Skip to content

Drop generation of debian/watch for GitHub projects and use Archive instead#300

Open
ottok wants to merge 1 commit intoDebian:masterfrom
ottok:uscan-v5
Open

Drop generation of debian/watch for GitHub projects and use Archive instead#300
ottok wants to merge 1 commit intoDebian:masterfrom
ottok:uscan-v5

Conversation

@ottok
Copy link
Contributor

@ottok ottok commented Feb 19, 2026

In devscripts since 2.25.19 uscan automatically discovers GitHub upstream tarballs when debian/upstream/metadata contains the Archive: GitHub and Repository fields. Since dh-make-golang already writes this file and only supports GitHub-hosted projects, the watch file is now redundant.

Removing it avoids maintenance overhead and confusion for new maintainers who might otherwise believe the file is required.

This also prevents Lintian from nagging about watch file format v4.

…nstead

In devscripts since 2.25.19 uscan automatically discovers GitHub
upstream tarballs when debian/upstream/metadata contains the `Archive:
GitHub` and `Repository` fields.  Since dh-make-golang already writes
this file and only supports GitHub-hosted projects, the watch file is
now redundant.

Removing it avoids maintenance overhead and confusion for new
maintainers who might otherwise believe the file is required.

This also prevents Lintian from nagging about watch file format v4.
@guilherme-puida
Copy link

I think this makes uscan misbehave when upstream does not tag releases. I built this branch locally and tried dh-make-golang make -type l github.com/tscholl2/siec. Running uscan --report-status after results in:

uscan info: Scan watch files in .
uscan info: Check debian/watch and debian/changelog in .
uscan info: Found debian/upstream/metadata instead of debian/watch, trying to read it
uscan info: package="golang-github-tscholl2-siec" version="0.0~git20240310.c2c6f61-1" (as seen in debian/changelog)
uscan info: package="golang-github-tscholl2-siec" version="0.0~git20240310.c2c6f61" (no epoch/revision)
uscan info: ./debian/changelog sets package="golang-github-tscholl2-siec" version="0.0~git20240310.c2c6f61"
uscan warn: In /tmp/K8Cfn3Gdka/watch no matching files for watch source
  https://api.github.com/repos/tscholl2/siec/git/matching-refs/tags/
uscan info: Process watch file at: /tmp/K8Cfn3Gdka/watch
    package = golang-github-tscholl2-siec
    version = 0.0~git20240310.c2c6f61
    pkg_dir = .
uscan info: Parsing downloadurlmangle: s%(api.github.com/repos/[^/]+/[^/]+)/git/refs/%$1/tarball/refs/%g
uscan info: Parsing filenamemangle: s%.*/(?:[^/]+(?<=(?:\D|alpha|beta|rc))\-)?(?:[-_]?[Vv]?(\d[\-+\.:\~\da-zA-Z]*))%golang-github-tscholl2-siec-$1.tar.gz%
uscan info: Parsing pgpmode: none
uscan info: Parsing searchmode: plain
uscan info: Parsing versiontype: (?:[-_]?[Vv]?(\d[\-+\.:\~\da-zA-Z]*))
uscan info: Last orig.tar.* tarball version (from debian/changelog): 0.0~git20240310.c2c6f61
uscan info: Last orig.tar.* tarball version (dversionmangled): 0.0~git20240310.c2c6f61
uscan info: Requesting URL:
   https://api.github.com/repos/tscholl2/siec/git/matching-refs/tags/
uscan info: Scan finished

@coldtobi
Copy link

does this change break tracker.d.o detection of new upstream versions?

@ottok
Copy link
Contributor Author

ottok commented Feb 20, 2026

@coldtobi: This is a standard feature in uscan now and hence everything uscan does should continue to work, inluding upstream new version detection.

@guilherme-puida: Thanks for testing! Indeed the uscan v5 code path here is not working, I will test more this use case.

@ottok ottok self-assigned this Feb 20, 2026
@guilherme-puida
Copy link

After some more thought, I think I disagree that the watch file is redundant. It needs to exist when:

  1. Upstream does not tag releases (at least with the current implementation).
  2. Upstream signs tags/commits and you want to check the signature.
  3. You want to temporarily disable uscan with Untrackable: <reason>.
  4. Probably other reasons I cannot think of right now...

Wouldn't it be better to still generate d/watch and use Template: Github so that changing any of the above would only require adding fields to d/watch instead of deleting Archive from d/u/metadata and creating a watchfile from scratch?

@ottok
Copy link
Contributor Author

ottok commented Feb 21, 2026

Actually the v5 template does not support checking neither signed tags nor detached signatures, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118381 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118383

There are 3 options:

  1. Not having a watch file by default, and asking people to create one only if the default upstream/metadata:Archive feature does not work for the package

  2. Having a watch file with GitHub template, e.g.

Version: 5
Template: Github
Dist: https://github.com/homeport/dyff
  1. Having a watch file with similar contents as now, making it easy to customize and having all security features supported, e.g.:
Version: 5
Source: https://github.com/homeport/dyff.git
Matching-Pattern: refs/tags/@ANY_VERSION@
Git-Export: all
Mode: git
Pgp-Mode: gittag

I am maybe leaning on option 3 now..

@n-peugnet
Copy link
Contributor

IMO your option 2. looks nice, but using Owner and Project feels more common than Dist. Keeping the watch file is important for me, as I often need to tweak it a bit, so it is nice to have something to start from.

So I would simply keep the generated watch files as they are, but update them to version 5 and switch to Github templates, and maybe simplify them a bit, for example using Uversion-Mangle: auto as it works fine for most Go packages.

IIRC currently the watch file is only generated for Github upstream right?

@ottok
Copy link
Contributor Author

ottok commented Feb 23, 2026

IIRC currently the watch file is only generated for Github upstream right?

Yes, the watch file is currently generated only for projects with github.com in their identifier.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants