logoalt Hacker News

ASinclairtoday at 2:03 AM2 repliesview on HN

It’s largely used for syncing external open source projects with the monorepo. Policy is to require source code imports over built artifacts. Though you can get exceptions.

Some projects are also developed in the monorepo and exported via Copybara.

My team also uses it to version Starlark rule sets internally.


Replies

lwhitoday at 9:16 AM

I suppose it mitigates the potential risk of libraries being poisoned?

show 1 reply
paulddrapertoday at 2:58 AM

Source code imports versus artifacts really neither here nor there. Go is source code imports too.

The key part for Copybara is that Google will make changes to the OSS projects from within the internal repo and everyone else will make changes to the OSS projects.