Investigate a method for versioning builders #20

jthegedus · 2019-11-14T10:19:20Z

I don't want to use the latest tag exclusively in case of a bad update. What methods could be used to version these?

dbrtly · 2024-06-26T04:46:42Z

Should the custom-builders.yaml file include a sha256 key with value matching a specific commit?

jthegedus · 2024-06-26T23:34:26Z

Yes, I think that would be the ideal method. Should probably also support a "major" version as has become the trend with GitHub Actions, so people can use builder@1 and automatically get the latest for that major version... not sure.

It becomes a question of ease-of-use vs what is the most secure. Given no dependabot support, a builder which runs and checks builder versions would also be useful. Or just get https://github.com/sethvargo/ratchet to support meta-builders (if it even needs changes to 🤔)

What I described above are called "versioned" (sha) and "unversioned" (major semver #) in Ratchet - https://github.com/sethvargo/ratchet#terminology

jthegedus added the enhancement New feature or request label Nov 14, 2019

jthegedus self-assigned this Nov 14, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Investigate a method for versioning builders #20

Investigate a method for versioning builders #20

jthegedus commented Nov 14, 2019

dbrtly commented Jun 26, 2024

jthegedus commented Jun 26, 2024 •

edited

Loading

Investigate a method for versioning builders #20

Investigate a method for versioning builders #20

Comments

jthegedus commented Nov 14, 2019

dbrtly commented Jun 26, 2024

jthegedus commented Jun 26, 2024 • edited Loading

jthegedus commented Jun 26, 2024 •

edited

Loading