Expand description
Lock file management for reproducible builds
This module handles the creation, loading, and validation of lock files that ensure reproducible builds by recording exact versions, download URLs, and content hashes of all dependencies.
§Lock File Format
The lock file (apicuriolock.yaml) contains:
- Exact resolved versions of all dependencies
- Download URLs used to fetch artifacts
- SHA256 checksums for integrity verification
- Metadata about when the lock was generated
- Hash of the configuration that generated the lock
§Integrity Verification
Lock files include multiple layers of integrity verification:
- Configuration hash to detect config changes
- File modification timestamps
- SHA256 checksums of downloaded content
- Lockfile format version for compatibility
Structs§
- Lock
File - Lock file containing all resolved dependencies and metadata
- Locked
Dependency - A locked dependency with exact version and integrity information
Functions§
- expand_
output_ pattern - Advanced pattern expansion with support for complex artifact ID transformations
- generate_
transitive_ output_ path - Generate output path for a transitive dependency using the pattern
- resolve_
output_ path - Check output overrides and mappings to determine the final output path Returns None if the artifact should be skipped (mapped to null)