Decide on a replacement for $Id$ tags in files

[snip] they'll still be in files wherever they were before, albeit unexpanded.

I very much doubt this, I would bet most of the tags are actually expanded.

Should all CVS keywords be accounted for? I had to google for a list of them and found this http://ximbiot.com/cvs/manual/cvs-1.11.6/cvs_12.html

Issue title specifies $Id$ but description says

remove the tags in all their various forms

Sam, is there documentation for how one runs through the migration path locally if someone* wanted to work on this, against some realistic test data?

* Not volunteering! :D

And this is good why?

Is there a way to keep $Id$ in the files with GIT? Or at least transform them to comments?

Without these tags it will be next to impossible for most of our users to distinguish which file is more recent, or which version to file is, etc.

Also, when posting issues on d.o., we will not be able to say which version of the file we need help with.

This is specially true to users who work with FTP and don't use any version control.

So in case this was not evident: the $Id$ tag gives you a human readable way to check on the freshness of a file. It's not a machine thing.

@sdboyer: Agreed, in an ideal world everything should be under version control. However, there are real life example where having the revision number displayed inside the file would be important.

For example, the .htaccess file and the settings.php files. These two are often modified in production to override settings for various reasons. These two files do not always change from release to release.

A FTP user uploading files to its shared hosting repository cannot version control the file. For most of Drupal files, a simple file replacement works nicely, but for settings.php and .htaccess (if some settings are overridden), we need a way to know about the changes.

With CVS metadata, that was easy to spot a change in those two files. Without metadata, we will need to diff the files, see if there are changes, and if there are changes, apply the changes to the file.

There are a lot of support issues just for those two files and I am looking for a way to display version information inside these files.

So I guess I worry only about these two files: settings.php and .htaccess.

And I worry about the vast majority of users that download a tarball and do not use version control or cannot use version control.

How complicated would it to display revision number inside settings.php and .htaccess?

a) decide on what we want to replace $Id$ with

Any example of what it would look like?

Also, does this replacement need to be visible on all files or only on a subset of files?

As for specific information inside the *new* tag, if the 'date' is available and printed there, I am sure this will be enough for the use cases I have in mind.

@sdboyer: thanks for the clarification, it seems CVS will also expand $Id: $

A)
From some CVS docs:

This CVS keyword will expand out to the name of the RCS file (which is the name of the file plus a ,v), the revision number, the last modified date, and the username of the person to last modify the file.

Shouldn't we replace $Id$ with something that will show the same info? Perhaps even on one line as well? (although the full sha1 is long for that)

B)
So for replacing unexpanded the following regex should work \$Id[^$]*\$

we may need to rewrite ALL of the history with this new formatting system

Does that mean we need to replace expanded version of $Id$ as well?

I should note that \$Id[^$]*\$ is PCRE in case the script that's eventually written doesn't support PCRE

I thought the conclusion in IRC was to leave the expanded $Id$ tags in the imported files, and replace them in the tip of each branch so they can be git archive expaned when we make releases?

Let's hope the placeholder will expand correctly. I was not aware that GIT offered these.

And as CHX, I shall be happy with %ai. I don't think any other information is relevant for the end-users.

It appears they are expanded in all files based on the most recent commit. I've attached a screenshot that demonstrates this.

I used git archive -o test.zip HEAD to expand the text in file1/2/3.txt

The more I think about this, the more I think we should inject one way or the other a revision info only in two files:

• setting.php
• .htaccess

Can a script inject some type of revision info (the date being sufficient, here) inside those two files?

@xmacinfo - we are not just talking about Drupal core here, but rather every contrib module as well.

@pwolanin - Granted. My main concerns are for core. ;-)

Should it/ could it be the case that there is the option of expansion rules presented when downloading a release?

I guess this would come under the new Project module integration? It would seem that by having these tags remaining is a convenience for people not using version control on production servers. Perhaps I'm missing some other uses here but I think how the Id tags will remain to be useful will depend on the end user/developer. For a crude way of comparing latest files- I would just look at the modification date- but that's just me. Anything more complex then a standard diff is easy enough- especially with IDEs and GUI tools as good as they are.

