1. .
BUILDING YOUR OWN CPAN WITH
PINTO
.
andrefs@andrefs.com
@about_andrefs
PTPW 2013
2. .
PRESENTATION
HIGHLIGHTS
.
⋆ LIVE ACTION ⋆
.
.
slides might be finished as we speak — or never at all
.
.
⋆ THRILLS AND CHILLS ⋆
.
most of this stuff is stolen anyway — references at the end
.
.
⋆ INTERACTIVE MEDIA ⋆
.
advanced features will be left as an exercise
for
. the reader
6. .
COMMON DEV
PROBLEMS
.
• how to distribute internally in-house
developed modules which are not on
CPAN? (e.g. confidential, too specific, …)
• how to distribute internally a
(temporarily) patched third-party
module?
7. .
COMMON DEV
PROBLEMS
.
• how to keep track of which versions of
your app’s dependencies are safe? (and
how to make them available)
• how to keep track of which versions
break your app?
8. .
COMMON DEV
PROBLEMS
.
• how to quickly replicate the
production/testing/development
environment?
• how to efficiently ensure that everybody
is using the same versions of the
dependencies?
9. .
SO WHAT?
With Pinto you can:
• keep one or more instances of privates
CPAN-like repos
• distribute in-house modules using the
standard tools from the CPAN ecosystem
• simultaneously manage dependencies
for multiple apps/projects
• pin specific versions of module to fix
broken dependencies
.
10. .
PINTO ADVANTAGES
.
• supports multiple indexes
• helps manage incompatibilies between
dependencies
• has built-in version control
• can pull archives from multiple remote
repositories
• supports team development
11. .
.
USAGE
1. create a Pinto repository
2. pull CPAN modules, add your own, freeze
versions, …
3. point your /cpan(m|p)?/ to your Pinto
repo when installing your app’s
dependencies
4. repeat steps 2 and 3 throughout project’s
lifecycle
.
12. .
BASIC OPS
.
create a repo
.
pinto -r ~/repo init
.
.
.
pull a CPAN module
.
pinto -r ~/repo pull Dancer
.
.
add a module of your own
.
pinto -r ~/repo add My-Module_01.tgz
.
14. .
PINNING VERSIONS
.
• Control exactly which versions go into
your repo
• pinto -r ~/repo pin Data::Dump
.
pinto -r repo list
.
...
[rl!] Data::Dump
[rl!] Data::Dump::Trace
...
.
1.22 GAAS/Data-Dump-1.22.tar.gz
0.02 GAAS/Data-Dump-1.22.tar.gz
15. .
PATCHES
• Build your own custom versions of CPAN
modules
• Add them to your repo
• pinto -r ~/repo add Data-Dump-
.
1.22_PATCHED.tar.gz
.
pinto -r repo list
.
...
[rl!] Data::Dump
[rl!] Data::Dump::Trace
...
.
1.23 ANDREFS/Data-Dump-1.22_PATCHED.tar.gz
0.02 ANDREFS/Data-Dump-1.22_PATCHED.tar.gz
16. .
STACKS
.
• Pinto seems nice, but what about:
• projects with distinct dependencies?
• projects with conflicting dependencies
versions?
• dependencies for distinct environments?
• Each stack is an isolated repository
22. .
PINTOD
•
•
•
•
.
web API to a Pinto repository
manage and inspect the repository
use it with CPAN clients
basic HTTP authentication, or other
authentication schemes
• PSGI compatible, by default runs under
Plack::Runner using Starman
23. .
PINTO VS PAUSE
.
• Pinto does not promise to index exactly
like PAUSE does
• Pinto does not understand author
permissions
• Pinto does not enforce security
27. .
WHAT’S LEFT?
.
.
A
. uthentication and authorization
.
• Who can create, modify or delete existing
stacks?
• Who can pin or unpin modules in a given
stack?
• Who can make new releases to a stack?
• people ↔ stacks ↔ modules