[erlang-questions] Enot - Erlang package manager and deploy tool (+ answers on the questions)

Sun Feb 18 22:21:49 CET 2018

Hi,

As promised, I have done renaming the tool. And now it is called 'Enot'
[yenot] - that is raccoon in Russian.
My appology for not being answering the questions before - I was extremely
busy with my personal stuff and renaming in general. So further in letter
you'll see links on updated everything :) and answers on most questions.

Here are the updated links:
https://github.com/comtihon/enot - client
https://github.com/comtihon/enot_auto_builder - server
https://enot.justtech.blog/ - site
and updated articles:
https://justtech.blog/2018/01/07/create-erlang-service-with-enot/
https://justtech.blog/2018/02/11/erlang-service-easy-deploy-with-enot/

The GiHhub application and it's pip package are also renamed to enot.

Now I'll try to answer your questions:
First, Enot is not just another build system with new configuration format
(eh, we already have two), but It is an easy deploy tool. You prepare your
installation instructions and every user can install your package
via "enot install ..." CLI command. That's the main idea: to have something
comparable with Python's pip.
Also I tried my best to design modern tool, similar to what they have in
Java and Python worlds.
I took the best:
* prebuilt deps [Maven, Pip]. Now all CI/docker builds will be much faster
* an easy deploy [Pip].
* multiple environment configuration [Java]. See
https://github.com/comtihon/enot/blob/master/docs/templating.md#appsrc-advanced-templates
for more details.
* automatic name/version fill in at app.conf and relx.conf. Yes, I think
that  manual handling of versions and constants is a little bit outdated
and not practical. Especially, when you have to modify multiple files.

Second, I believe Json coniguration is better for devOps, but if you don't
want to learn it: use rebar or erlang.mk config - Enot understands them as
well.

Third, there were some questions about security. I've added document here
https://github.com/comtihon/enot/blob/master/docs/packaging_and_security.md
Main idea is: nobody can upload prebuilt package to EnotHub. You can only
ask Enot Build Server to fetch sources from GitHub and build package.
Also, do you really use third-party github deps in production? I beleive
not. So just fork dep you need, add it to EnotHub and use. Enot was
designed to be fork-compatible.

If your company is big enough to afford private git (gitlab),
artifactory/nexus, ets. you can just run your private Enot Build server and
switch all Enot clients to it to gain even more security.

As for cryptography package checks - I also find it important and I'll add
it in a few weeks (still a little bit busy).

Many thanks to people who advocate me and my appologies to people who felt
hurt.

I hope nothing will stop you to use this tool at work now :).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180218/8473a6b2/attachment.htm>