{"id":35316753,"url":"https://github.com/sarnold/repolite","last_synced_at":"2026-04-01T20:20:49.655Z","repository":{"id":56783571,"uuid":"524565908","full_name":"sarnold/repolite","owner":"sarnold","description":"Manage a small set of (external) git repository dependencies with a yaml cfg","archived":false,"fork":false,"pushed_at":"2026-03-06T09:25:18.000Z","size":5448,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-03-28T00:11:47.469Z","etag":null,"topics":["dependency-manager","external","git","yaml-configuration"],"latest_commit_sha":null,"homepage":"https://sarnold.github.io/repolite/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sarnold.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-08-14T03:45:28.000Z","updated_at":"2025-03-18T05:42:07.000Z","dependencies_parsed_at":"2023-12-06T20:35:04.565Z","dependency_job_id":"2d9444b6-d429-4f26-9739-01d11e69e58f","html_url":"https://github.com/sarnold/repolite","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/sarnold/repolite","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sarnold%2Frepolite","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sarnold%2Frepolite/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sarnold%2Frepolite/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sarnold%2Frepolite/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sarnold","download_url":"https://codeload.github.com/sarnold/repolite/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sarnold%2Frepolite/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31291520,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dependency-manager","external","git","yaml-configuration"],"created_at":"2025-12-30T18:38:44.349Z","updated_at":"2026-04-01T20:20:49.627Z","avatar_url":"https://github.com/sarnold.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"===========================================================\n repolite: a dependency manager for working with git repos\n===========================================================\n\nA lightweight tool to manage a small set of project dependencies without a\nmanifest.xml file or git submodules. You get to write (local) project config\nfiles in yaml instead.\n\n|ci| |wheels| |release| |bandit|\n\n|pre| |cov| |pylint|\n\n|tag| |license| |python|\n\n.. _tox: https://github.com/tox-dev/tox\n.. _pip: https://packaging.python.org/en/latest/key_projects/#pip\n\nExample consumer repos include:\n\n* SCAP Security Guide `(SSG) workflows`_\n* `ARM64 u-boot analysis`_\n* Structured `(RST) document development`_\n* Asterisk\\* `interface evaluation`_\n* sysstat `graphing tool evaluation`_\n\n\n.. _(SSG) workflows: https://github.com/VCTLabs/scap-workbench/blob/v1-2/.repolite.yml\n.. _ARM64 u-boot analysis: https://github.com/sarnold/u-boot-ATF-manifest/blob/marvell-armada/.repolite-locked.yml\n.. _(RST) document development: https://github.com/VCTLabs/software_design_description_template/blob/master/.repolite.yml\n.. _interface evaluation: https://github.com/VCTLabs/vct-asterisk-dev-artifacts/blob/develop/.repolite.yml\n.. _graphing tool evaluation: https://github.com/sarnold/sar-graph-artifacts/blob/main/.repolite.yml\n\n\nThe latest new/expanded workflow features now include:\n\n* **tagging support** - tag a set of enabled repositories via config file or\n  command line\n* **changelog support** in ``rSt`` or ``md`` - generate changelog documents\n  for enabled repositories\n\nSee the optional feature keys in Usage_ for more info.\n\nRepolite is tested on the 3 primary GH runner platforms, so as long as you\nhave a new-ish Python and a ``git`` binary it should run on your platform\n(meaning as long as ``which git`` succeeds there's a good chance it will\nJust Work).\n\nQuick Start\n===========\n\nRepolite is mainly configuration-driven via YAML config files; the included\nexample can be displayed and copied via command-line options (see the Usage_\nsection below).  To create your own configuration, you need your repository\nmetadata and some ancillary info (see `Configuration settings`_ for more\ndetails).\n\nOnce installed, running ``repolite`` without any local configuration file\nwill use the (internal) example configuration, ie, running it without any\narguments will clone the example repos to a subdirectory ``ext/`` in the\ncurrent directory.\n\nBy default (with no options) ``repolite`` will clone all the repositories\nin the configuration file and checkout each configured branch.  From there\nyou can build and test, add more tests/features, until you need to update\nyour dependencies or switch branches.  At that point (or any time), run\n``repolite`` with the ``--update`` option to pull in upstream changes\nand/or switch branches.\n\nTo create your own default config file in the working directory, the local\ncopy must be named ``.repolite.yml``.  