Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[lua] Remove haxe-deps and directly reference dependencies; re-enable CI #10916

Merged
merged 16 commits into from
Jan 4, 2023
Merged

[lua] Remove haxe-deps and directly reference dependencies; re-enable CI #10916

merged 16 commits into from
Jan 4, 2023

Conversation

inklit
Copy link
Contributor

@inklit inklit commented Jan 3, 2023
edited
Loading

This removes the abandoned haxe-deps LuaRocks reference for lua tests.
While we could have forked it, it is more secure to just directly reference the dependencies (avoiding a supply chain attack, similar to those that have happened on nodejs package managers before).

This resolves #10777 and #5024, and skips unit test Issue10752 (#10752) for Lua, and re-enables CI tests for Lua

@inklit inklit marked this pull request as draft January 3, 2023 23:36
@inklit inklit changed the title WIP: [lua] Remove haxe-deps and directly reference dependencies; re-enable CI [lua] Remove haxe-deps and directly reference dependencies; re-enable CI Jan 3, 2023
@inklit inklit marked this pull request as ready for review January 4, 2023 00:50
@inklit inklit mentioned this pull request Jan 4, 2023
Closed
@Simn
Copy link
Member

Simn commented Jan 4, 2023

Nice! And wow, they actually still pass, that's a nice surprise. In the long run, we should still sort out the haxe-deps situation, but for now this is a very welcome addition. Thank you!

@Simn Simn merged commit 5979f57 into HaxeFoundation:development Jan 4, 2023
@skial skial mentioned this pull request Jan 4, 2023
Closed
1 task
@kLabz kLabz mentioned this pull request Jan 5, 2023
Open
@Uzume
Copy link

Uzume commented Mar 25, 2023
edited
Loading

Thank you.

[...]In the long run, we should still sort out the haxe-deps situation, but for now this is a very welcome addition.[...]

If we are to switch back to haxe-deps, I recommend we take it over and have that luarock be sourced from this repo (not a separate one). That said, I am not sure we really need something like haxe-deps even if it is sort of useful from a user perspective.

This was referenced Mar 25, 2023
Closed
Merged
@danielo515
Copy link
Contributor

danielo515 commented Mar 26, 2023 via email

@Uzume
Copy link

Uzume commented Mar 26, 2023
edited
Loading

What is Haxe-deps?

@danielo515: haxe-deps or jdonaldson/haxe-deps is an apparently unmaintained LuaRocks package that contained nothing but dependencies necessary for Haxe.

At some point we switched to using that to ensure all the Lua dependencies for Haxe were installed (and it is handy for user installs), however, is has not been maintained/updated so now it is only deceptive.

I meant by my statement that if we go back to something like haxe-deps then it should be owned and maintained by this repo and not some random third-party. That way it can be kept up-to-date with the code that actually needs/uses it (since it lives in the same place).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielo515 danielo515 danielo515 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Restoring lua tests
4 participants
@inklit @Simn @Uzume @danielo515