refactor: replace asdf plugin update with a custom function (#41)

.github/workflows/build.yml

@@ -38,6 +38,6 @@ jobs:
       - name: Validate installed plugins
         run: |
           set -euox pipefail
-          PLUGIN_GIT_REF=$(grep -oE "[^ ]\w{39}$" test/.plugin-versions)
+          PLUGIN_GIT_REF=$(grep -oE "[^ ]\w{6}$" test/.plugin-versions)
           asdf plugin list --refs | grep "${PLUGIN_GIT_REF}" &&
           echo "[Passed] The plugin git ref in test/.plugin-versions matches the installed one."

README.md

@@ -30,14 +30,14 @@ Using `asdf-plugin-manager`, you can set asdf plugins Git URL and ref for securi
 [Asdf is a great universal version manager](https://tech.aabouzaid.com/2022/01/asdf-vm-a-universal-version-manager-tools.html).
 However, it lacks a secure and declarative method to manage its plugins. For example, you cannot pin a specific asdf plugin version, which means you will be easily hacked if one of the asdf plugins you use is compromised!
 
-[Many exist requests asking to fix that](https://github.com/asdf-vm/asdf/issues/1577), but no solution has been proposed in `asdf` upstream yet! (Last check: Aug 2023)
+[Many exist requests asking to fix that](https://github.com/asdf-vm/asdf/issues/1577), but no solution has been proposed in `asdf` upstream yet! (Last check: Jan 2024)
 
 Hence, `asdf-plugin-manager` fills the gap to manage asdf plugins securely and declaratively via `.plugin-versions` file.
 
 # Dependencies
 
 - [asdf-vm](https://asdf-vm.com/): Tested with `v0.12.0` but probably will work with older versions.
-- `bash`, `cat`, `grep`, `tr`, `cut`, `column`, `sed`: Generic POSIX utilities.
+- `bash`, `cat`, `grep`, `tr`, `cut`, `column`, `sed`, `git`: Generic utilities.
 - `ASDF_PLUGIN_MANAGER_PLUGIN_VERSIONS_FILENAME`: Set default name for the file with the list of managed plugins.
   Default: `.plugin-versions`.
 
@@ -52,17 +52,17 @@ First, setup `asdf-plugin-manager` as asdf plugin in asdf:
 ```shell
 asdf plugin add asdf-plugin-manager https://github.com/asdf-community/asdf-plugin-manager.git
 # Pin the asdf-plugin-manager version using git tag or even better using git hash which is immutable.
-asdf plugin update asdf-plugin-manager v1.1.2
+asdf plugin update asdf-plugin-manager v1.2.0
 ```
 
 Then, install the actual `asdf-plugin-manager` CLI:
 
 ```shell
 # Install specific version
-asdf install asdf-plugin-manager 1.1.2
+asdf install asdf-plugin-manager 1.2.0
 
 # Set a version globally (on your ~/.tool-versions file)
-asdf global asdf-plugin-manager 1.1.2
+asdf global asdf-plugin-manager 1.2.0
 
 # Now asdf-plugin-manager command is available
 asdf-plugin-manager version

cli/asdf-plugin-manager.sh

@@ -2,9 +2,10 @@
 
 set -eo pipefail
 
-VERSION=1.1.2
+VERSION=1.2.0
 PLUGIN_VERSIONS_FILENAME="${ASDF_PLUGIN_MANAGER_PLUGIN_VERSIONS_FILENAME:-.plugin-versions}"
 ADD_CLEAN="${ASDF_PLUGIN_MANAGER_ADD_CLEAN:-FALSE}"
+PLUGINS_REPOS_DIR="$(asdf info | grep ASDF_DATA_DIR | cut -d"=" -f2)/plugins"
 
 print_version() {
     echo "${VERSION}"
@@ -59,6 +60,13 @@ export_plugins() {
     asdf plugin-list --refs --urls | tr -s ' ' | cut -d ' ' -f 1,2,4 | column -t
 }
 
+# Mimic 'asdf plugin update' to avoid "fatal: couldn't find remote ref ...".
+checkout_plugin_ref() {
+    plugin_name="${1}"
+    plugin_ref="${2}"
+    git --git-dir "${PLUGINS_REPOS_DIR}/${plugin_name}/.git" checkout "${plugin_ref}" -q
+}
+
 list_plugins() {
     plugin_name=$1
     if [[ -n ${plugin_name} ]]; then
@@ -88,7 +96,7 @@ add_plugins() {
         asdf plugin add "${plugin_name}" "${plugin_url}"
         # TODO: Remove the plugin update once asdf supports adding plugin with git-ref.
         # https://github.com/asdf-vm/asdf/pull/1204
-        asdf plugin update "${plugin_name}" "${plugin_ref}"
+        checkout_plugin_ref "${plugin_name}" "${plugin_ref}"
         echo "[INFO] Done."
     done
 }

test/.plugin-versions

@@ -1,2 +1,2 @@
 # name git-url git-ref
-venom https://github.com/aabouzaid/asdf-venom.git dea0c863f034c9935ebbfbfc0ead3c7bf90efae5
+venom https://github.com/aabouzaid/asdf-venom.git b0d00d6