To get a copy of the example\nconfiguration file, do::\n\n  $ cd path/to/work/dir/\n  $ repolite --save-config\n  $ $EDITOR .repolite.yml\n  $ repolite --dump-config  # you should see your config settings\n\nIf needed, you can also create additional project-level config files to\noverride your default project configuration. These alternate config files\ncan have arbitrary names (ending in '.yml' or '.yaml') but we recommend\nusing something like ``repo-dev-myproject.yml`` or similar. Since only one\nconfiguration can be \"active\", the non-default config file must be set\nvia the environment variable ``REPO_CFG``, eg::\n\n  $ repolite --dump-config \u003e repo-develop.yml\n  $ $EDITOR repo-develop.yml  # set alternate branches, other options\n  $ REPO_CFG=\"repo-develop.yml\" repolite --update\n\nOS Package Install\n------------------\n\nPackages are available for Ubuntu_, and the latest can be installed on\nGentoo using ``portage`` (or the ebuilds in `this portage overlay`_).\nTo build from source, see the `Dev tools`_ section below.\n\n.. _Ubuntu: https://launchpad.net/~nerdboy/+archive/ubuntu/embedded\n.. _this portage overlay: https://github.com/VCTLabs/embedded-overlay/\n\n\nPrerequisites\n~~~~~~~~~~~~~\n\nA supported Linux distribution, mainly something that uses either\n``.ebuilds`` (eg, Gentoo or funtoo) or ``.deb`` packages, starting with at\nleast Ubuntu bionic or Debian stretch (see the above PPA package repo\non Launchpad).\n\nOn Gentoo, just install the package: ``emerge dev-util/repolite`` otherwise\non Ubuntu bionic or newer, follow the steps below.\n\nMake sure you have the ``add-apt-repository`` command installed and\nthen add the PPA:\n\n::\n\n  $ sudo apt-get install software-properties-common\n  $ sudo add-apt-repository -y -s ppa:nerdboy/embedded\n  $ sudo apt-get install python3-repolite\n\n\n.. note:: Since the package series currently published are for bionic/focal,\n          building from source is recommended if installing on Debian.\n\n\nIf you get a key error you will also need to manually import the PPA\nsigning key like so:\n\n::\n\n  $ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys \u003cPPA_KEY\u003e\n\nwhere \u003cPPA_KEY\u003e is the key shown in the launchpad PPA page under \"Adding\nthis PPA to your system\", eg, ``41113ed57774ed19`` for `Embedded device ppa`_.\n\n.. _Embedded device ppa: https://launchpad.net/~nerdboy/+archive/ubuntu/embedded\n\n\nInstall with pip\n----------------\n\nThis package is *not* yet published on PyPI, thus use one of the\nfollowing to install the latest repolite on any platform::\n\n  $ pip install git+https://github.com/sarnold/repolite@master\n\nor use this command to install a specific version from source::\n\n  $ pip install git+https://github.com/sarnold/repolite.git@0.4.2\n\nIf you have a ``requirements.txt`` file, you can add something like this::\n\n  repolite @ https://github.com/sarnold/repolite/releases/download/0.4.2/repolite-0.4.2-py3-none-any.whl\n\nor even this::\n\n  repolite @ https://github.com/sarnold/repolite/archive/refs/heads/master.tar.gz\n\nThe full package provides the ``repolite`` executable as well as\nan example configuration file that provides defaults for all values.\n\nIf you'd rather work from the source repository, it supports the common\nidiom to install it on your system in a virtual env after cloning::\n\n  $ python3 -m venv env\n  $ source env/bin/activate\n  $ pip install .\n  $ repolite --version\n  $ repolite --dump-config\n  $ deactivate\n\nThe alternative to python venv is the ``tox`` test driver.  If you have it\ninstalled already, see the example tox_ commands below.\n\nUsage\n=====\n\nThe current version supports minimal command options and there are no\nrequired arguments::\n\n  (dev) user@host repolite (main) $ repolite -h\n  usage: repolite [-h] [--version] [-v] [-q] [-D] [-S] [-i] [-u] [-s] [-a] [-g] [-l]\n                  [TAG]\n\n  Manage local (git) dependencies (default: clone and checkout)\n\n  positional arguments:\n    TAG                Optional tag string override (apply with -a) (default: None)\n\n  options:\n    -h, --help         show this help message and exit\n    --version          show program's version number and exit\n    -v, --verbose      Display more processing info (default: False)\n    -q, --quiet        Suppress output from git command (default: False)\n    -D, --dump-config  Dump default configuration file to stdout (default: False)\n    -S, --save-config  Save active config to default filename (.ymltoxml.yml) and exit\n                       (default: False)\n    -i, --install      Install enabled repositories (python only) (default: False)\n    -u, --update       Update existing/enabled repositories (default: False)\n    -s, --show         Display current repository state (default: False)\n    -a, --apply-tag    Apply the given tag (see TAG arg) or use one from config file\n                       (default: False)\n    -g, --changelog    Run gitchangelog in enabled repositories, create files in top_dir\n                       (default: False)\n    -l, --lock-config  