📦 Vendoring System¶

Sistema de gestión de dependencias vendorizadas (incluidas directamente en el repositorio).

🎯 Propósito¶

Vendoring permite incluir el código fuente de dependencias críticas directamente en el repositorio, garantizando: - ✅ Builds reproducibles a largo plazo - ✅ Control total sobre modificaciones - ✅ Independencia de upstream

📋 Documentos Clave¶

VENDOR_POLICY.md ¶

Lectura obligatoria antes de vendorizar cualquier dependencia.

Contiene: - Criterios de decisión (¿vendorizar o no?) - Trade-offs (pros vs contras) - Proceso paso a paso - Policy oficial de AudioLab

🛠️ Scripts Disponibles¶

`scripts/update_vendored.ps1`¶

Actualiza una dependencia vendorizada a nueva versión.

# Listar dependencias vendorizadas
.\scripts\update_vendored.ps1 -ListVendored

# Actualizar una library
.\scripts\update_vendored.ps1 -Library libDSP -Version 2.4.0

# Dry run (sin cambios reales)
.\scripts\update_vendored.ps1 -Library libDSP -Version 2.4.0 -DryRun

`scripts/verify_vendored.ps1`¶

Verifica integridad de todas las dependencias vendorizadas.

.\scripts\verify_vendored.ps1

Chequea: - ✓ README_VENDOR.md existe - ✓ LICENSE existe - ✓ CMakeLists.txt configurado

`scripts/verify_juce.ps1`¶

Verifica instalación específica de JUCE.

.\scripts\verify_juce.ps1

📁 Estructura¶

03_03_05_vendoring/
├─ juce/                      ← JUCE 7.0.9 submodule
├─ tests/                     ← Vendored dependency tests
│  ├─ CMakeLists.txt
│  └─ test_juce_basic.cpp
├─ _metadata/                 ← Metadata and tracking files
│  ├─ juce_config.yaml
│  ├─ juce_installed_version.txt
│  ├─ vendored_versions.lock
│  └─ README.md
├─ scripts/                   ← Maintenance scripts
│  ├─ update_vendored.ps1
│  ├─ verify_vendored.ps1
│  ├─ verify_juce.ps1
│  └─ README.md
├─ CMakeLists.txt             ← JUCE integration
├─ VENDOR_POLICY.md           ← Vendoring policy
└─ README.md                  ← This file

🚀 Workflow Rápido¶

Añadir Nueva Dependencia Vendorizada¶

Step 1: Evaluate if Should Be Vendored¶

Before vendoring, check: - Size: Is it < 200 MB? (prefer smaller) - Criticality: Is it essential for core functionality? - Stability: Is it a stable release? - License: Does license permit redistribution? - Maintenance: Can we maintain it if upstream disappears?

Read VENDOR_POLICY.md for detailed criteria.

Step 2: Add as Git Submodule¶

cd "2 - FOUNDATION/03_INFRA/03_03_dependency_management/03_03_05_vendoring"

# Add submodule
git submodule add https://github.com/org/library.git library_name

# Checkout specific version
cd library_name
git checkout v1.2.3
cd ..

Step 3: Create [name]_config.yaml¶

---
name: LibraryName
version: 1.2.3
repository: https://github.com/org/library.git
commit: abc123def456
license: MIT
our_license_type: MIT
date_added: YYYY-MM-DD
installed_by: your_name
modules_enabled:
  - module1
  - module2
update_policy: "Security patches as needed"
notes: "Reason for vendoring"

Step 4: Update vendored_versions.lock¶

vendored_dependencies:
  library_name:
    version: "1.2.3"
    commit: "abc123def456"
    repository: "https://github.com/org/library.git"
    date_added: "YYYY-MM-DD"
    size_mb: 15
    purpose: "Brief description"
    license: "MIT"
    status: "active"

Step 5: Integrate in CMakeLists.txt¶

Add to CMakeLists.txt:

# LibraryName Integration
add_subdirectory(library_name EXCLUDE_FROM_ALL)

set(LIBRARYNAME_AVAILABLE TRUE PARENT_SCOPE)
set(LIBRARYNAME_VERSION "1.2.3" PARENT_SCOPE)

Step 6: Verify and Commit¶

# Verify installation
git status

# Add all files
git add .

# Commit with descriptive message
git commit -m "vendor: Add LibraryName v1.2.3 for [purpose]

- Added as git submodule
- Created config and lock file entries
- Integrated with CMake build system"

⚠️ Advertencias¶

NO vendorizar sin leer VENDOR_POLICY.md
NO modificar código vendorizado sin documentar patches
NO olvidar README_VENDOR.md
SIEMPRE verificar licencia permite redistribución

📚 Referencias¶

VENDOR_POLICY.md - Política completa
Go Vendoring - Best practices de Go
Rust Cargo Vendor - Approach de Rust

🎵 JUCE Framework 7.0.9¶

Clean installation configured on 2025-10-03.

Quick Verification¶

cd juce
git describe --tags  # Should show 7.0.9

Build Integration¶

Automatically included via CMake. Link against JUCE modules:

target_link_libraries(your_target PRIVATE
    juce::juce_audio_basics
    juce::juce_audio_processors
    juce::juce_dsp
)

Installation method: Git submodule Configuration: _metadata/juce_config.yaml Version tracking: _metadata/vendored_versions.lock Commit: d054f0d

Estado actual: Sistema configurado con JUCE 7.0.9 como submodule.

Próximos pasos: Solo vendorizar dependencias adicionales cuando sea estrictamente necesario según política.