Hi,

Recent changes in GitHub releases pages, I cannot check upstream version
with uscan. How do you deal with it?



$ cat debian/watch
version=4
https://github.com/KittyKatt/screenFetch/releases /KittyKatt/screenFetch/archive/refs/tags/v*@ANY_VERSION@@ARCHIVE_EXT@

$ uscan --no-download
uscan warn: In debian/watch no matching files for watch line
https://github.com/KittyKatt/screenFetch/releases /KittyKatt/screenFetch/archive/refs/tags/v*(?:[-_]?(\d[\-+\.:\~\da-zA-Z]*))(?i)(?:\.(?:tar\.xz|tar\.bz2|tar\.gz|tar\.zstd?|zip|tgz|tbz|txz))



--
Regards,

Hideki Yamane henrich @ debian.org/iijmio-mail.jp

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

Le lundi 19 septembre 2022 à 20:50 +0900, Hideki Yamane a écrit :

 Recent changes in GitHub releases pages, I cannot check upstream version with uscan. How do you deal with it?

It's not that recent ; here is a working example:

version=4
opts="\
dversionmangle=s/\+dfsg.*$//,\ filenamemangle=s/.+\/[vV]?(\d\S+)\.tar\.gz/coq-$1\.tar\.gz/,\ repack,repacksuffix=+dfsg,\
" \
https://github.com/coq/coq/tags .*/[vV]?(\d[^\s+]+)\.tar\.gz


Cheers,

J.Puydt

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

julien.puydt@gmail.com, le lun. 19 sept. 2022 18:00:37 +0200, a ecrit:

Le lundi 19 septembre 2022 à 20:50 +0900, Hideki Yamane a écrit :

 Recent changes in GitHub releases pages, I cannot check upstream version with uscan. How do you deal with it?

It's not that recent ; here is a working example:

version=4
opts="\
dversionmangle=s/\+dfsg.*$//,\ filenamemangle=s/.+\/[vV]?(\d\S+)\.tar\.gz/coq-$1\.tar\.gz/,\ repack,repacksuffix=+dfsg,\
" \
https://github.com/coq/coq/tags .*/[vV]?(\d[^\s+]+)\.tar\.gz

That works for the tags page, but not for the releases page... The
problem is that the tags page only contains snapshots of the repository,
and not an autoconf-ed tarball. For instance since recently uscan cannot
get the correct tarballs from

https://github.com/brailcom/speechd/releases

Samuel

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 19 Sep 2022 at 18:12:15 +0200, Samuel Thibault wrote:

julien.puydt@gmail.com, le lun. 19 sept. 2022 18:00:37 +0200, a ecrit:

Le lundi 19 septembre 2022 à 20:50 +0900, Hideki Yamane a écrit :

 Recent changes in GitHub releases pages, I cannot check upstream version with uscan. How do you deal with it?

version=4
opts="\
dversionmangle=s/\+dfsg.*$//,\ filenamemangle=s/.+\/[vV]?(\d\S+)\.tar\.gz/coq-$1\.tar\.gz/,\ repack,repacksuffix=+dfsg,\
" \
https://github.com/coq/coq/tags .*/[vV]?(\d[^\s+]+)\.tar\.gz

That works for the tags page, but not for the releases page... The
problem is that the tags page only contains snapshots of the repository,
and not an autoconf-ed tarball.

It's quite noisy and unpleasant, but here's the best I could come up with: https://salsa.debian.org/debian/bubblewrap/-/blob/debian/latest/debian/watch (my upstream here uses tags like v1.2.3, adjust as necessary if yours
doesn't)

or if you need to repack for DFSG reasons: https://salsa.debian.org/sdl-team/libsdl2/-/blob/master/debian/watch
(in this case my upstream uses tags like release-1.2.3)

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Il giorno lun 19 set 2022 alle 18:12:15 +02:00:00, Samuel Thibault <sthibault@debian.org> ha scritto:

That works for the tags page, but not for the releases page... The
problem is that the tags page only contains snapshots of the
repository,
and not an autoconf-ed tarball. For instance since recently uscan
cannot
get the correct tarballs from

https://github.com/brailcom/speechd/releases

Hi, what I usually do with GitHub is to use its API, since it has the
advantage of not breaking uscan when they do changes to the web UI.

See
<https://salsa.debian.org/debian/yuzu/-/blob/debian/latest/debian/watch>
for example.

In your case, as you have to download an asset and not the automatic
tarball produced by GitHub, I'd do something like this:

version=4
opts="searchmode=plain, \

filenamemangle=s/.+\/speech-dispatcher-@ANY_VERSION@.tar.gz/@PACKAGE@-$1\.tar\.gz/"
\
https://api.github.com/repos/brailcom/speechd/releases \

https://github.com/brailcom/speechd/releases/download/\d[\.\d]*/speech-dispatcher-@ANY_VERSION@.tar.gz

It could probably be done in a cleaner way, but my knowledge of regular expressions is pretty limited :/

--
OpenPGP key: 66DE F152 8299 0C21 99EF A801 A8A1 28A8 AB1C EE49

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 2022-09-19 at 20:50 +0900, Hideki Yamane wrote:

Recent changes in GitHub releases pages, I cannot check upstream
version with uscan. How do you deal with it?

If you are using the automatically generated tarballs, then
just switching to the uscan git mode seems like the way to go.

For signed tarballs and other GitHub release artefacts, it sounds like
uscan will need to use the GitHub API or Debian QA fakeupstream.cgi
will need to add a redirector based on the GitHub API.

https://salsa.debian.org/qa/qa/-/blob/master/cgi-bin/fakeupstream.cgi https://qa.debian.org/cgi-bin/fakeupstream.cgi

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMpC4YACgkQMRa6Xp/6 aaNhsQ//RX/VdI8h4tdcz75OyxZ3VGMrKFSXKRoW3fF+eatvDq4XjO3YR49zogdl 5Tufd7KoNk8n9skBRgMmVySpBLjLv5H9sV/yIbYFtxCG2O8JMa0MytcaS1zFO7m0 IIs6r0ZCFoBvdYOX+qXROU/y27fo51aplKDChV/pB4AZ3DP5b9XnEJJ1t2qO3ljm uenX07hCm1f9vsbapfSIsrsai5gTjQAYpLiEn6dSNDXM6Jhh8sTc2m8C2Swj2yF+ mYDCBhOh1wCMSchrTCFiGRqo+7RoJw/j0ymKcCdQzlhhJGvZChsC1fVH6h67Ambr F6mR69XWxvQbeamk2XcR8Xt53eRPn7noQCwXGCMEO1kJGSAPppaqj4Jnl6yA9Qko Ex5fxC0IOqAUaphDR9sZ8StPYIU/y07obJCx3Na3GS5V4Au0u7hTDhhIPvxMg+S9 ICM/Y85+AvWJ0LBs92qt0ylVlg3A6x5bOMmMwT5+5t8WUfsYO/yCvJFTWdtu0Zea ZsXcSwC+J1Vxu+RUkVCf0hpwprqefrH5kVAYHJ/xOHQFA4qrLo+Vn7vL0ACdcaop VOSoxI31qfsDiI+3/RmHo0/EpbaIUJVuwOZ3uB0RJG7MveMn8De8EJxGIp2dZlrS 0mhhTrDtBmuL9q2S0YRhzrtrUJ9sSj8pHNtAPWosXGOiGLjykf0=
=EJ0r
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 2022-09-19 at 18:12 +0200, Samuel Thibault wrote:

The problem is that the tags page only contains snapshots of the
repository, and not an autoconf-ed tarball.

I think that is an advantage, because then you can be sure that you can
rebuild the autotools generated files from source during the build.