The situation with most shared hosts is that version control can't be used and so expansion tags could be useful for some folks. For dedicated machines less so.

My point here is that it's horses for courses and the user should have the ability to decide whether expansion tags are included in downloads.

Any thoughts on how a choice could be integrated?

An afterthought.... should Id tags be left out altogether from source files as per discussed before and then have a date/version injected into the download if the user wants it?

I discussed this issue (like probably most people coming from SCCS/RCS/CVS do) a few months ago with several people on #git and the best (IMHO) suggestion, once past their initial outrage ("one of /these/ again") that came out of it was to

- do not touch the individual files in a normal checkout/pull, à la CVS
- generate the version info in one file in the packaged releases
- yes, even -dev releases, and maybe especially them, since these are the only ones which do not carry a meaningful version information otherwise,

this provides a easy, human-readable way, of identifying which version of a package is actually being used, and does not mess with the people using live checkouts and suggesting patches. These can use git themselves to examine version information anyway.

So here is the scenario: you have a client, unknown origins. She has some Drupal. You need to determine and quickly whether module X is up to date. Right now, regardless of what way that file landed there it will have a definite version number in it and anyone capable of operating an FTP client can do it. Even over the phone. Easily. This is not something we want to lose. Therefore adding keywords on packaging is unacceptable because what if the original developer have not used the package but git? And then uploaded via FTP and now there is no git to check with? Next, what if a shop does not use git, their checkout won't have drupal.org versions? This sounds bad.

@chx: this is exactly how I presented the problem at that time, and the solution satisfied me, considering anything on a customer site would be either
- a production release (hence packaged and even with a clean drupal version)
- a dev version (hence packaged, with drupal date info)
- a VCS (whichever) checkout done on-site (hence containing VCS version info)

However, I had not envisioned a developer pushing to a customer something that is not even a -dev version (hence packaged), AND doing so not via a VCS checkout, but a FTP from his own checkout without the VCS info. That sounds real bad practice, but after having audited some customer sites, I can now believe anything - including this - can happen.

So how about a checkout hook generating a version file, and that file being removed by a pre-commit hook: that way the files stay pristine for git comparisons, and there is still a human-readable version.

A thought - in that case maybe the .info file in git shoudl be a template (.info.tpl or some such), and the checkout could create the functional .info file?

The problem here is that I'm not sure if these sorts of checkout hooks come along when you do a git clone.

Personally, the "person who was savvy enough to build their site with Git checkouts on localhost but only has FTP access to the server" use case is not compelling enough for me to possibly delay this entire process for weeks trying to figure out how to hack in support for keyword expansion into Git. If they were savvy enough to checkout the stuff from Git in the first place, they're savvy enough to re-download the stuff from the sever and use Git to check the version numbers from their local computer. I guess my only concern is whether we can have the equivalent of a "Git deploy" module without this. If so, I don't see this as something worth expending a whole lot of effort on it, when there is a lot of other things to do to get the migration done.

I am, however, curious what the Git equivalent of 'svn info' is. I couldn't seem to find one that was not a shell script on someone's blog. But as long as there's a way for someone with a Git checkout to run git foo command and get the commit number the files correspond to, I'm fine with replacing $Id$ with nothing, personally.

@webchick: this script provides information similar to svn info, although not in a format as easily parseable. Could be a start.

sdboyer and i were discussing this issue more today. i agree w/ webchick that we should definitely not over-complicate this issue. given that, i'd like to propse the following plan:

1. clobber all $Id$ tags everywhere, even historical commits. this completely eliminates possible merge conflict problems
2. as part of the packaging, run a script that takes the git checkout in question and builds a FILE_MANIFEST.txt (or whatever it would be called) and drops it into the root of the checkout prior to tarballing/zipping. the manifest would contain the names of all files in the checkout with the same kind of info we find useful in the current $Id$ tags (date last modified, etc)
3. rebuild all the d.o packages so even older point releases have the correct manifest

this solves the issue in a simple, straightforward manner for anybody that a) downloads packages, or b) checks out via git, which should be the vast majority of use cases.

