On 11/13/2017 08:36 PM, Dominik Ruf wrote:
I don't like the npm dependency for pip installations either.
I think it'd be better to include the bootstrap source files and
minified files in the manifest.
That way, one can use any less (and minification) tool (even offline)
and we comply to the GPL.
This doesn't mean these source file should be in our mercurial repository.
(I strongly believe they should not.)
We (the developers) should add scripts/tools to the repository that
make it easy for us
to add and update 3rd-party less, css and js libraries.
In my view npm is the easiest tool for this.
Dominik, that sounds great. Especially since you have been doing most of
the recent front-end work and is the biggest stakeholder. I didn't want
to put more load on you and try to make you solve more problems.
So, we envision a plan that is something like this:
We ship compiled front-end code ... and take care to make sure that we
make all corresponding source available so we comply with GPL.
We pin/lock our preferred dependency versions, but do not "vendor" them
in our source repository. Other dependency versions than the preferred
ones might work too. The preferred versions of our dependencies will be
used and shipped with our releases.
Making a release (and uploading to pypi will require npm). Installing
Kallithea from pypi or other official releases will not require npm or
sources.
The release build process is thus the following steps:
1. download source packages for all dependencies using npm
2. running offline, only using these source packages, compile the
front-end code
3. ship the compiled front-end code in the python package, and also ship
all the dependency sources - details TBD
Development will require npm and compiling from source, where the source
probably either is from a previous release or direct npm downloads.
The biggest open question I see is about how we distribute the
corresponding source. I see 3 safe options:
1. Include all corresponding source in the pypi package together with
the compiled front-end code (which do that people don't really need the
source unless they redistribute, but make compliance very explicit ...).
How much bigger twill that make the package?
2. Publish all the corresponding source in a separate pypi package so it
is obvious that when we are using pypi to "redistribute" our package,
pypi also offer the corresponding source.
3. Publish the source on kallithea-scm.org, which is our main
distribution point and is the place we generally provide source from.
It might be annoying that we require npm for the development, download,
and building releases. If someone wants to, they can perhaps change the
details of this and provide Python based tooling without changing this
overall concept.
Do you agree on this plan? How can we make it happen?
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
