Re: Q: uscan with GitHub

2022-10-25 Thread Volans 
On Tue, Oct 11, 2022 at 10:23 AM Stephan Lachnit 
wrote:

> On Sun, Oct 9, 2022 at 7:06 PM Volans  wrote:
> >
> > I've encountered the same problem and come out with a version of the
> watch file using the GitHub APIs. In my case I also needed to download the
> PGP signature. I've add some comments to the watch file for an easier
> understanding.
> >
> > The approach should be generic enough to work for others [1].
> >
> > The package name in the URL could also be replaced with @PACKAGE@ if
> that's the same of the GitHub project name.
> > In my case too, tags are prefixed with a 'v' (i.e. v1.2.3), but that's
> easily adaptable to different formats.
> >
> > What is the process to find an agreement on which updated version should
> be published on the wiki [2] ?
>
> I mentioned it before, one should increase the limit of results per
> page to the maximum (which is 100).
> Also I don't think using `@PACKAGE@` is a good idea inside the URL as
> it is maybe different from the Debian source package name.
>
> For releases I use something like (w/o signatures):
> ```
> version=4
> opts="searchmode=plain,\
> filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%" \
> https://api.github.com/repos///releases?per_page=100 \
> https://api.github.com/repos/[^/]+/[^/]+/tarball/v?@ANY_VERSION@
> ```
> For tags:
> ```
> version=4
> opts="searchmode=plain,\
> filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%" \
> https://api.github.com/repos///tags?per_page=100 \
> https://api.github.com/repos/[^/]+/[^/]+/tarball/refs/tags/v?@ANY_VERSION@
> ```
>
> One could probably combine the tarball search link into a unified
> regex expression, didn't try that yet.
>
> Overall I agree that the Github API thing should be documented in the
> Wiki and in the uscan man page.
>
> Cheers,
> Stephan
>

Sure, I agree for the API page size, thanks for the suggestion.

To add some additional burden I noticed that the archive downloaded from
the API [1] is different from the one downloaded from the browser [2]
because they have a different top-level directory name, while the API one
has:
{OWNER}-{REPO}-{REF_SHA1}/
where REF_SHA1 is the SHA1 of refs/tags/{TAG_NAME}, the browser one has:
{OWNER}-{VERSION}/
where, at least in my case, VERSION is the tag name without the leading
'v'. For a tag name of 'v0.2.0' I get 'gjson-py-0.2.0.tar.gz' that
extracted creates 'gjson-py-0.2.0/' (note the lack of 'v' in the names).

Because of the two different directory structures, the tar.gz files are
different so any md5 or gpg signature verification made on one would fail
with the other, adding additional confusion or complexity.
For now I'll probably upload to the release page the signatures of both
files, but this is definitely suboptimal.

Riccardo

[1] https://api.github.com/repos/{OWNER}/{REPO}/tarball/{RELEASE}
[2] https://codeload.github.com/{OWNER}/{REPO}/tar.gz/refs/tags/{RELEASE}

Re: Q: uscan with GitHub

2022-10-09 Thread Volans 
>
> On Mon, 19 Sep 2022 at 18:12:15 +0200, Samuel Thibault wrote:
> > julien.pu...@gmail.com, le lun. 19 sept. 2022 18:00:37 +0200, a ecrit:
> > > Le lundi 19 septembre 2022 à 20:50 +0900, Hideki Yamane a écrit :
> > > >  Recent changes in GitHub releases pages, I cannot check upstream
> > > > version with uscan. How do you deal with it?
> > >
> > > version=4
> > > opts="\
> > > dversionmangle=s/\+dfsg.*$//,\
> > > filenamemangle=s/.+\/[vV]?(\d\S+)\.tar\.gz/coq-$1\.tar\.gz/,\
> > > repack,repacksuffix=+dfsg,\
> > > " \
> > > https://github.com/coq/coq/tags .*/[vV]?(\d[^\s+]+)\.tar\.gz
> >
> > That works for the tags page, but not for the releases page... The
> > problem is that the tags page only contains snapshots of the repository,
> > and not an autoconf-ed tarball.


> It's quite noisy and unpleasant, but here's the best I could come up with:
>
> https://salsa.debian.org/debian/bubblewrap/-/blob/debian/latest/debian/watch
> (my upstream here uses tags like v1.2.3, adjust as necessary if yours
> doesn't)


> or if you need to repack for DFSG reasons:
> https://salsa.debian.org/sdl-team/libsdl2/-/blob/master/debian/watch
> (in this case my upstream uses tags like release-1.2.3)


> smcv


I've encountered the same problem and come out with a version of the watch
file using the GitHub APIs. In my case I also needed to download the PGP
signature. I've add some comments to the watch file for an easier
understanding.

The approach should be generic enough to work for others [1].

The package name in the URL could also be replaced with @PACKAGE@ if that's
the same of the GitHub project name.
In my case too, tags are prefixed with a 'v' (i.e. v1.2.3), but that's
easily adaptable to different formats.

What is the process to find an agreement on which updated version should be
published on the wiki [2] ?

Thanks,
Riccardo

[1] https://github.com/volans-/gjson-py/blob/debian/debian/watch
[2] https://wiki.debian.org/debian/watch#GitHub