New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

gitman

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

gitman

A language-agnostic dependency manager using Git.

3.5.2
PyPI

Maintainers: 1

Overview

Gitman is a language-agnostic dependency manager using Git. It aims to serve as a submodules replacement and provides advanced options for managing versions of nested Git repositories.

Setup

Requirements

Python 3.8+
Git 2.8+ (with stored credentials)

Installation

Install this tool globally with pipx (or pip):

$ pipx install gitman

or add it to your Poetry project:

$ poetry add gitman

Configuration

Generate a sample config file:

$ gitman init

or manually create one (gitman.yml or .gitman.yml) in the root of your working tree:

location: vendor/gitman

sources:
  - repo: "https://github.com/kstenerud/iOS-Universal-Framework"
    name: framework
    rev: Mk5-end-of-life
  - repo: "https://github.com/jonreid/XcodeCoverage"
    name: coverage
    links:
      - target: Tools/XcodeCoverage
  - repo: "https://github.com/dxa4481/truffleHog"
    name: trufflehog
    rev: master
    scripts:
      - chmod a+x truffleHog/truffleHog.py
  - repo: "https://github.com/FortAwesome/Font-Awesome"
    name: fontawesome
    rev: master
    sparse_paths:
      - "webfonts/*"
  - repo: "https://github.com/google/material-design-icons"
    name: material-design-icons
    rev: master

groups:
  - name: code
    members:
      - framework
      - trufflehog
  - name: resources
    members:
      - fontawesome
      - material-design-icons

default_group: code

Ignore the dependency storage location:

$ echo vendor/gitman >> .gitignore

Usage

See the available commands:

$ gitman --help

Updating Dependencies

Get the latest versions of all dependencies:

$ gitman update

which will essentially:

Create a working tree at <root>/<location>/<name>
Fetch from repo and checkout the specified rev
Symbolically link each <location>/<name> from <root>/<link> (if specified)
Repeat for all nested working trees containing a config file
Record the actual commit SHAs that were checked out (with --lock option)
Run optional post-install scripts for each dependency

where rev can be:

all or part of a commit SHA: 123def
a tag: v1.0
a branch: main
a rev-parse date: 'main@{2015-06-18 10:30:59}'

Alternatively, get the latest versions of specific dependencies:

$ gitman update framework

or named groups:

$ gitman update resources

Restoring Previous Versions

Display the versions that are currently installed:

$ gitman list

Reinstall these specific versions at a later time:

$ gitman install

Deleting Dependencies

Remove all installed dependencies:

$ gitman uninstall

Resources

Keywords

FAQs

What is gitman?

Is gitman well maintained?

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install