* feat(cli): version flag
Adds a --version flag to jb. Only available on go versions greater than 1.12
* style: add license headers
* chore(ci): generate only on latest go
* fix: unique step names
* doc: include version in README help text
* fix: rebuild .drone.yml using drone.cli
* fix: remove race condidion from CI
Adding a dep, or updating a dependency version makes writes to the
jsonnet files.
We evaluate the changes on each of the files. An empty jsonnetfile.json
does not create a corresponding lockfile, as a missing lockfile is not
different from its previous (non existent).
- allow to install pkg that is already locked
- clean unknown files from vendor
- correctly handle checksums and locked versions (was accidentally ignoring
- these before)
Packages are unique anyways so it makes sense to use a map to avoid having
duplicates.
For compatibility reasons custom json (un)marshallers hide this change from the
end user
rewrites the installation of packages from scratch to solve several issues with
the existing implementation:
- does not need to choose between lockfile and jsonnetfile anymore. The
jsonnetfile what to be installed, while the lockfile also has versions and
checksums of all packages, even nested ones.
- the lockfile is regenerated on every run, preserving the locked values
- downloaded packages are hashed using sha256 to make sure we receive what we
expect. If files on the local disk are modified, they are downloaded again.
So far, `pkg` and `pkg/jsonnetfile` had overlapping functionality when it came
to choosing and loading jsonnetfiles.
This fully switches to the separate package `pkg/jsonnetfile` that seems to be
created for exactly this purpose
Refactors the dependency parsing function chain to evaluate the type of the
dependency right in `parseDependency` to make it clearer what is going on while
reading the code. Before, functions were returning if it was a different type,
which was not that clear from `parseDependency`.
Not using an undocumented ETag header from the GitHub archive API is
probably for the best. This is slightly slower due to extra round-trip,
but it is still much faster than cloning the repository to resolve the
ref.
Signed-off-by: Benoit Gagnon <benoit.gagnon@ubisoft.com>
