea
Replies: 2 comments 4 replies
-
Do you mean that you mirror https://github.com/CocoaPods/Specs? And that you'd want to configure Renovate to tell it that using Regarding:
We have a getJson function for all our supported platforms, including Azure DevOps. It's currently used for fetching presets. So I don't think this assumption holds. |
Beta Was this translation helpful? Give feedback.
4 replies
-
Great thanks.GIT would be the perfect “catch all”.I doubt performance of a couple extra seconds would matter, with shallow commit.Just wanted to get a sense check before I commit significant effort. With regards to GitHub currently it doesn’t actually check the domain, I believe “git” just needs to be in the host url regex. Obviously only GitHub supports the GitHub query API.I’m unsure what forms the domain takes with enterprise accounts, eg, does GitHub always occur even for big enterprises? Long story short:If url == CDN {}else if url == GitHub {}else { do GIT checkout and collect versions}As long as that seems endorse im happy to go ahead - just wanted to sense check.Given that cocoapods requires directory hierarchy to list versions this is not standardised, so apart from GitHub unless you want to support every sundry provider then a shallow clone is guaranteed to work (although not super elegant).Sent from my iPhoneOn 14 May 2024, at 19:28, Rhys Arkins ***@***.***> wrote:
File listing is not an exposed API like getRawFile(), but for which step do you need it?
BTW if you think it's necessary to use git, and the approach taken in Cargo would work, you are welcome to implement that.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Problem Definition
Our organisation uses Mend/Renovate however not being able to query our internal packages for automatic PR can be limiting - particularly because we mirror third party packages internally for security purposes as we are a bank.
From what I can tell, the Cocoapods datasource should in theory work with a private repository - assuming it's:
(1) On Github
(2) Structured in the way that is expected (with the content and specs folders)
It does not however work with any other repository type as it uses the github v3 api to query contents and packages. After looking through the source and building locally - I think it can be handled fairly elegantly, but would hope that the work could be accepted upstream if I goto the effort of supporting it.
Rationale for the suggested enhancement
(A) The organisation I work for uses Azure Devops (We won't be moving to GitHub actions anytime soon either) however manyorganisations still use BitBucket or Gitlab.
(B) Cocoapods is still a popular package manager even with Swift Package Manager as it's much more powerful and proven for enterprise and advanced usages.
Suggested approach
Assumptions:
(1) There are too many different git providers besides GitHub to handle their HTTP APIs
(2) We would have permissions to check out the repository holding the podspecs, given we are supposed to update packages
(3) A shallow checkout of depth=1 should be quick enough, and we can clean it up once done
With the above, if the repository is not GitHub, e.g. dev.azure.com or myorg.bitbucket.com (or bitbucket.myorg.com), rather than what it does now (which is to try to call the GitHub api and fail with 404/401), let's just check out the repository locally using a shallow clone, and query the directory structure.
This approach is more or less how cocoapods itself queries it, and even caches it locally (although we should let it do its thing rather than try to inspect that).
In Summary
For the index.ts of the Cocoapods DataSource, if the repository url is not the public CDN or a github repository, can we use a strategy of checking out the repository to query available packages in the repository structure? This pattern isn't new either as it looks like Cargo (among others) uses a repository clone.
The approach would work seamlessly with any "other" provider besides the CDN or GitHub, and as mentioned there's still alot of life left in CocoaPods as well as enterprise usage of non GitHub repositories.
Again while I am willing to look into the work, I'd prefer to have an approach that could be accepted upstream so that it could:
(A) Work with Mend cloud service
(B) Not require manual merges from upstream
Beta Was this translation helpful? Give feedback.
All reactions