With cocoapods or any dependency manager you get specify a framework along with a version of it to be used.
This way all devs of the team have the same version installed.
The logic of it very similar to package.json
+ package-lock.json
or Gemfile
+ Gemfile.lock
where you list all your node
or gem
dependencies.
Beyond that every project, language has its own convention on whether or not commit the actual files of the dependencies or not ie ALL projects do include the list of dependencies and versions.
For iOS there are two schools of thoughts when it comes to committing the pods folder
One school of thought looks at your pods directory as derived data. As long as you have both your podfile
and lock
file checked in your project, and you should...then anybody can in theory recreate that environment at any time just by running pod install
. ie you don't need to commit the pods project <— This approach requires every user to install Cocoapods. It's also much more similar to how the javascript, node world works. The server just looks into your package.json
and downloads your dependencies for you.
The other school of thought believes because your pods directory contains essential files needed to run your project...you should absolutely check it in. That way anybody could download your entire repository and run it. No other steps required. This is easier for newbie developers which don't have experience with Cocoapods as compilation of the project doesn't require you to run any commands. Though this approach might cause your repository to get bloated and you could potentially run into pod merge conflicts. Pod merge conflicts can be resolved as easily. Most iOS projects are doing it like this.
This two bullets above are mainly derived from this awesome video CocoaPods and Lockfiles
It's also worth mentioning that:
The Podfile.lock
is at the root (as well as the Podfile
) because it is required to commit it into git that's why they are exceptions, while anything inside Pods/
are not required to be committed for things to work (even if some people do for caching reasons or whatnot), as everything in there can be regenerated from the Podfile
and lockfile
The above paragraph was written by Olivier Halligon
What is a Podfile
?
It's a list of your pod dependencies per target (e.g. your Apple Watch or Test targets can have dependencies that are different from your main iOS App). You as the developer list your dependencies along with the version you want. e.g. in Signals Podfile
, want to use YapDatabase/SQLCipher
pod then you add that to your Podfile
like this.
pod 'YapDatabase/SQLCipher', :git => 'https://github.com/signalapp/YapDatabase.git', branch: 'signal-release'
What is a Podfile.lock
?
It's a snapshot of your pod dependencies along with their dependencies and the git url along with the tag/version/commit it has used. This file is generated for you when you run pod install
or pod update
. You do not make changes to it yourself.
If you've added YapDatabase/SQLCipher
as a pod, then the Podfile.lock
will generate these lines for you:
- YapDatabase/SQLCipher (3.1.1):
- YapDatabase/SQLCipher/Core (= 3.1.1)
- YapDatabase/SQLCipher/Extensions (= 3.1.1)
The locks are a great way to catch discrepancies between two branches — assuming they've both updated the same lines.
What is a podspec
?
Short for 'Pod Specification'
It has the name of the pod, version, homepage, authors, source, the source file types it needs to pull in. Example:
Pod::Spec.new do |spec|
spec.name = 'Reachability'
spec.version = '3.1.0'
spec.license = { :type => 'BSD' }
spec.homepage = 'https://github.com/tonymillion/Reachability'
spec.authors = { 'Tony Million' => 'tonymillion@gmail.com' }
spec.summary = 'ARC and GCD Compatible Reachability Class for iOS and OS X.'
spec.source = { :git => 'https://github.com/tonymillion/Reachability.git', :tag => 'v3.1.0' }
spec.source_files = 'Reachability.{h,m}'
spec.framework = 'SystemConfiguration'
end
What's the diff between podspec
and podfile
?
podspec
defines the pod itself. (maintained by pod developers)
podfile
lists the pod dependencies of a project. (maintained by app developers)
What does a real Podfile
and Podfile.lock
look like?
You can compare Signal's Podfile and Podfile.lock
Or compare Wordpress's Podfile and Podfile.lock
Both schools of thoughts will have to commit Podfile
and Podfile.lock
. But the 2nd school of thought will also commit a gigantic Pods project