Lock file is updated during install with multiple tags for the same commit #403
Description
What steps did you take:
I have a repository, where we keep a "floating" major version say v1 for my project (for referencing with github actions for instance), but it's also tagged with the exact semver version.
What happened:
When running vendir sync --locked i'm seeing the vendir.lock.yml file updated to reflect a difference in the tags property of a dependency.
We have CI jobs which checks that there are no differences in lock files, to determine if there's something changed or not, and this check is now failing randomly depending on when the last vendir sync was executed, and what the state of the tags in the upstream project is at the time.
An example diff of what i observed below:
❯ git diff
diff --git a/vendir.lock.yml b/vendir.lock.yml
index 9e368a61..eb476075 100755
--- a/vendir.lock.yml
+++ b/vendir.lock.yml
@@ -5,7 +5,7 @@ directories:
commitTitle: 'fix: foobar'
sha: 874ffaa568150eba07a1794a67ede807efae655b
tags:
- - v1
+ - v1.0.1
path: .
path: vendor/cicd-toolkit
- contents:What did you expect:
I expect the lockfile to not be updated when i'm installing dependencies from that lock file, with vendir sync --locked
Environment:
❯ vendir --version
vendir version 0.41.1
This is on mac os but i don't think there's any platform/arch issue going on here.
Vote on this request
This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.
👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"
We are also happy to receive and review Pull Requests if you want to help working on this issue.