chore: Pinning submodules to commit SHA#1084
chore: Pinning submodules to commit SHA#1084ChaosEternal wants to merge 1 commit intoapache:mainfrom
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hi, @ChaosEternal welcome!🎊 Thanks for taking the effort to make our project better! 🙌 Keep making such awesome contributions!
edespino
left a comment
edespino
left a comment
There was a problem hiding this comment.
Thanks for outlining the plan and rationale — pinning submodules to a specific commit SHA is definitely a step forward for ensuring reproducibility.
That said, since several of the submodules appear to reference well-established upstream projects (e.g., googletest, benchmark, tabulate), it's worth considering tag-based pinning instead of raw commit SHAs where possible. Git submodules can reference a tag — essentially, you'd checkout the desired tag in the submodule and commit that state in the superproject. This approach has a few advantages:
- Improved traceability: Tags often correspond to stable releases (e.g.,
v1.14.0), which makes it easier to understand what version is being used at a glance. - Community alignment: Staying in sync with upstream’s versioning helps when debugging or contributing upstream.
- Reduced churn: Upstream tags are less likely to be force-pushed or removed compared to commits on active branches.
Here’s how you might do it:
cd submodule-dir
git fetch --tags
git checkout tags/v1.14.0
cd ../
git add submodule-dir
git commit -m "Update submodule to tag v1.14.0"This doesn’t prevent you from switching to a subtree model later, which has its own merits, especially for long-term archival or if upstream becomes unstable or disappears. But in the meantime, where upstream uses semver-style tagging, tagging improves clarity and slightly reduces maintenance overhead compared to opaque SHAs.
Happy to help explore this option further if there’s interest.
3137465194014d66a8402941e80d2bccc6346f51 contrib/pax_storage/src/cpp/contrib/cpp-stub (heads/master) 0da57b85cf23e48d0e515f58c65a25425dbde012 contrib/pax_storage/src/cpp/contrib/googlebench (heads/main) 52204f78f94d7512df1f0f3bea1d47437a2c3a58 contrib/pax_storage/src/cpp/contrib/googletest (heads/v1.15.x) 3a58301067bbc03da89ae5a51b3e05b7da719d38 contrib/pax_storage/src/cpp/contrib/tabulate (heads/master) 61c03f62b370b685b7994830b570a88d05ba15ab dependency/yyjson (heads/master) a09ea700d32bab83325aff9ff34d0582e50e3997 gpcontrib/gpcloud/test/googletest (heads/main)
|
Hi, is there any update on this PR? We're nearing the release, but there hasn't been any recent developments. We need to make progress. If we can't reach a consensus at this time, we can postpone this PR from the 2.0.0 release. |
|
I created a new PR to pin submodule dependencies to specific versions: #1212. We can include this PR in the upcoming 2.1 release. Also, feel free to use this as a base for future work. |
3 participants
Fixes #1083
What does this PR do?
Pinning the submodules to their commit SHA
Type of Change
Test Plan
make installcheckmake -C src/test installcheck-cbdb-parallelImpact
Checklist
Additional Context
CI Skip Instructions