The only reason I would use the autotools tarball is when it is signed.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMpDJMACgkQMRa6Xp/6 aaPGjw/+KDsRqouT8TqQ8IiqK6PyNDhaUnkgEjrmMAiojCOBHe6nZl0tGJGD7zNy WwukIGQpaFWzO+UP4UpE1WPBLBxcRxi4aSNmAvfvu9gQuOB0UTdDOTH4XJkIxz1Y 813KGYmi2/or4ZZ1hU71De1YWu9OCTA1o+7BuYNVpVzYETAlY97jnYeHI0uYJX1z tVZcUAhDy1LSFkUbCr3isBOUelpnhPa3I/UrOoq3+qgPBxI/UnSIDRo+P/kx+hS0 2Qya76lG1c0axeGRn8YWQmyLVEt9TP8h6fwvj3ok4bfjBzqnDA8jC5uICx7OFpTr lWszotmFzNxRXP0ozNtRG8CwFQBXf9ISImuN5z+0GVLAPjn6cxiUhj/ZShnnomRe 5zPahjyIK7nMZLEBTGIIpVXHNOKJOGbEJe3TGGSEgSXd6NNdZZ3sfnKAlGOTTePS Wda9gcPyfvZ1IXf8nUhy+WfYEhB09qAPCzzl7KFTz2udsb+i/HPscZfg+Ts4I7pv JzqM+X5usZYR62K+/HO0MGVnldQ+zs4UXiJFbMVi+ClOW7axB7v/vP+1qQ9tc/Dw 4ePzsHn0dFXNO7C6FPMCB20elM9x3V5xTs5qwLpO7Qf4bB57So8sdPHc8ImZJ/fH 4GCetnckd34PSnwLgyhCppkHBEAtm/xieHqbUjt8iCua/jFIFtk=
=/TYw
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 2022-09-19 at 18:54 +0200, Andrea Pappacoda wrote:

Hi, what I usually do with GitHub is to use its API, since it has the advantage of not breaking uscan when they do changes to the web UI.

Since the API uses pagination, this has the minor downside of making it
harder to use the uscan --download-version option with older versions.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMpCyAACgkQMRa6Xp/6 aaNs4xAAhZgdFarzT3yH9iE6YERVqqmT4m/7vzPRfdCQAWUOwB/Ywl5qd1NJRxp9 C8FA09ySHvYsEoAwkVKbUlUX8TRzNuAebgiAxS1e0msQ0m/eK+EeVxTq7rmybyXP UMGa91Oo8o0oFZSblPvzASfoTgUorNDyBUmHKutERJZ1joAPL3oyb1TwuIUVea2G JBcVfUZwq9ikLCCvvyN2ydSKdTNhXXS4un15kts6T0FLWu/3TcgjaafK/26i38XE /1mPnXUT4ztgtBuw1zgaE44Z5TD5cD9m/OBNsZHECQB0fEAnWzi+ob1geDqewwdW Dtx73vhk+FZFrXEvt2mQ6vacZPbu/5FUhRgmyXWbRM54IFjW1i8K+qR9Ah1pJ0Ko 6v2MKHeDT9frLQHIyjHdnjov5lm91agS6AY8g4nerLbg89ZmH9O/uhYJXXMzO2IP dHCJM3Dw+8lR36TyDVFCUWY8mSmoelYVyFv0Bv0odBWnKkKpzCd0CirjclqURn/G fO88fBOhNeoWLkHTRViyXurLsrhfu/nwRsS6lSxfVNh1F5g0hV9dZpb9s77BhKAX OShKWV9cyEL5ReCvEOKJgOduyPw31JJSz8FjiEHTX1xcivBXwNYRFFEj+COY1jXy UylgvdDy3itduhAk3c42lU6JTUGqDcXeIrGa1vRYYhWTNXQbMPE=
=kjyP
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue 20 Sept 2022, 01:39 Paul Wise, <pabs@debian.org> wrote:

On Mon, 2022-09-19 at 18:54 +0200, Andrea Pappacoda wrote:

Hi, what I usually do with GitHub is to use its API, since it has the advantage of not breaking uscan when they do changes to the web UI.

Since the API uses pagination, this has the minor downside of making it
harder to use the uscan --download-version option with older versions.


The GitHub pages are also paginated, so you get the same issue whether
using the API or not.

I have been hit by this on cases where upstream does enough
beta|rc|snapshots releases such that the latest GA release gets in the
second page and uscan fails due to not finding it.

