Here's my project development process:
feature/feature1
feature/feature2
feature/etc..
master
production
I develop my features on the features branches, when I have finished with a branch, I merge it on master and delete it via github ui. CircleCI detect the merge and deploy the master on a staging server.
Later I merge manually the master branch onto the production one, and CircleCI deploy to my productions server.
I would like my package.json version to bump each time I merge a feature branch to the master branch (via github UI). But I have no idea if
Github allow to do so (if yes please can you explain to me?)
It's a good process
I'm aware I could do it via npm version command when I merge master onto production, but I do need the version to be updated on the master automatically when I merge a branch into it.
Don't hesitate to criticize my way to proceed and tell me yours. :)
Thank you
I don't think Github offers any such feature. But there are some grunt modules that do this during build time. You could probably script this or have a make file that does this for you as well.
I don't think this is good way of versioning. After you are done with a feature, you have to decide if the changes you have made are minor or major. Some times you might commit breaking changes. Just incrementing the version number form 1.0.1 to 1.0.2 or say 1.1.0 to 1.1.1 (every time) will not convey the magnitude of these changes. Best Practice: Software Versioning
The best practices for versioning are already covered here.
We manage versioning manually where I work. Before each release we create a tag (v1.0.3, v1.1.4..etc) and then create a release on Github. In the description of the release we put all new commits. Going through the commit message gives us a good idea of the changes that were made. If the changes only involve bug fixes and minor feature additions we will increment the minor number ie. 1.2.1 to 1.2.2.
If a major new feature is added, we increment the major version number ie. 1.2.2 to 1.3.0. When we add many breaking changes we go from 1.3.0 to 2.0.0.
Sometimes we are loose with versioning. Our API is not public and the only reason we use versioning is for deploying and for rolling back. If you are expecting to make you work open source and or expecting to make your work available through some kind of package manager, like say npm, you should follow semver versioning strictly.
Related
github.com/hyperledger/fabric makes use of github.com/hyperledger/fabric-protos-go repo as a dependency module to setup gRPC communication between nodes. These fabric-protos-go files are generated by .proto of github.com/hyperledger/fabric-protos repo.
I have cloned github.com/hyperledger/fabric Tag:v2.4.7 repo and making some updates on it. I need to generate some go structs to use by defining new message in .proto files.
This fabric-v2.4.7 depends on github.com/hyperledger/fabric-protos-go v0.0.0-20220315113721-7dc293e117f7 as per the go.mod
But I am not able to identify which version of fabric-protos led to generation this fabric-protos-go v0.0.0-20220315113721-7dc293e117f7. Because if I clone the the latest version of fabric-protos repo to generate go files and use as dependency its throwing many incompatibility errors.
Please let me know how can I determine which version of fabric-protos-go and fabric-protos were used in a specific fabric tag.
This documentation page for fabric-protos mentions which versions of the protocol buffer bindings correspond to which Fabric versions:
https://hyperledger.github.io/fabric-protos/
The protocol buffer definition files are in branches of the fabric-protos repository, named the same as the versions in the documentation page above. Currently the main branch contains the definitions for Fabric v3 (the v0.3.x versions of the published bindings).
If you are making modifications, you should just pick the HEAD (latest commit) of the appropriate branch on which to base your change. Avoid making breaking changes. Changes will also need to be applied to any more recent versions (branches) so compatibility is maintained going forwards. A good strategy if you actually come to push changes to the repository is probably to raise a pull request for the main branch first, then cherry-pick changes back to as many earlier version branches as you need.
I'm maintaining some large NodeJS applications(micro-services, apps), which consume many(at least 100+) dependencies.
Updating those dependencies to fix a security vulnerability forces me to spend valuable development time.
Is there any way to automate package updates across repositories?
We're using GitLab for SCM.
I had thought of some options like:
Separating out core dependencies into a base level library.
Maintain a repository that specifies security-cleared dependency versions and repositories to be updated whenever the cleared list changes.
Any additional suggestions/examples?
Just to help shortlist approaches mentioned in the question:
1. Separating core dependencies into a "Core" library.
This can reduce the number of updates. But the libraries based on "Core" sill still have their own dependencies, which may be prone to vulnerabilities and the update cycle must be repeated for them manually. This approach just procrastinate the manual updates.
2. Maintain a repository that specifies security-cleared dependency versions and repositories to be updated whenever the cleared list changes.
Couple of options here:
Article on automating via pipeline scripts
GitHub: Use next-update + Hub CLI
GitLab: Use next-update + Lab CLI
Implement dependabot-core(GitHub) or dependabot-gitlab(GitLab)
Implement renovate.
I’m on a .net c# project composed by a solution with several class library projects.
The source control is managed by git using gitflow as branching model.
We have decided that we wanted to implement semantic versioning (http://semver.org/) of the project in order to follow a standard way to communicate our releases.
For that we are using GitVersionTask (via NuGet) which works pretty well with gitflow.
Every time we tag a release and we perform a build from the master branch the version of all assemblies are updated and a new release is out for delivery.
Only one of the assemblies has a public API, all the other are for internal consume. I would like to know if this is the correct way to manage the version of multiple assemblies of the same project I mean, isn’t it wrong to change the version of every assembly when only a couple (or even just one) was changed? To get thinks more complicated there is strong possibility that some of the “internal” assemblies will be used by other projects so I believe it not very wise to increment a major version of an assembly that didn’t suffer a change just because another assembly of the same project is promoting breaking changes. Should each assembly project be managed on its own repository?
Thanks in advance.
I know this is a bit of an old question, still:
I want to share a workaround that seems to be working:
GitVersion uses $(Build.SourcesDirectory) to see where the sources are located - src
We can change this using logging commands*
Workaround is to set the Build.SourcesDirectory before GitVersion task
Then gitVersion uses the GitVersion.yml from the project folder (Build.SourceDirectory) and voila - works
After that you might want to roll back the change or not - depending on your need. For me it seems it is nice to scope down to the only nuget package from the collection of nuget packages in our nugetPackages monorepo.
see GitVersion issue and comment
*Example Powershell command:
standard PowerShell task; set to inline script;
Write-Host "##vso[task.setvariable variable=Build_SourcesDirectory;]$(Build.SourcesDirectory)\$(NugetProjectName)"
There is certainly nothing in GitVersion that would help with having separate projects within the same repository. The guidance that we would offer here is that you should use different repositories for the different parts of your application. That way they can be versioned/updated at their own cadence.
I'm currently struggling with automatic merges of a semantic versioned node project. In my current setup I have to maintain multiple older (minor) versions of the applications. To ensure that bug fixes in older versions are also applied to newer versions I'm using release branches in combination with bit buckets feature of auto merging. It works great apart from permanent auto merge conflicts with the version of the application that has to be stored in the package.json. Each time an auto merge happens there is a version conflict with the newer release versions.
Is there any way to avoid those merge conflicts? I fiddled around with a custom merging driver (https://gist.github.com/jphaas/ad7823b3469aac112a52), it kind of works but in my opinion there should be an easier solution like storing the version in a dedicated file (e.g .npmversion) and using build in merge drivers.
I am working on a SaaS application with node.js using npm for managing dependencies. I am trying to decide what to do about the version number. Our release model will be to market features and release when ready, rather than marketing versions.
I am looking for advice on the version field for package.json. Since we won't be publishing the app to the npm registry, I can really use whatever version number I want. I really don't want to maintain a typical version number like 1.0, 1.2, 2.0, etc. Since a release is simply a project that ships when ready, dates make better versions for me, like "RELEASE_20130104", but npm requires that the version field in package.json be parseable by semver rules.
I am interested in hearing what the rest of the community has done for SaaS npm-based apps.
Requirements:
Effortless - I don't want to waste time debating between 1.2.0 or 2.0. It's just the next release.
Must satisfy the npm version syntax rules.
Nice-to-haves:
Scriptable through a build process, like extracting SVN branch and
revision number.
Version means something, like the release date.
Solutions I have come up with:
Strictly follow semver major.minor.patch pattern. This will require separate scripts for different release types and will be a nightmare for pre-release builds.
Express the release date in semver format like "2013.01.04"
SVN revision number + branch or tag name like "21484-BugFix21". Downside there is that non-release builds' versions don't tell you what release version they are branched from.
Pick a dummy version and never change it like "1.0.0". Track the version in the format I want in a separate field, like "appRelease": "2013.01.04".
I don't expect right or wrong answers. There are a ton of solutions. I am looking to see what approaches others have taken in the past.