Lock file is updated during install with multiple tags for the same commit #403

davidreuss · 2024-11-15T10:44:43Z

What steps did you take:

I have a repository, where we keep a "floating" major version say v1 for my project (for referencing with github actions for instance), but it's also tagged with the exact semver version.

What happened:

When running vendir sync --locked i'm seeing the vendir.lock.yml file updated to reflect a difference in the tags property of a dependency.

We have CI jobs which checks that there are no differences in lock files, to determine if there's something changed or not, and this check is now failing randomly depending on when the last vendir sync was executed, and what the state of the tags in the upstream project is at the time.

An example diff of what i observed below:

❯ git diff
diff --git a/vendir.lock.yml b/vendir.lock.yml
index 9e368a61..eb476075 100755
--- a/vendir.lock.yml
+++ b/vendir.lock.yml
@@ -5,7 +5,7 @@ directories:
       commitTitle: 'fix: foobar'
       sha: 874ffaa568150eba07a1794a67ede807efae655b
       tags:
-      - v1
+      - v1.0.1
     path: .
   path: vendor/cicd-toolkit
 - contents:

What did you expect:

I expect the lockfile to not be updated when i'm installing dependencies from that lock file, with vendir sync --locked

Environment:

❯ vendir --version
vendir version 0.41.1

This is on mac os but i don't think there's any platform/arch issue going on here.

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

The text was updated successfully, but these errors were encountered:

joaopapereira · 2024-11-19T15:47:16Z

Thanks for opening this issue
I was looking into this issue and I am trying to better understand the scenario here, let me know if this is accurate

You create the v1 tag
Add create the vendir Lock file
Retag the same sha with the v1.0.1 tag
Move v1 tag to a different sha
run vendir --lock

Is this what you are experiencing?

davidreuss added bug This issue describes a defect or unexpected behavior carvel-triage This issue has not yet been reviewed for validity labels Nov 15, 2024

carvel-bot added this to Carvel Nov 15, 2024

davidreuss changed the title ~~Lock file is updated when multiple tags are created for the same version/sha~~ Lock file is updated during _install_ when multiple tags are created for the same version/sha Nov 15, 2024

davidreuss changed the title ~~Lock file is updated during _install_ when multiple tags are created for the same version/sha~~ Lock file is updated during install when multiple tags are created for the same version/sha Nov 15, 2024

davidreuss changed the title ~~Lock file is updated during install when multiple tags are created for the same version/sha~~ Lock file is updated during install with multiple tags for the same commit Nov 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Lock file is updated during install with multiple tags for the same commit #403

Lock file is updated during install with multiple tags for the same commit #403

davidreuss commented Nov 15, 2024 •

edited

Loading

joaopapereira commented Nov 19, 2024

Lock file is updated during install with multiple tags for the same commit #403

Lock file is updated during install with multiple tags for the same commit #403

Comments

davidreuss commented Nov 15, 2024 • edited Loading

joaopapereira commented Nov 19, 2024

davidreuss commented Nov 15, 2024 •

edited

Loading