<div dir="auto"><div dir="auto"><div style="min-width:150px" class="elided-text" dir="auto"><div dir="ltr">On Tue 20 Sept 2022, 01:39 Paul Wise, &lt;<a href="mailto:pabs@debian.org">pabs@debian.org</a>&gt; wrote:<br></div><blockquote style="min-width:
150px;margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, 2022-09-19 at 18:54 +0200, Andrea Pappacoda wrote:<br><br>&gt; Hi, what I usually do with GitHub is to use its API, since it has the<br>&gt; advantage of not
breaking uscan when they do changes to the web UI.<br><br>Since the API uses pagination, this has the minor downside of making it<br>harder to use the uscan --download-version option with older versions.<br></blockquote></div></div><div dir="auto"><br></

The GitHub pages are also paginated, so you get the same issue whether using the API or not.<div dir="auto"><br></div><div dir="auto">I have been hit by this on cases where upstream does enough beta|rc|snapshots releases such that the latest GA

release gets in the second page and uscan fails due to not finding it.</div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Sep 20, 2022 at 10:36 AM Samuel Henrique <samueloph@debian.org>
wrote:

On Tue 20 Sept 2022, 01:39 Paul Wise, <pabs@debian.org> wrote:

On Mon, 2022-09-19 at 18:54 +0200, Andrea Pappacoda wrote:

Hi, what I usually do with GitHub is to use its API, since it has the advantage of not breaking uscan when they do changes to the web UI.

Since the API uses pagination, this has the minor downside of making it harder to use the uscan --download-version option with older versions.

The GitHub pages are also paginated, so you get the same issue whether
using the API or not.

There is a per_page parameter: https://docs.github.com/en/rest/releases/releases#list-releases
E.g. https://api.github.com/repos/torvalds/linux/tags?per_page=100
The maximum is 100 though.

Cheers,
Stephan

<div dir="ltr"><div dir="ltr"></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Sep 20, 2022 at 10:36 AM Samuel Henrique &lt;<a href="mailto:samueloph@debian.org">samueloph@debian.org</a>&gt; wrote:<br></div><blockquote class="
gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto"><div style="min-width:150px" dir="auto"><div dir="ltr">On Tue 20 Sept 2022, 01:39 Paul Wise, &lt;<a href="mailto:pabs@
debian.org" target="_blank">pabs@debian.org</a>&gt; wrote:<br></div><blockquote style="min-width:150px;margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, 2022-09-19 at 18:54 +0200, Andrea Pappacoda wrote:<br><br>&gt;
Hi, what I usually do with GitHub is to use its API, since it has the<br>&gt; advantage of not breaking uscan when they do changes to the web UI.<br><br>Since the API uses pagination, this has the minor downside of making it<br>harder to use the uscan --
download-version option with older versions.<br></blockquote></div></div><div dir="auto"><br></div>The GitHub pages are also paginated, so you get the same issue whether using the API or not.</div></blockquote><div><br></div><div>There is a per_page
parameter: <a href="https://docs.github.com/en/rest/releases/releases#list-releases">https://docs.github.com/en/rest/releases/releases#list-releases</a></div><div>E.g. <a href="https://api.github.com/repos/torvalds/linux/tags?per_page=100">https://api.
github.com/repos/torvalds/linux/tags?per_page=100</a></div>The maximum is 100 though.</div><div class="gmail_quote"><br></div><div class="gmail_quote">Cheers,</div><div class="gmail_quote">Stephan<br></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Sep 20, 2022 at 08:36:48AM +0800, Paul Wise wrote:

On Mon, 2022-09-19 at 18:54 +0200, Andrea Pappacoda wrote:

Hi, what I usually do with GitHub is to use its API, since it has the advantage of not breaking uscan when they do changes to the web UI.

Since the API uses pagination, this has the minor downside of making it harder to use the uscan --download-version option with older versions.

Well, uscan can properly implement pagination. It is just not a simple
scraper anymore.

Bastian

--
It is more rational to sacrifice one life than six.
-- Spock, "The Galileo Seven", stardate 2822.3

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

Quoting Paul Wise (2022-09-20 02:38:30)

On Mon, 2022-09-19 at 20:50 +0900, Hideki Yamane wrote:

Recent changes in GitHub releases pages, I cannot check upstream
version with uscan. How do you deal with it?

