RB
Did this get added!? 🙏
Yes agreed. The concern is that the tag is a mutable property and this can be overwritten so pinning to a SHA is far more difficult to overwrite.
That's a good call. Kind of. A lot of us do not commit the lockfile. I'd prefer the pin to be in the hcl itself if feasible.
I previously had issues in our org when it came to lock files between osx intel, osx arm, and linux x86. E.g. Id commit the file using osx arm then...
Fair point. If locking files is easier for developers without having to know what architectures need locking for it to run in CICD and locally and locking modules can exist...
@cam72cam Oh then maybe we're talking about 2 different things. The lock file seems to be a good fit for downloading and ensuring the SHASUM of the binaries are correct...
@skyzyx sure, if it's possible to fix the lockfiles and make it easier, then I'm all for it. A CI task would be an extra step. I'd prefer if the...
Ah this may be debating semantics now. The root issue of the UX problem with lockfiles which prevents many users from committing lockfiles.
Thanks for considering. Do you mean they can lock tags to the shasum of the commit but then they will also have the ability to update the same tag to...
But don't we want to lock the tag to a commit and prevent it from changing? Sorry for the silly question, but how does this change help with pinning modules...