A vendoring tool for fetching and managing external dependencies.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dfetch from gravatar.com dfetch Avatar for spoorcc from gravatar.com spoorcc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Ben Spoor
  • Tags dfetch , dependency management , embedded development , fetch tool , vendoring , multi-repo , dependencies , git , svn , package manager , multi-project , monorepo
  • Requires: Python >=3.10
  • Provides-Extra: development , docs , test , casts , build , sbom
Classifiers
Report project as malware

Project description

Codacy Badge Codacy Badge Documentation Status Build Code style: black GitHub Gitter Libraries.io dependency status for GitHub repo Maintenance GitHub issues PyPI - Python Version PyPI Contribute with Codespaces OpenSSF Best Practices

DFetch can manage dependencies

We make products that can last 15+ years; because of this we want to be able to have all sources available to build the entire project from source without depending on external resources. For this, we needed a dependency manager that was flexible enough to retrieve dependencies as plain text from various sources. svn externals, git submodules and git subtrees solve a similar problem, but not in a VCS-agnostic way or completely user-friendly way. We want self-contained code repositories without any hassle for end-users. Dfetch must promote upstreaming changes, but allow for local customizations. The problem is described thoroughly in managing external dependencies and sometimes is also known as vendoring.

Other tools that do similar things are Zephyr's West, CMake ExternalProject and other meta tools. See alternatives for a complete list.

Getting started | Manual | Troubleshooting | Contributing

Problems DFetch Solves

  • Declarative code reuse across projects (inner sourcing)
  • Compose multi-repo code bases into a single working tree
  • Vendoring dependencies for reproducible builds
  • Apply local patches while keeping upstream syncable
  • VCS-agnostic dependency management
  • Self-contained exports for releases or audits

Install

Stable

pip install dfetch

latest version

pip install git+https://github.com/dfetch-org/dfetch.git#egg=dfetch

Binary distributions

Each release on the releases page provides installers for all major platforms.

  • Linux .deb & .rpm
  • macOS .pkg
  • Windows .msi

Github Action

You can use DFetch in your Github Actions workflow to check your dependencies. The results will be uploaded to Github. Add the following to your workflow file:

jobs:
  dfetch-check:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - name: Run Dfetch Check
        uses: dfetch-org/dfetch@main
        with:
          working-directory: '.' # optional, defaults to project root

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dfetch from gravatar.com dfetch Avatar for spoorcc from gravatar.com spoorcc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Ben Spoor
  • Tags dfetch , dependency management , embedded development , fetch tool , vendoring , multi-repo , dependencies , git , svn , package manager , multi-project , monorepo
  • Requires: Python >=3.10
  • Provides-Extra: development , docs , test , casts , build , sbom
Classifiers

Release history Release notifications | RSS feed

0.13.0

0.12.1

This version

0.12.0

0.11.0

0.10.0

0.9.1

0.8.0

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

0.1.1

0.1.0

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dfetch-0.12.0.tar.gz (3.0 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dfetch-0.12.0-py3-none-any.whl (92.6 kB view details)

Uploaded Python 3

File details

Details for the file dfetch-0.12.0.tar.gz.

File metadata

  • Download URL: dfetch-0.12.0.tar.gz
  • Upload date:
  • Size: 3.0 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dfetch-0.12.0.tar.gz
Algorithm Hash digest
SHA256 8cebfd085d186d74b4cdceb31b90a30dc39d671b2d864d428991308f699d419f
MD5 bd83c2e0d2fc980612ee8a911d51e3ca
BLAKE2b-256 66ea0d8ad6b6c92b4001b58fe19e7bf4575c6df3330aecda78910ec33027df35

See more details on using hashes here.

Provenance

The following attestation bundles were made for dfetch-0.12.0.tar.gz:

Publisher: python-publish.yml on dfetch-org/dfetch

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dfetch-0.12.0-py3-none-any.whl.

File metadata

  • Download URL: dfetch-0.12.0-py3-none-any.whl
  • Upload date:
  • Size: 92.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dfetch-0.12.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e2d84626c1c176ed9f79f7a4144857c5ae6edca689986f7cff55e71b9ae95768
MD5 4dab87012176f5343a7eaeb7d569c04a
BLAKE2b-256 8313b02378716b98baf798be2aaf9bbee0f0d74a6408101eeb0c848ffc94ee45

See more details on using hashes here.

Provenance

The following attestation bundles were made for dfetch-0.12.0-py3-none-any.whl:

Publisher: python-publish.yml on dfetch-org/dfetch

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page