-
-
Notifications
You must be signed in to change notification settings - Fork 911
/
README.md
281 lines (190 loc) · 10.7 KB
/
README.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
![Python package](https://github.com/gitpython-developers/GitPython/workflows/Python%20package/badge.svg)
[![Documentation Status](https://readthedocs.org/projects/gitpython/badge/?version=stable)](https://readthedocs.org/projects/gitpython/?badge=stable)
[![Packaging status](https://repology.org/badge/tiny-repos/python:gitpython.svg)](https://repology.org/metapackage/python:gitpython/versions)
## [Gitoxide](https://github.com/Byron/gitoxide): A peek into the future…
I started working on GitPython in 2009, back in the days when Python was 'my thing' and I had great plans with it.
Of course, back in the days, I didn't really know what I was doing and this shows in many places. Somewhat similar to
Python this happens to be 'good enough', but at the same time is deeply flawed and broken beyond repair.
By now, GitPython is widely used and I am sure there is a good reason for that, it's something to be proud of and happy about.
The community is maintaining the software and is keeping it relevant for which I am absolutely grateful. For the time to come I am happy to continue maintaining GitPython, remaining hopeful that one day it won't be needed anymore.
More than 15 years after my first meeting with 'git' I am still in excited about it, and am happy to finally have the tools and
probably the skills to scratch that itch of mine: implement `git` in a way that makes tool creation a piece of cake for most.
If you like the idea and want to learn more, please head over to [gitoxide](https://github.com/Byron/gitoxide), an
implementation of 'git' in [Rust](https://www.rust-lang.org).
## GitPython
GitPython is a python library used to interact with git repositories, high-level like git-porcelain,
or low-level like git-plumbing.
It provides abstractions of git objects for easy access of repository data often backed by calling the `git`
command-line program.
### DEVELOPMENT STATUS
This project is in **maintenance mode**, which means that
- …there will be no feature development, unless these are contributed
- …there will be no bug fixes, unless they are relevant to the safety of users, or contributed
- …issues will be responded to with waiting times of up to a month
The project is open to contributions of all kinds, as well as new maintainers.
### REQUIREMENTS
GitPython needs the `git` executable to be installed on the system and available in your `PATH` for most operations.
If it is not in your `PATH`, you can help GitPython find it by setting
the `GIT_PYTHON_GIT_EXECUTABLE=<path/to/git>` environment variable.
- Git (1.7.x or newer)
- Python >= 3.7
The list of dependencies are listed in `./requirements.txt` and `./test-requirements.txt`.
The installer takes care of installing them for you.
### INSTALL
GitPython and its required package dependencies can be installed in any of the following ways, all of which should typically be done in a [virtual environment](https://docs.python.org/3/tutorial/venv.html).
#### From PyPI
To obtain and install a copy [from PyPI](https://pypi.org/project/GitPython/), run:
```bash
pip install GitPython
```
(A distribution package can also be downloaded for manual installation at [the PyPI page](https://pypi.org/project/GitPython/).)
#### From downloaded source code
If you have downloaded the source code, run this from inside the unpacked `GitPython` directory:
```bash
pip install .
```
#### By cloning the source code repository
To clone the [the GitHub repository](https://github.com/gitpython-developers/GitPython) from source to work on the code, you can do it like so:
```bash
git clone https://github.com/gitpython-developers/GitPython
cd GitPython
./init-tests-after-clone.sh
```
On Windows, `./init-tests-after-clone.sh` can be run in a Git Bash shell.
If you are cloning [your own fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks), then replace the above `git clone` command with one that gives the URL of your fork. Or use this [`gh`](https://cli.github.com/) command (assuming you have `gh` and your fork is called `GitPython`):
```bash
gh repo clone GitPython
```
Having cloned the repo, create and activate your [virtual environment](https://docs.python.org/3/tutorial/venv.html).
Then make an [editable install](https://pip.pypa.io/en/stable/topics/local-project-installs/#editable-installs):
```bash
pip install -e ".[test]"
```
In the less common case that you do not want to install test dependencies, `pip install -e .` can be used instead.
### Limitations
#### Leakage of System Resources
GitPython is not suited for long-running processes (like daemons) as it tends to
leak system resources. It was written in a time where destructors (as implemented
in the `__del__` method) still ran deterministically.
In case you still want to use it in such a context, you will want to search the
codebase for `__del__` implementations and call these yourself when you see fit.
Another way assure proper cleanup of resources is to factor out GitPython into a
separate process which can be dropped periodically.
#### Windows support
See [Issue #525](https://github.com/gitpython-developers/GitPython/issues/525).
### RUNNING TESTS
_Important_: Right after cloning this repository, please be sure to have executed
the `./init-tests-after-clone.sh` script in the repository root. Otherwise
you will encounter test failures.
#### Install test dependencies
Ensure testing libraries are installed. This is taken care of already if you installed with:
```bash
pip install -e ".[test]"
```
Otherwise, you can run:
```bash
pip install -r test-requirements.txt
```
#### Test commands
To test, run:
```bash
pytest
```
To lint, and apply automatic code formatting, run:
```bash
pre-commit run --all-files
```
- Linting without modifying code can be done with: `make lint`
- Auto-formatting without other lint checks can be done with: `black .`
To typecheck, run:
```bash
mypy -p git
```
#### CI (and tox)
The same linting, and running tests on all the different supported Python versions, will be performed:
- Upon submitting a pull request.
