What’s a good way to manage my code’s dependencies on libraries without releases?

I’m writing this small utility, FOSS but not intended for wide deployment, packaging in OS distributions etc. My utility depends on several libraries – some are header-only (it’s C++), some are headers+compiled libraries.

Now, when it’s a library with proper versioned released then life’s simple. I have CMake look for that library, detect the version number, require an appropriate number and I’m set. I also do not bother to include a copy of that library with my own code in the revision control repository.

But what if the library I’m depending on is just a github project, with developers occasionally committing to it, and no release or versioning? How should I depend on that library and formalize this dependence? Should I include a snapshot of it? Assume it exists elsewhere, look for it and try to determine the changeset code or timestamp?


This question is not about my specific development environment, but you can use it to illustrate or if your suggestion is specific to it. I write (mostly) C++, use mercurial for revision control and CMake as the build system.


I don’t have a silver bullet. You need to consider the amount of code in the github project, as well as whether you may assume that access to github will be no problem for your users (git is available, internet connection is available, etc).

If you decide to avoid including a snapshot of the third-party code, here is a reference explaining how you can download a certain state of a github repo. I am not familiar with CMake, so I don’t know how you can implement those steps using CMake.

I would not suggest implementing automated discovery or identification of third-party source code, because it will be sensitive to changes that are out of your control and may easily become a weak chain in your build process.

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *