<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">Mads Kiilerich <<a href="mailto:mads@kiilerich.com">mads@kiilerich.com</a>> schrieb am Di., 14. Nov. 2017 um 02:17 Uhr:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<div class="m_1240061033267430426moz-cite-prefix">On 11/13/2017 08:36 PM, Dominik Ruf
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div>I don't like the npm dependency for pip installations
either.</div>
<div>I think it'd be better to include the bootstrap source
files and minified files in the manifest.</div>
<div>That way, one can use any less (and minification) tool
(even offline) and we comply to the GPL.</div>
<div>This doesn't mean these source file should be in our
mercurial repository.</div>
<div>(I strongly believe they should not.)</div>
<div>We (the developers) should add scripts/tools to the
repository that make it easy for us</div>
<div>to add and update 3rd-party less, css and js libraries.</div>
<div>In my view npm is the easiest tool for this.</div>
</div>
</div>
</blockquote>
<br></div><div text="#000000" bgcolor="#FFFFFF">
Dominik, that sounds great. Especially since you have been doing
most of the recent front-end work and is the biggest stakeholder. I
didn't want to put more load on you and try to make you solve more
problems.<br>
<br>
<br>
So, we envision a plan that is something like this:<br>
<br>
We ship compiled front-end code ... and take care to make sure that
we make all corresponding source available so we comply with GPL.<br></div></blockquote><div>Yes </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
We pin/lock our preferred dependency versions, but do not "vendor"
them in our source repository. Other dependency versions than the
preferred ones might work too. The preferred versions of our
dependencies will be used and shipped with our releases.<br></div></blockquote><div>Yes </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
Making a release (and uploading to pypi will require npm).
Installing Kallithea from pypi or other official releases will not
require npm or sources.<br></div></blockquote><div>Yes </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
The release build process is thus the following steps:<br>
1. download source packages for all dependencies using npm<br>
2. running offline, only using these source packages, compile the
front-end code<br>
3. ship the compiled front-end code in the python package, and also
ship all the dependency sources - details TBD<br></div></blockquote><div>Yes </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
Development will require npm and compiling from source, where the
source probably either is from a previous release or direct npm
downloads.<br></div></blockquote><div>Yes </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
The biggest open question I see is about how we distribute the
corresponding source. I see 3 safe options:<br>
1. Include all corresponding source in the pypi package together
with the compiled front-end code (which do that people don't really
need the source unless they redistribute, but make compliance very
explicit ...). How much bigger twill that make the package?<br></div></blockquote><div>A quick look at the less folder of bootstrap says it is 206kB. There are a few more files that should/need to be included, but it should not be much more.</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
2. Publish all the corresponding source in a separate pypi package
so it is obvious that when we are using pypi to "redistribute" our
package, pypi also offer the corresponding source.<br>
3. Publish the source on <a href="http://kallithea-scm.org" target="_blank">kallithea-scm.org</a>, which is our main
distribution point and is the place we generally provide source
from.<br></div></blockquote><div>At the beginning I thought we should go with option 3. But it is not that much data and I think</div><div>it is easier for us. So I prefer option 1. now. </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
It might be annoying that we require npm for the development,
download, and building releases. If someone wants to, they can
perhaps change the details of this and provide Python based tooling
without changing this overall concept.<br>
<br>
<br>
Do you agree on this plan?</div></blockquote><div>Yes </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">How can we make it happen?</div></blockquote><div>I'll update the pypi manifest file in future PRs.</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><br>
<br>
/Mads<br>
</div></blockquote></div></div>