If you are using the automatically generated tarballs, then
just switching to the uscan git mode seems like the way to go.

the only reason I'm not using git mode for all my upstream projects that use git is this paragraph from the uscan man page:

If the upstream publishes the released tarball via its web
interface, please use it instead of using this mode. This mode is
the last resort method.

This sounds like I should rather use other methods like rewriting my d/watch files to use api.github.com before using this "last resort" method.

Is this paragraph still accurate?

Thanks!

cheers, josch
--=============="94783404474608903=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmM54L8ACgkQ8sulx4+9 g+GadA/+IX48UNXk3SAfjioZYyT1SGTMbB/EuHlVwR3JCrzrsefXRKlDp7c81qtK QyJC76X+IJtmhz7PwO0soLjyAORjZ4puBntNrJ5uTBVsVrgFyd8eoL8mrR8mLdvz zcsCisOeU3DB8bLUoC6e80Yb3ZgiuM4r69ScHfZRUoQKi4uAPEc51VJVfRXS5pUk DD3olnqf+05MgS4s3IS9sKSck5An2DqsMAdCtUMLW/BVnQyFAbazHAARtEGyufgj 0qBMsSPU4obgtW0IUmCbMUJ45CrIvlKxImeTng0L3wYSMlKr25fKg1zHiGGTV+KJ VVoZe7TGHH+FAv9JkD449lO1FKKhEiyrSNrAgrEJUrelTTqV2QXMa2Yy8LJeZn/Q YnqgrvnUXBmTp2Y+sZcIp3fMOH+nykw3LIGdVqCE4a755mQ0FhxOjHCDC2awn7ZL OKq+86uP6rO+moOv0VwPpSWIkKy9l74Os6ShL8y2MRey8C6X3uKSapp2puD2/PQ/ iwH2mjmVCaHDT4UVb/LoHmZMe5tDo+y5+YsPNhthGjLgP6HfEaxZGLJ1lXERFf6F B3kOuulNgZA74fOICM1g9S1FxkS7x2rXf7IGwEm7Y8/8hsAILabvs3zoDqs+lD9g 6cv4jBFbMjaVZv+sPpbbVkGoFfb+tU1Yt/tPJtppJghFCdIWKbw=
=SU/c
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 19 Sep 2022 at 18:12:15 +0200, Samuel Thibault wrote:

julien.puydt@gmail.com, le lun. 19 sept. 2022 18:00:37 +0200, a ecrit:

Le lundi 19 septembre 2022 à 20:50 +0900, Hideki Yamane a écrit :

Recent changes in GitHub releases pages, I cannot check upstream version with uscan. How do you deal with it?

version=4
opts="\
dversionmangle=s/\+dfsg.*$//,\ filenamemangle=s/.+\/[vV]?(\d\S+)\.tar\.gz/coq-$1\.tar\.gz/,\ repack,repacksuffix=+dfsg,\
" \
https://github.com/coq/coq/tags .*/[vV]?(\d[^\s+]+)\.tar\.gz

That works for the tags page, but not for the releases page... The
problem is that the tags page only contains snapshots of the repository, and not an autoconf-ed tarball.

It's quite noisy and unpleasant, but here's the best I could come up with:

https://salsa.debian.org/debian/bubblewrap/-/blob/debian/latest/debian/watch (my upstream here uses tags like v1.2.3, adjust as necessary if yours doesn't)

or if you need to repack for DFSG reasons: https://salsa.debian.org/sdl-team/libsdl2/-/blob/master/debian/watch
(in this case my upstream uses tags like release-1.2.3)

smcv

I've encountered the same problem and come out with a version of the watch
file using the GitHub APIs. In my case I also needed to download the PGP signature. I've add some comments to the watch file for an easier understanding.

The approach should be generic enough to work for others [1].

The package name in the URL could also be replaced with @PACKAGE@ if that's
the same of the GitHub project name.
In my case too, tags are prefixed with a 'v' (i.e. v1.2.3), but that's
easily adaptable to different formats.

What is the process to find an agreement on which updated version should be published on the wiki [2] ?

Thanks,
Riccardo

[1] https://github.com/volans-/gjson-py/blob/debian/debian/watch
[2] https://wiki.debian.org/debian/watch#GitHub

<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, 19 Sep 2022 at 18:12:15 +0200, Samuel Thibault wrote:<br>&gt; <a href="mailto:julien.puydt@gmail.com">julien.
puydt@gmail.com</a>, le lun. 19 sept. 2022 18:00:37 +0200, a ecrit:<br>&gt; &gt; Le lundi 19 septembre 2022 à 20:50 +0900, Hideki Yamane a écrit :<br>&gt; &gt; &gt;  Recent changes in GitHub releases pages, I cannot check upstream<br>&gt; &gt; &gt;
version with uscan. How do you deal with it?<br>&gt; &gt;<br> &gt; &gt; version=4<br>&gt; &gt; opts=&quot;\<br>&gt; &gt; dversionmangle=s/\+dfsg.*$//,\<br>&gt; &gt; filenamemangle=s/.+\/[vV]?(\d\S+)\.tar\.gz/coq-$1\.tar\.gz/,\<br>&gt; &gt; repack,
repacksuffix=+dfsg,\<br>&gt; &gt; &quot; \<br>&gt; &gt; <a href="https://github.com/coq/coq/tags">https://github.com/coq/coq/tags</a> .*/[vV]?(\d[^\s+]+)\.tar\.gz<br>&gt;<br> &gt; That works for the tags page, but not for the releases page... The<br>&gt;
problem is that the tags page only contains snapshots of the repository,<br>&gt; and not an autoconf-ed tarball.</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>It&#
39;s quite noisy and unpleasant, but here&#39;s the best I could come up with:<br><a href="https://salsa.debian.org/debian/bubblewrap/-/blob/debian/latest/debian/watch">https://salsa.debian.org/debian/bubblewrap/-/blob/debian/latest/debian/watch</a><br>(
my upstream here uses tags like v1.2.3, adjust as necessary if yours<br>doesn&#39;t)</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>or if you need to repack for
DFSG reasons:<br><a href="https://salsa.debian.org/sdl-team/libsdl2/-/blob/master/debian/watch">https://salsa.debian.org/sdl-team/libsdl2/-/blob/master/debian/watch</a><br>(in this case my upstream uses tags like release-1.2.3)</blockquote><blockquote
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>    smcv</blockquote><div><br></div><div>I&#39;ve encountered the same problem and come out with a version of the watch file using the
GitHub APIs. In my case I also needed to download the PGP signature. I&#39;ve add some comments to the watch file for an easier understanding.</div><div><br></div><div>The approach should be generic enough to work for others [1].</div><div><br></div><div>
The package name in the URL could also be replaced with @PACKAGE@ if that&#39;s the same of the GitHub project name.</div><div>In my case too, tags are prefixed with a &#39;v&#39; (i.e. v1.2.3), but that&#39;s easily adaptable to different formats.</div><

<br></div><div>What is the process to find an agreement on which updated version should be published on the wiki [2] ?</div><div><br></div><div>Thanks,</div><div>Riccardo</div><div><br></div><div>[1] <a href="https://github.com/volans-/gjson-py/blob/

debian/debian/watch">https://github.com/volans-/gjson-py/blob/debian/debian/watch</a></div><div>[2] <a href="https://wiki.debian.org/debian/watch#GitHub">https://wiki.debian.org/debian/watch#GitHub</a></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Oct 9, 2022 at 7:06 PM Volans <volans.ubuntu@gmail.com> wrote:

I've encountered the same problem and come out with a version of the watch file using the GitHub APIs. In my case I also needed to download the PGP signature. I've add some comments to the watch file for an easier understanding.

The approach should be generic enough to work for others [1].

The package name in the URL could also be replaced with @PACKAGE@ if that's the same of the GitHub project name.
In my case too, tags are prefixed with a 'v' (i.e. v1.2.3), but that's easily adaptable to different formats.

What is the process to find an agreement on which updated version should be published on the wiki [2] ?

I mentioned it before, one should increase the limit of results per
page to the maximum (which is 100).
Also I don't think using `@PACKAGE@` is a good idea inside the URL as
it is maybe different from the Debian source package name.

For releases I use something like (w/o signatures):
```
version=4
opts="searchmode=plain,\
filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%" \ https://api.github.com/repos/<user>/<project>/releases?per_page=100 \ https://api.github.com/repos/[^/]+/[^/]+/tarball/v?@ANY_VERSION@
```
For tags:
```
version=4
opts="searchmode=plain,\
filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%" \ https://api.github.com/repos/<user>/<project>/tags?per_page=100 \ https://api.github.com/repos/[^/]+/[^/]+/tarball/refs/tags/v?@ANY_VERSION@
```

One could probably combine the tarball search link into a unified
regex expression, didn't try that yet.

Overall I agree that the Github API thing should be documented in the
Wiki and in the uscan man page.

Cheers,
Stephan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Oct 11, 2022 at 10:23 AM Stephan Lachnit <stephanlachnit@debian.org> wrote:

On Sun, Oct 9, 2022 at 7:06 PM Volans <volans.ubuntu@gmail.com> wrote:

I've encountered the same problem and come out with a version of the

watch file using the GitHub APIs. In my case I also needed to download the PGP signature. I've add some comments to the watch file for an easier understanding.

The approach should be generic enough to work for others [1].

The package name in the URL could also be replaced with @PACKAGE@ if

that's the same of the GitHub project name.

In my case too, tags are prefixed with a 'v' (i.e. v1.2.3), but that's

easily adaptable to different formats.

What is the process to find an agreement on which updated version should

be published on the wiki [2] ?

I mentioned it before, one should increase the limit of results per
page to the maximum (which is 100).
Also I don't think using `@PACKAGE@` is a good idea inside the URL as
it is maybe different from the Debian source package name.

