Licensed::Git.version() is returning a bogus SHA from submodules about licensed HOT 7 CLOSED

@lildude ah it's not bogus. This (😞 unanticipated but arguably correct) change in behavior is because licensed no longer moves into the target directory before obtaining a commit SHA. Those SHA's that you're seeing are the linguist commits that updated the submodules, not the SHAs of the individual submodules.

I don't think this is a bug.

from licensed.

This (😞 unanticipated but arguably correct) change in behavior is because licensed no longer moves into the target directory before obtaining a commit SHA. Those SHA's that you're seeing are the linguist commits that updated the submodules, not the SHAs of the individual submodules.

🤯 yup, definitely unanticipated, and sort of makes sense now you mention it.

I don't think this is a bug.

🤔 If this is expected, it means new licenses won't be picked up until submodule updates have been committed:

$ git submodule update --remote
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 4 (delta 3), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (4/4), done.
From https://github.com/codemirror/CodeMirror
   af3bd431..ab3e78af  master     -> origin/master
Submodule path 'vendor/CodeMirror': checked out 'ab3e78afb0bc7f0bf56a2038539b2853715e38aa'
Submodule path 'vendor/grammars/JSyntax': checked out 'daf9ff2cb011571825338b57c48b87fa8cca065d'
Submodule path 'vendor/grammars/MagicPython': checked out 'ad6bd6211944a1b24c6594fa75ee3b15f60d7559'
Submodule path 'vendor/grammars/NimLime': checked out 'd71fd1ae94a8597cec72445bc87c760497a9763c'
[...]
$
$ script/licensed | grep Caching
Caching licenses for linguist:  <--- I'D EXPECT LICENSE CHANGE DETECTION HERE
$
$ git commit -am 'Updqte grammars' 
[testing be906be4] Updqte grammars
 38 files changed, 38 insertions(+), 38 deletions(-)
$
$ script/licensed | grep Caching
Caching licenses for linguist:
    Caching atom-language-purescript (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
    Caching language-apl (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
    Caching quake (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
    Caching sublime-MuPAD (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
    Caching language-csound (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
    Caching language-roff (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
    Caching objective-c.tmbundle (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
[...]
$

This seems very counter-intuitive to me and is likely to lead to the assumption by many using a similar approach to us, that there has been no change to the license(s) until much later, possibly too late. Some may also not like the pollution of their history that comes from having to commit the submodule updates and then the license updates separately.

We're effectively in the same boat as the way Go dependencies currently work, which I note you implemented a workaround for as part of the change in #78 so I guess I'm going to need to do the same for Linguist and our custom source.

I'm not sure if or how this should be documented as I suspect we're in a unique position at the moment.

from licensed.

If this is expected, it means new licenses won't be picked up until submodule updates have been committed:
This seems very counter-intuitive to me and is likely to lead to the assumption by many using a similar approach to us, that there has been no change to the license(s) until much later, possibly too late.

IMO this is desired and how it should be working, at least when using the Git commit SHA as a version identifier. Having licensed pick up changes before they're committed into a repo sounds like a bug to me, as it doesn't necessarily reflect the state of the project that is distributed to others.

We're effectively in the same boat as the way Go dependencies currently work, which I note you implemented a workaround for as part of the change in #78

To be clear, that was not a workaround for submodules that are committed into the repo. That was a workaround for downloaded external projects that exist outside the repo.

I guess I'm going to need to do the same for Linguist and our custom source.

Sure. To be honest I'm not sure thats the correct thing to be doing as you're opening Linguist up to having mismatches between the committed submodule reference and whats in the license metadata.

from licensed.

To be honest I'm not sure thats the correct thing to be doing as you're opening Linguist up to having mismatches between the committed submodule reference and whats in the license metadata.

I'm not sure I follow how. Can you please elaborate.

From my experimenting this morning, having it this way means the cached license is tied to the version in the submodule SHA that we reference in Linguist. Both are committed to the repo at the same time as part of the slightly modified release process.

from licensed.

Can you please elaborate.

Sure! If someone were to update a submodule reference, cache license metadata then update a submodule reference again, there would be a mismatch.

I guess as long as the method of obtaining the submodule reference is consistent then licensed would complain about the metadata being out of date when checking metadata status.

🤔

from licensed.

@lildude theres now a source available for git submodules that will use the SHA of the submodule as the version string. With that source available then any manifest can and should continue to use commit SHAs for the root repo as opposed to the submodule.

👍 to close this issue?

from licensed.

👍 to close this issue?

👍 looks like it might do what I've implemented in Linguist. I'll look to update Linguist when I've got the bandwidth. Thanks for implementing this. 🙇 Closing.

from licensed.