- On each push, *if* you have a fork with GitHub Actions enabled.
- Locally, if you run [`tox`](https://tox.wiki/) (this skips any Python versions you don't have installed).
#### Configuration files
Specific tools:
- Configurations for `mypy`, `pytest`, `coverage.py`, and `black` are in `./pyproject.toml`.
- Configuration for `flake8` is in the `./.flake8` file.
Orchestration tools:
- Configuration for `pre-commit` is in the `./.pre-commit-config.yaml` file.
- Configuration for `tox` is in `./tox.ini`.
- Configuration for GitHub Actions (CI) is in files inside `./.github/workflows/`.
### Contributions
Please have a look at the [contributions file][contributing].
### INFRASTRUCTURE
- [User Documentation](http://gitpython.readthedocs.org)
- [Questions and Answers](http://stackexchange.com/filters/167317/gitpython)
- Please post on Stack Overflow and use the `gitpython` tag
- [Issue Tracker](https://github.com/gitpython-developers/GitPython/issues)
- Post reproducible bugs and feature requests as a new issue.
Please be sure to provide the following information if posting bugs:
- GitPython version (e.g. `import git; git.__version__`)
- Python version (e.g. `python --version`)
- The encountered stack-trace, if applicable
- Enough information to allow reproducing the issue
### How to make a new release
1. Update/verify the **version** in the `VERSION` file.
2. Update/verify that the `doc/source/changes.rst` changelog file was updated. It should include a link to the forthcoming release page: `https://github.com/gitpython-developers/GitPython/releases/tag/<version>`
3. Commit everything.
4. Run `git tag -s <version>` to tag the version in Git.
5. _Optionally_ create and activate a [virtual environment](https://packaging.python.org/en/latest/guides/installing-using-pip-and-virtual-environments/#creating-a-virtual-environment). (Then the next step can install `build` and `twine`.)
6. Run `make release`.
7. Go to [GitHub Releases](https://github.com/gitpython-developers/GitPython/releases) and publish a new one with the recently pushed tag. Generate the changelog.
### How to verify a release (DEPRECATED)
Note that what follows is deprecated and future releases won't be signed anymore.
More details about how it came to that can be found [in this issue](https://github.com/gitpython-developers/gitdb/issues/77).
----
Please only use releases from `pypi` as you can verify the respective source
tarballs.
This script shows how to verify the tarball was indeed created by the authors of
this project:
```bash
curl https://files.pythonhosted.org/packages/09/bc/ae32e07e89cc25b9e5c793d19a1e5454d30a8e37d95040991160f942519e/GitPython-3.1.8-py3-none-any.whl > gitpython.whl
curl https://files.pythonhosted.org/packages/09/bc/ae32e07e89cc25b9e5c793d19a1e5454d30a8e37d95040991160f942519e/GitPython-3.1.8-py3-none-any.whl.asc > gitpython-signature.asc
gpg --verify gitpython-signature.asc gitpython.whl
```
which outputs
```bash
gpg: Signature made Fr 4 Sep 10:04:50 2020 CST
gpg: using RSA key 27C50E7F590947D7273A741E85194C08421980C9
gpg: Good signature from "Sebastian Thiel (YubiKey USB-C) <[email protected]>" [ultimate]
gpg: aka "Sebastian Thiel (In Rust I trust) <[email protected]>" [ultimate]
```
You can verify that the keyid indeed matches the release-signature key provided in this
repository by looking at the keys details:
```bash
gpg --list-packets ./release-verification-key.asc
```
You can verify that the commit adding it was also signed by it using:
```bash
git show --show-signature ./release-verification-key.asc
```
If you would like to trust it permanently, you can import and sign it:
```bash
gpg --import ./release-verification-key.asc
gpg --edit-key 4C08421980C9
> sign
> save
```
### Projects using GitPython
- [PyDriller](https://github.com/ishepard/pydriller)
- [Kivy Designer](https://github.com/kivy/kivy-designer)
- [Prowl](https://github.com/nettitude/Prowl)
- [Python Taint](https://github.com/python-security/pyt)
- [Buster](https://github.com/axitkhurana/buster)
- [git-ftp](https://github.com/ezyang/git-ftp)
- [Git-Pandas](https://github.com/wdm0006/git-pandas)
- [PyGitUp](https://github.com/msiemens/PyGitUp)
- [PyJFuzz](https://github.com/mseclab/PyJFuzz)
- [Loki](https://github.com/Neo23x0/Loki)
- [Omniwallet](https://github.com/OmniLayer/omniwallet)
- [GitViper](https://github.com/BeayemX/GitViper)
- [Git Gud](https://github.com/bthayer2365/git-gud)
### LICENSE
[New BSD License](https://opensource.org/license/bsd-3-clause/). See the [LICENSE file][license].
[contributing]: https://github.com/gitpython-developers/GitPython/blob/main/CONTRIBUTING.md
[license]: https://github.com/gitpython-developers/GitPython/blob/main/LICENSE