For releases I use something like (w/o signatures):
```
version=4
opts="searchmode=plain,\ filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%" \ https://api.github.com/repos/<user>/<project>/releases?per_page=100 \ https://api.github.com/repos/[^/]+/[^/]+/tarball/v?@ANY_VERSION@
```
For tags:
```
version=4
opts="searchmode=plain,\ filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%" \ https://api.github.com/repos/<user>/<project>/tags?per_page=100 \ https://api.github.com/repos/[^/]+/[^/]+/tarball/refs/tags/v?@ANY_VERSION@ ```

One could probably combine the tarball search link into a unified
regex expression, didn't try that yet.

Overall I agree that the Github API thing should be documented in the
Wiki and in the uscan man page.

Cheers,
Stephan

Sure, I agree for the API page size, thanks for the suggestion.

To add some additional burden I noticed that the archive downloaded from
the API [1] is different from the one downloaded from the browser [2]
because they have a different top-level directory name, while the API one
has:
{OWNER}-{REPO}-{REF_SHA1}/
where REF_SHA1 is the SHA1 of refs/tags/{TAG_NAME}, the browser one has:
{OWNER}-{VERSION}/
where, at least in my case, VERSION is the tag name without the leading
'v'. For a tag name of 'v0.2.0' I get 'gjson-py-0.2.0.tar.gz' that
extracted creates 'gjson-py-0.2.0/' (note the lack of 'v' in the names).

Because of the two different directory structures, the tar.gz files are different so any md5 or gpg signature verification made on one would fail
with the other, adding additional confusion or complexity.
For now I'll probably upload to the release page the signatures of both
files, but this is definitely suboptimal.

Riccardo

[1] https://api.github.com/repos/{OWNER}/{REPO}/tarball/{RELEASE}
[2] https://codeload.github.com/{OWNER}/{REPO}/tar.gz/refs/tags/{RELEASE}

<div dir="ltr"><div dir="ltr">On Tue, Oct 11, 2022 at 10:23 AM Stephan Lachnit &lt;<a href="mailto:stephanlachnit@debian.org">stephanlachnit@debian.org</a>&gt; wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sun, Oct 9, 2022 at 7:06 PM Volans &lt;<a href="mailto:volans.ubuntu@gmail.com" target="_blank">volans.ubuntu@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; I&#39;ve encountered the same problem and come out with a version of the watch file using the GitHub APIs. In my case I also needed to download the PGP signature. I&#39;ve add some comments to the watch file for an easier understanding.<br>
&gt;<br>
&gt; The approach should be generic enough to work for others [1].<br>
&gt;<br>
&gt; The package name in the URL could also be replaced with @PACKAGE@ if that&#39;s the same of the GitHub project name.<br>
&gt; In my case too, tags are prefixed with a &#39;v&#39; (i.e. v1.2.3), but that&#39;s easily adaptable to different formats.<br>
&gt;<br>
&gt; What is the process to find an agreement on which updated version should be published on the wiki [2] ?<br>

I mentioned it before, one should increase the limit of results per<br>
page to the maximum (which is 100).<br>
Also I don&#39;t think using `@PACKAGE@` is a good idea inside the URL as<br> it is maybe different from the Debian source package name.<br>

For releases I use something like (w/o signatures):<br>
```<br>
version=4<br>
opts=&quot;searchmode=plain,\<br> filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%&quot; \<br>
<a href="https://api.github.com/repos/" rel="noreferrer" target="_blank">https://api.github.com/repos/</a>&lt;user&gt;/&lt;project&gt;/releases?per_page=100 \<br>
<a href="https://api.github.com/repos/%5B" rel="noreferrer" target="_blank">https://api.github.com/repos/[</a>^/]+/[^/]+/tarball/v?@ANY_VERSION@<br>
```<br>
For tags:<br>
```<br>
version=4<br>
opts=&quot;searchmode=plain,\<br> filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%&quot; \<br>
<a href="https://api.github.com/repos/" rel="noreferrer" target="_blank">https://api.github.com/repos/</a>&lt;user&gt;/&lt;project&gt;/tags?per_page=100 \<br>
<a href="https://api.github.com/repos/%5B" rel="noreferrer" target="_blank">https://api.github.com/repos/[</a>^/]+/[^/]+/tarball/refs/tags/v?@ANY_VERSION@<br>
```<br>

One could probably combine the tarball search link into a unified<br>
regex expression, didn&#39;t try that yet.<br>

Overall I agree that the Github API thing should be documented in the<br>
Wiki and in the uscan man page.<br>

Cheers,<br>
Stephan<br></blockquote><div><br></div><div>Sure, I agree for the API page size, thanks for the suggestion.</div><div><br></div><div>To add some additional burden I noticed that the archive downloaded from the API [1] is different from the one downloaded
from the browser [2] because they have a different top-level directory name, while the API one has:</div><div>    {OWNER}-{REPO}-{REF_SHA1}/</div><div>where REF_SHA1 is the SHA1 of refs/tags/{TAG_NAME}, the browser one has:</div><div>    {OWNER}-{
VERSION}/</div><div>where, at least in my case, VERSION is the tag name without the leading &#39;v&#39;. For a tag name of &#39;v0.2.0&#39; I get &#39;gjson-py-0.2.0.tar.gz&#39; that extracted creates &#39;gjson-py-0.2.0/&#39; (note the lack of &#39;v&#
39; in the names).</div><div><br></div><div>Because of the two different directory structures, the tar.gz files are different so any md5 or gpg signature verification made on one would fail with the other, adding additional confusion or complexity.</div><

For now I&#39;ll probably upload to the release page the signatures of both files, but this is definitely suboptimal. </div><div><br></div><div>Riccardo</div><div><br></div><div>[1] <a href="https://api.github.com/repos/{OWNER}/{REPO}/tarball/{

RELEASE}">https://api.github.com/repos/{OWNER}/{REPO}/tarball/{RELEASE}</a></div><div>[2] <a href="https://codeload.github.com/{OWNER}/{REPO}/tar.gz/refs/tags/{RELEASE}">https://codeload.github.com/{OWNER}/{REPO}/tar.gz/refs/tags/{RELEASE}</a></div></

</div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)