Since webchick raises it in #31, let me just say as the maintainer of the cvs_deploy module that it doesn't care about $Id$ tags at all. It's just directly inspecting the CVS metadata about a directory (the stuff you could find out with "cvs status") and using some hooks to tell update status/manager about that. So, FWIW, this thread has no bearing on the feasibility of a git_deploy module whatsoever.

Cheers,
-Derek

@hunmonk

I basically like the manifest file idea.

What I am not clear on is under such a scenario, how do we address the following use cases?

1. Someone deploys a site via CVS, but then edit them locally. I know this is bad, but it does happen. Right now with CVS and $Id$, I have a starting point on what the original files were, and can diff them against it to see if they were hacked.

2. Someone deploys a site via a Git checkout, then edits them locally. I don't have $Id$ anymore, so I don't know which branch they deployed from, so I can diff/merge against it.

Oh, and while I'm spreading useful info, please see #606592-4: Allow updating core with the update manager about how a manifest file could be useful for the update manager.

What I am not clear on is under such a scenario, how do we address the following use cases?

1. Someone deploys a site via CVS, but then edit them locally. I know this is bad, but it does happen. Right now with CVS and $Id$, I have a starting point on what the original files were, and can diff them against it to see if they were hacked.

2. Someone deploys a site via a Git checkout, then edits them locally. I don't have $Id$ anymore, so I don't know which branch they deployed from, so I can diff/merge against it.

Those cases seem similar to the case reported from webchick in comment #31, for which she says we should not be interested in edge cases.

@kbahey: wouldn't it be best practice in this case to deploy a checkout from a git clone, and include the repo with the uploaded files? i think that would be possible, and thus allow for querying the repo if necessary, even if you have to re-download it from a shared server to do so. i guess that equals more bandwidth/disk space used, but worth the trade off i would think.

Well, also, unless I'm reading #33b wrong, said evil hacker of core would have their MANIFEST.txt file to reference to know where (branch/tag/whatever), who (committer) and when (timestamp) the files originally came from, no? Isn't that just as good as $Id$? Or possibly better, depending on what other goodies we put in MANIFEST.txt?

@hunmonk

I was not advocating the above use cases. I was stating what do you do if you are faced with such a case.

To summarize, the use case is more like: "you took over a site from someone else who went against best practices" what is the course of action here?

If we use %awhatever in the file itself in a comment (i.e. replacing $Id$ with %aX), it would have the same effect as $Id$.

Granted, this is an edge case, and should not derail the whole process.

@webchick: about "git info": http://marvil07.soup.io/post/65026709/git-info (kind of OT, that's why it's outside)

Tagging. This is a task that might be good for a volunteer to tackle once we get a decision here.

Oops. :P

I'd certainly prefer not to have info appended to my files. A separate manifest sounds like an awesome thing to have. We're already moving that way in our projects as it is with .make files to register what all (core, contrib, custom) is in the project so this approach totally makes sense to me for individual modules and such.

Also would love to know where some documentation is on this whole process to that I could actually try it out and work on this issue once a decision is made.

Why could this "manifest" file not be the .info file ? It would mesh nicely with other uses of the info file to hold version information and source URL, it seems.

The .info file is parsed by Drupal for dependencies, version number, description, etc.

The MANIFEST.TXT file would not be parsed by Drupal and the content of this file would serve as information only.

@xmacinfo: yes, that was precisely the point

@sdboyer: about obese format: true; especially seeing the format extensions Features puts there. bootstrapped drupal not needed, though. But the third argument kills the suggestion indeed, you're right.

This leaves us in a somehow annoying situation, though: we will then have TWO metadata files in packages, the new manifest file, and the info file, which will surely be derided by critics. It reminds me of the ephemeral .schema files introduced then shelved during the D6 development process.

Fixing tag.

Although the manifext example on #51 is impressive. But for end usersm it's missing key information:

The date of last change. ;-)

sdboyer to publish an update on this and resolve the issue.

Note that although noone asked for me, a manifest file does work for me. It works with the "hapless client over the phone case". The manifest is like any other file in a module package so it gets updated the same time no matter the deployment. Good enough for me.