Handle dependencies better and refactor for reproducibility#57
Closed
Peter J. Mello (RogueScholar) wants to merge 1 commit intoPSModule:mainfrom
Closed
Handle dependencies better and refactor for reproducibility#57Peter J. Mello (RogueScholar) wants to merge 1 commit intoPSModule:mainfrom
Peter J. Mello (RogueScholar) wants to merge 1 commit intoPSModule:mainfrom
Conversation
This is a general refactoring seeking several simultaneous outcomes: * More tolerant (i.e. sane) dependency resolution * Apply implicit environment assumptions explicitly for interpreter to manage * Use of best practices wherever possible, specifically regarding: - Grammatical voice for runtime output messages - Scripting safety conventions for determinative behavior Setting global requirement on PowerShell Core makes the expectation of interpreter expressed in PSModule#36 much easier to understand and moves the source of guidance for it from local documentation to the runtime shell. Shifting from 'RequiresVersion' arguments to 'ModuleVersion' allows newer versions of modules to satisfy dependency constraints and adding the GUID makes the execution of third-party code more secure from namespace clobbering, be it incidental or malicious. Activating StrictMode at Script scope in PowerShell Core operations is loosely equivalent to the boilerplate `set -euo pipefail` incantation ubiquitously employed in POSIX shell scripts where potentially damaging activity will occur. Version 3 converts these "code smells" from warnings or recoverable errors to fatal errors: * Using method syntax (parentheses and commas) for function calls * References to: - Uninitialized variables - Non-existent object properties - Invalid/out-of-bounds collection indexes Best comprehension and accuracy for user-consumed runtime messages that announce actions before they are undertaken requires the use of gerund forms or third-person present tense for action verbs. The liberal use of the terminal ellipsis in such strings is a widely-understood rubric that reinforces the nature of the announcements as preemptive rather than conclusory. Resolves: PSModule#36 Resolves: PSModule#52
Member
|
Thank you for the PR. However i will be closing it as it is doing to many disconnected changes, some of which seem unwarranted. I suggest to make issues for the things you mean that are not according to best practice paired with a rationale as to why/what it improves and trade-offs if you are aware of any. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This is a general refactoring seeking several simultaneous outcomes:
Setting a global requirement on PowerShell Core makes the expectation of interpreter expressed in #36 much easier to understand and moves the source of guidance for it from local documentation to the runtime shell.
Shifting from 'RequiresVersion' arguments to 'ModuleVersion' allows newer versions of modules to satisfy dependency constraints and adding the GUID makes the execution of third-party code more secure from namespace clobbering, be it incidental or malicious.
Activating StrictMode at Script scope in PowerShell Core operations is loosely equivalent to the boilerplate
set -euo pipefailincantation ubiquitously employed in POSIX shell scripts where potentially damaging activity will occur. Version 3 converts these "code smells" from warnings or recoverable errors to fatal errors:The call to create a new GUID has long been an unnecessarily expensive task, and the resulting download path length felt unwieldy, but most concerning was its placement in the user's home directory (${Env:USERPROFILE}, properly, on Windows), where the context is that it is meant to be retained in the event of abrupt execution failures. Much more appropriate is to follow Microsoft's own guidance for ephemeral working directories to reside under User/Machine-scoped ${Env:TEMP} to match the execution scope. This allows them to be cleared away by the built-in Disk Cleanup or any third-party equivalents in the event of unintentional cruft. Adequate randomness now takes the form of the instantaneous Get-Random (insecure implementation) call for a six-digit hexadecimal value that is passed to PSObject.ToString from .NET along with the PadLeft method to ensure the resulting directory name is always of the expected length.
Best comprehension and accuracy for user-consumed runtime messages that announce actions before they are undertaken requires the use of gerund forms or third-person present tense for action verbs. The liberal use of the terminal ellipsis in such strings is a widely-understood rubric that reinforces the nature of the announcements as preemptive rather than conclusory.
Resolves: #53
Type of change
Checklist