Lock active configuration in new config file and checkout hashes\n                       (default: False)\n\nConfiguration settings\n----------------------\n\nConfiguration keys for repository data:\n\n:top_dir: path to repository parent directory (global option)\n:repo_name: full repository name\n:repo_alias: alias (short name) for ``repo_name``\n:repo_url: full repository url, eg, Github ssh or https URL\n:repo_depth: full clone if 0, otherwise use the specified depth\n:repo_remote: remote name (usually origin)\n:repo_opts: reserved/not implemented\n:repo_branch: git branch (used with checkout)\n:repo_hash: git commit hash (used by ``lock-config`` option)\n:repo_enable: if false, ignore repository\n\nConfiguration keys for optional extra features/behavior:\n\n:pull_with_rebase: global option, useful when upstream history gets rewritten\n                   and fast-forward pull fails (see repo-level option)\n:repo_use_rebase: same as above, but per-repository instead of global\n:repo_has_lfs_files: if true, runs ``git-lfs install`` after cloning\n                     (requires ``git-lfs`` to be installed first)\n:repo_init_submodules: if true, initialize/update git submodules in that repository\n:repo_install: if true, try to install the repo with pip_\n:repo_changelog_ext: changelog file extension (default: ``rst``)\n:repo_changelog_base: base version to use for changelog data\n:repo_gen_changes: if true, generate changelog file in ``top_dir``\n\nConfiguration keys that change repository state:\n\n:repo_create_tag_msg: default tag message text\n:repo_create_tag_new: create new tag using string value\n:repo_create_tag_annotated: create an annotated tag (no signature)\n:repo_create_tag_signed: create a signed tag (requires GPG key)\n:repo_push_new_tags: whether or not to push newly created tags\n:repo_signing_key: GPG signing key (requires trailing '!' if using a subkey)\n\nNotes:\n\n* if your gitchangelog_ config uses Markdown, set ``repo_changelog_ext`` to\n  ``md`` instead of ``rst``\n* when tagging, tag from commandline is only used when config value is ``null``\n* when tagging, ``create_tag_annotated`` and ``create_tag_signed`` are\n  mutually exclusive, so only enable one of them\n* use ``--lock-config`` to create a new config file with git hashes, then\n  run that config later to reproduce a build using those hashes (this uses\n  the current active config as baseline)\n* use ``--verbose`` to see more about what the tool is doing, eg, git\n  cmd strings\n* use ``--quiet`` to suppress most of the git output\n* we don't create new branches; configured branches must already exist in\n  the remote repositories\n* use the appropriate clone URL for upstream projects; if you have commit\n  access, the ssh format is probably what you want\n* using a correctly configured ``ssh-agent`` can help save extra typing\n* you may want to add your ``top_dir`` path or default local config file\n  patterns to your ``.gitignore`` file\n\n.. _gitchangelog: https://github.com/sarnold/gitchangelog\n\nDev tools\n=========\n\nLocal tool dependencies to aid in development; install them for\nmaximum enjoyment.\n\nTox\n---\n\nAs long as you have git and at least Python 3.6, then you can install\nand use `tox`_.  After cloning the repository, you can run the repo\nchecks with the ``tox`` command.  It will build a virtual python\nenvironment for each installed version of python with all the python\ndependencies and run the specified commands, eg:\n\n::\n\n  $ git clone https://github.com/sarnold/repolite\n  $ cd repolite/\n  $ tox -e py\n\nThe above will run the default test command using the (local) default\nPython version.  To specify the Python version and host OS type, run\nsomething like::\n\n  $ tox -e py39-linux\n\nTo build and check the Python package, run::\n\n  $ tox -e build,check\n\nFull list of additional ``tox`` commands:\n\n* ``tox -e dev`` will build a python venv and install in editable mode\n* ``tox -e build`` will build the python packages and run package checks\n* ``tox -e check`` will install the wheel package from above\n* ``tox -e lint`` will run ``pylint`` (somewhat less permissive than PEP8/flake8 checks)\n* ``tox -e mypy`` will run mypy import and type checking\n* ``tox -e style`` will run flake8 style checks\n* ``tox -e sync`` will install repolite in .sync and fetch the example repos\n* ``tox -e do`` will run a repolite command from the .sync environment\n\nTo build/lint the api docs, use the following tox commands:\n\n* ``tox -e docs`` will build the documentation using sphinx and the api-doc plugin\n* ``tox -e docs-lint`` will run the sphinx doc-link checking\n\nPre-commit\n----------\n\nThis repo is also pre-commit_ enabled for python/rst source and file-type\nlinting. The checks run automatically on commit and will fail the commit\n(if not clean) and perform simple file corrections.  