Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Git to environment.yml #45

Merged
merged 3 commits into from
Mar 3, 2023

Conversation

MattF-NSIDC
Copy link

The version of Git that comes with Ubuntu 18 is pretty dated. My main concern is the lack of the modern switch and restore subcommands, which provide a more intuitive alternative to the checkout interface (I believe git checkout is unintuitive because it can both switch branches and restore files from another ref depending on invocation pattern). To avoid confusion, I prefer to avoid introducing new Git users to the checkout subcommand.

My other concern is the discovery of vulnerabilities in Git this past January. Based on this announcement, the fix was backported only to versions >= 2.30, whereas this image currently has 2.17.1.

This change is installing Git from conda-forge, but normally I'd use the git-core ppa for this. I don't think there's a way to do this without falling back to a custom Dockerfile.

@MattF-NSIDC MattF-NSIDC requested a review from weiji14 March 3, 2023 20:33
@github-actions
Copy link

github-actions bot commented Mar 3, 2023

Binder 👈 Test this PR on Binder

Copy link
Member

@weiji14 weiji14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I'm a big fan of git switch as well! Could you write a comment below with just /condalock to regenerate the lockfile? Thanks!

environment.yml Outdated Show resolved Hide resolved
@MattF-NSIDC
Copy link
Author

/condalock

@MattF-NSIDC
Copy link
Author

MattF-NSIDC commented Mar 3, 2023

@weiji14 I accepted your suggestion, but after doing so the commit generated by GitHub shows up as "Partially Verified". Any idea how to get around this?

We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.

@weiji14
Copy link
Member

weiji14 commented Mar 3, 2023

@weiji14 I accepted your suggestion, but after doing so the commit generated by GitHub shows up as "Partially Verified". Any idea how to get around this?

We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.

Only way is if you can get my signing key 😝 I've got vigilant mode enabled (see https://docs.github.com/en/authentication/managing-commit-signature-verification/displaying-verification-statuses-for-all-of-your-commits#about-vigilant-mode), so any commits people do on my behalf (i.e. co-authored) will show up like that, which is fine.

@weiji14 weiji14 enabled auto-merge March 3, 2023 23:37
@weiji14 weiji14 disabled auto-merge March 3, 2023 23:39
@weiji14 weiji14 merged commit a087952 into CryoInTheCloud:main Mar 3, 2023
@weiji14
Copy link
Member

weiji14 commented Mar 3, 2023

Thanks @MattF-NSIDC! Just a note that the dependency updates won't show up on the CryoCloud JupyterHub immediately. I think @tsnow03 will need to update some configuration following https://github.com/CryoInTheCloud/hub-image#updating-the-cryocloud-jupyterhub-to-use-a-new-image to point to the newly built docker image.

@MattF-NSIDC MattF-NSIDC deleted the add-modern-git branch March 4, 2023 00:08
@MattF-NSIDC
Copy link
Author

Awesome, thanks for your help getting this change out! ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants