Skip to content

Commit da3c05a

Browse files
snowdreamsnowdream
committed
fix(lockfile): CheckStrict should not require URL for package manager backends
Package manager backends like asdf, npm, and pipx delegate download resolution natively. Therefore, their lockfile entries legitimately have an empty URL. Strict mode previously enforced URL!=empty for ALL backends, causing CI to fail on node (asdf), python (asdf) even when their versions were properly locked.
1 parent e939335 commit da3c05a

1 file changed

Lines changed: 31 additions & 3 deletions

File tree

internal/lockfile/validate.go

Lines changed: 31 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,15 +96,43 @@ func isValidChecksumFormat(s string) bool {
9696
strings.HasPrefix(s, "sha512:")
9797
}
9898

99-
// CheckStrict verifies that the lockfile contains a URL for each tool/platform
100-
// pair in the required set. Used to enforce UNIRTM_LOCKED=1 / settings.locked=true.
99+
// CheckStrict verifies that the lockfile contains a valid entry for each tool/platform
100+
// pair in the required set. For URL-based backends, it ensures a URL is present.
101+
// Used to enforce UNIRTM_LOCKED=1 / settings.locked=true.
101102
//
102103
// required is a slice of (toolKey, version, platformKey) tuples.
103104
func (lf *LockFile) CheckStrict(required []LockRequirement) error {
104105
ve := &ValidationError{}
105106

106107
for _, r := range required {
107-
if !lf.HasURL(r.ToolKey, r.Version, r.PlatformKey) {
108+
entry := lf.GetEntry(r.ToolKey, r.Version)
109+
if entry == nil {
110+
ve.add(
111+
"strict mode: no locked entry for tool=%q version=%q — run `unirtm lock` first",
112+
r.ToolKey, r.Version,
113+
)
114+
continue
115+
}
116+
117+
pe := lf.GetPlatform(r.ToolKey, r.Version, r.PlatformKey)
118+
if pe == nil {
119+
ve.add(
120+
"strict mode: no locked platform %q for tool=%q version=%q — run `unirtm lock` first",
121+
r.PlatformKey, r.ToolKey, r.Version,
122+
)
123+
continue
124+
}
125+
126+
// Backends that download from explicit URLs must have the URL locked.
127+
// Package manager backends (npm, pipx, asdf, cargo, go) delegate resolution
128+
// natively so they legitimately have an empty URL.
129+
needsURL := true
130+
switch entry.Backend {
131+
case "npm", "pipx", "asdf", "cargo", "go":
132+
needsURL = false
133+
}
134+
135+
if needsURL && pe.URL == "" {
108136
ve.add(
109137
"strict mode: no locked URL for tool=%q version=%q platform=%q — run `unirtm lock` first",
110138
r.ToolKey, r.Version, r.PlatformKey,

0 commit comments

Comments
 (0)