For example, if the\nmypy check fails on commit, you must first fix any fatal errors for the\ncommit to succeed. That said, pre-commit does nothing if you don't install\nit first (both the program itself and the hooks in your local repository\ncopy).\n\nYou will need to install pre-commit before contributing any changes;\ninstalling it using your system's package manager is recommended,\notherwise install with pip into your usual virtual environment using\nsomething like::\n\n  $ sudo emerge pre-commit  --or--\n  $ pip install pre-commit\n\nthen install it into the repo you just cloned::\n\n  $ git clone https://github.com/sarnold/repolite\n  $ cd repolite/\n  $ pre-commit install\n\nIt's usually a good idea to update the hooks to the latest version::\n\n    $ pre-commit autoupdate\n\nMost (but not all) of the pre-commit checks will make corrections for you,\nhowever, some will only report errors, so these you will need to correct\nmanually.\n\nAutomatic-fix checks include black, isort, autoflake, and miscellaneous\nfile fixers. If any of these fail, you can review the changes with\n``git diff`` and just add them to your commit and continue.\n\nIf any of the mypy, bandit, or rst source checks fail, you will get a report,\nand you must fix any errors before you can continue adding/committing.\n\nTo see a \"replay\" of any ``rst`` check errors, run::\n\n  $ pre-commit run rst-backticks -a\n  $ pre-commit run rst-directive-colons -a\n  $ pre-commit run rst-inline-touching-normal -a\n\nTo run all ``pre-commit`` checks manually, try::\n\n  $ pre-commit run -a\n\n\nSBOM and license info\n=====================\n\nThis project is now compliant the REUSE Specification Version 3.3, so the\ncorresponding license information for all files can be found in the ``REUSE.toml``\nconfiguration file with license text(s) in the ``LICENSES/`` folder.\n\nRelated metadata can be (re)generated with the following tools and command\nexamples.\n\n* reuse-tool_ - REUSE_ compliance linting and sdist (source files) SBOM generation\n* sbom4python_ - generate SBOM with full dependency chain\n\nCommands\n--------\n\nUse tox to create the environment and run the lint command::\n\n  $ tox -e reuse                      # --or--\n  $ tox -e reuse -- spdx \u003e sbom.txt   # generate sdist files sbom\n\nNote you can pass any of the other reuse commands after the ``--`` above.\n\nUse the above environment to generate the full SBOM in text format::\n\n  $ source .tox/reuse/bin/activate\n  $ sbom4python --system --use-pip -o \u003cfile_name\u003e.txt\n\nBe patient; the last command above may take several minutes. See the\ndoc links above for more detailed information on the tools and\nspecifications.\n\n\n.. _pre-commit: https://pre-commit.com/index.html\n.. _reuse-tool: https://github.com/fsfe/reuse-tool\n.. _REUSE: https://reuse.software/spec-3.3/\n.. _sbom4python: https://github.com/anthonyharrison/sbom4python\n\n.. |ci| image:: https://github.com/sarnold/repolite/actions/workflows/ci.yml/badge.svg\n    :target: https://github.com/sarnold/repolite/actions/workflows/ci.yml\n    :alt: CI Status\n\n.. |wheels| image:: https://github.com/sarnold/repolite/actions/workflows/wheels.yml/badge.svg\n    :target: https://github.com/sarnold/repolite/actions/workflows/wheels.yml\n    :alt: Wheel Status\n\n.. |release| image:: https://github.com/sarnold/repolite/actions/workflows/release.yml/badge.svg\n    :target: https://github.com/sarnold/repolite/actions/workflows/release.yml\n    :alt: Release Status\n\n.. |bandit| image:: https://github.com/sarnold/repolite/actions/workflows/bandit.yml/badge.svg\n    :target: https://github.com/sarnold/repolite/actions/workflows/bandit.yml\n    :alt: Security check - Bandit\n\n.. |cov| image:: https://raw.githubusercontent.com/sarnold/repolite/badges/master/test-coverage.svg\n    :target: https://github.com/sarnold/repolite/actions/workflows/coverage.yml\n    :alt: Test coverage\n\n.. |pylint| image:: https://raw.githubusercontent.com/sarnold/repolite/badges/master/pylint-score.svg\n    :target: https://github.com/sarnold/repolite/actions/workflows/pylint.yml\n    :alt: Pylint Score\n\n.. |license| image:: https://img.shields.io/badge/license-LGPL_2.1-blue\n    :target: https://github.com/sarnold/repolite/blob/master/LICENSE\n    :alt: License (static)\n\n.. |tag| image:: https://img.shields.io/github/v/tag/sarnold/repolite?color=green\u0026include_prereleases\u0026label=latest%20release\n    :target: https://github.com/sarnold/repolite/releases\n    :alt: GitHub tag\n\n.. |python| image:: https://img.shields.io/badge/python-3.6+-blue.svg\n    :target: https://www.python.org/downloads/\n    :alt: Python\n\n.. |pre| image:: https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white\n   :target: https://github.com/pre-commit/pre-commit\n   :alt: pre-commit\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsarnold%2Frepolite","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsarnold%2Frepolite","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsarnold%2Frepolite/lists"}