-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Normalize Swift package names #7648
Normalize Swift package names #7648
Conversation
0aaadcf
to
9988b15
Compare
This will require an update to the smoke tests but other than that I think it's ready. Open questions:
Thoughts? |
9988b15
to
53694e4
Compare
I believe changing the naming schema here is also going to force users to use the I'm not sure that's ideal, but if we go that route, we should also use |
53694e4
to
24fe813
Compare
We believe the best path forward is to stick to full names, at least for now. Last open question is regarding the implementation: I used metadata to pass around the "identifier" dumped by An alternative to using metadata would be to use add some custom logic right before passing it to the package manager (like Letting the package manager "decide" the logic to build the "identifier" for a dependency feels better, but it does require more work to allow passing that metadata around everywhere. |
In other places in Github, like in Security Advisories, or the Dependency Graph page, a different naming schema is used. This means that when we try to find security updates to resolve a certain alert for a dependency, we won't be able to match the dependency with the advisory in the alert, and Dependabot will see it as non vulnerable. So, normalize the schema to what the rest of GitHub uses.
24fe813
to
f1cb29c
Compare
This should go green once dependabot/smoke-tests#112 is merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense.
I suppose we could do dependency.name.split('/').last
but I like this better in case identity changes in a future version of Swift.
Oh your last comment says exactly the same, so yes we agree! |
In other places in Github, like in Security Advisories, or the Dependency Graph page, a different naming schema is used.
This means that when we try to find security updates to resolve a certain alert for a dependency, we won't be able to match the dependency with the advisory in the alert, and Dependabot will see it as non vulnerable.
So, normalize the schema to what the rest of GitHub uses.