Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

gitman

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

gitman

A language-agnostic dependency manager using Git.

  • 3.5.2
  • PyPI
  • Socket score

Maintainers
1

Overview

Gitman is a language-agnostic dependency manager using Git. It aims to serve as a submodules replacement and provides advanced options for managing versions of nested Git repositories.

Demo

Linux Build Windows Build Code Coverage Code Quality PyPI License PyPI Version PyPI Downloads

Setup

Requirements

Installation

Install this tool globally with pipx (or pip):

$ pipx install gitman

or add it to your Poetry project:

$ poetry add gitman

Configuration

Generate a sample config file:

$ gitman init

or manually create one (gitman.yml or .gitman.yml) in the root of your working tree:

location: vendor/gitman

sources:
  - repo: "https://github.com/kstenerud/iOS-Universal-Framework"
    name: framework
    rev: Mk5-end-of-life
  - repo: "https://github.com/jonreid/XcodeCoverage"
    name: coverage
    links:
      - target: Tools/XcodeCoverage
  - repo: "https://github.com/dxa4481/truffleHog"
    name: trufflehog
    rev: master
    scripts:
      - chmod a+x truffleHog/truffleHog.py
  - repo: "https://github.com/FortAwesome/Font-Awesome"
    name: fontawesome
    rev: master
    sparse_paths:
      - "webfonts/*"
  - repo: "https://github.com/google/material-design-icons"
    name: material-design-icons
    rev: master

groups:
  - name: code
    members:
      - framework
      - trufflehog
  - name: resources
    members:
      - fontawesome
      - material-design-icons

default_group: code

Ignore the dependency storage location:

$ echo vendor/gitman >> .gitignore

Usage

See the available commands:

$ gitman --help

Updating Dependencies

Get the latest versions of all dependencies:

$ gitman update

which will essentially:

  1. Create a working tree at <root>/<location>/<name>
  2. Fetch from repo and checkout the specified rev
  3. Symbolically link each <location>/<name> from <root>/<link> (if specified)
  4. Repeat for all nested working trees containing a config file
  5. Record the actual commit SHAs that were checked out (with --lock option)
  6. Run optional post-install scripts for each dependency

where rev can be:

  • all or part of a commit SHA: 123def
  • a tag: v1.0
  • a branch: main
  • a rev-parse date: 'main@{2015-06-18 10:30:59}'

Alternatively, get the latest versions of specific dependencies:

$ gitman update framework

or named groups:

$ gitman update resources

Restoring Previous Versions

Display the versions that are currently installed:

$ gitman list

Reinstall these specific versions at a later time:

$ gitman install

Deleting Dependencies

Remove all installed dependencies:

$ gitman uninstall

Resources

Keywords

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc