-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/go: add modvendor sub-command #27618
Comments
I don't think the proposed One of the benefits of versioned modules over vendoring is that they can reduce redundancy globally: instead of N copies of the same code spread across N repos, we can have a single canonical copy shared by all builds of those repos. A per-module |
Instead, perhaps we should make it easier to maintain per-user or per-organization module proxies. For example, we could add an optional argument to
Then the user could commit the contents of |
We should also do the opposite, to fill the cache from a downloaded directory.
|
@flibustenet We don't currently have a command that populates more than the active modules, but that seems like a job for |
I think there are actually two use cases here:
I should update the description to make clear that this issue is trying to address point 1. Hence why I think the logic to "reset the main module's modvendor directory" is correct; because I don't want this directory to grow like a cache. Point 2 is the approach I've taken with https://github.com/myitcv/cachex, which is the "organisation repo" for https://github.com/myitcv/x, my mono repo. In this case, https://github.com/myitcv/cachex is an append-only repo that is a cache, and hence grows over time. It's separate from (and a subset of) But I can see use cases (i.e. deploying code or similar) where there is real benefit in point 1, for everything to be "bundled (in the same repo). Assuming we want to address/support both use cases (and it seems sensible to my mind to do so), they could be solved by the same sub-command; I'm certainly not precious about that 😄. But I think there are separate use cases to cover here. |
I'm not certain about those cases one way or the other. Given versioning, it seems like you can address all of the same use-cases — and more! — using a separate repository. If folks are doing the cost/benefit analysis and coming to a different conclusion, I'd like to see more of the details of the costs and benefits involved (beyond just “that's the way we've done things without versioning”). |
I'd second this request because, unless it wasn't clear already, I'm a fan of point 2. I'm only putting up point 1 as a "better" alternative to |
Hmm. With the |
Yes absolutely; I think the only difference between these two use cases is the use of "reset" semantics or not. |
|
Replying to the original benefits:
Having two ways to populate vendor does not seem like it would eliminate confusion.
We should address
It would be better to make
This is doubling down on vendor. We want to move in the opposite direction.
I don't know what this means.
No actual benefit here, right? I don't see what the problem is here, really, and I think it's very important not to pull in the entire module just to get one package. Because you're not just pulling in that one module, you're pulling in (at least references to) its dependencies. |
Thanks for the reply @rsc. Taking your responses slightly out of order:
Agreed, this doesn't make sense to solve with modvendor; not sure what I was thinking here. gohack get has a -vcs flag for just this purpose.
Just to be clear, I'm also trying to move away from vendor (the vendor directory as in the Go 1.5 definition) and the concept of "vendoring" more generally (and modvendor falls into this bucket), because there are better solutions to the problems that vendor/"vendoring" try to solve. My thinking was that something like modvendor could be a useful stepping stone away from the vendor directory to proxies etc.
modvendor uses a modvendor directory, not the vendor directory. The thinking being that a differently named directory forces the user to ask "what can I expect to be in modvendor" as opposed to being confused on "what is in vendor."
Poorly worded. One of the main reasons people like the vendor directory is that it removes service/network dependencies beyond the initial clone, there is nothing else to configure, no second repository to commit etc. modvendor achieves a similar effect - there is just one thing in play.
Agreed, if we can get
At least the way I intended to implement my trial of But I'm quite prepared to accept that modvendor might not be the right or even a necessary stepping stone. |
Have this issue as well, the |
c and h files are missing for example in gopkg.in/goracle.v2 when running go mod vendor should just copy the cache. in case somebody has a problem with that for some reason, some flag --ignore-tests could help. but some might also like to run the tests of the dependencies in the ci. |
@dryaf @karysto Try https://github.com/nomad-software/vend which will vend everything. |
@myitcv I suggest to keep it simpler and do not introduce new subcommands. Maybe Talking about #26366 issue. I tried to migrate one of our go project to use go modules, but since it uses some C dependencies and gomobile is not working with go modules I thought well I will just use |
@anjmao I agree with your suggestion and hope to solve the problem in a simple way. Personally speaking, |
We are facing the same problem. For legal reasons, we need to include the license file of some packages to the vendor directory. |
Creating this issue as a follow up to #26366 (and others).
go mod vendor
is documented as follows:Much of the surprise in #26366 comes about because people are expecting "other" files to also be included in
vendor
.An alternative to the Go 1.5
vendor
is to instead "vendor" the module download cache. A proof of concept of this approach is presented here:https://github.com/myitcv/go-modules-by-example/blob/master/012_modvendor/README.md
Hence I propose
go mod modvendor
, which would be documented as follows:Name and the documentation clearly not final.
Benefits (WIP)
vendor
gohack
), because the entire module is availablemodvendor
are an exact copy of the original modules. This makes it easier to check their fidelity at any point in time, with either the source or some other reference (e.g. Athens)GOPROXY=/path/to/modvendor
. No potential for confusion like "will themodvendor
of my dependencies be used?"Costs (WIP)
Related discussion
Somewhat related to discussion in #27227 (cc @rasky) where it is suggested the existence of
vendor
should imply the-mod=vendor
flag. The same argument could be applied here, namely the existence ofmodvendor
implying the setting ofGOPROXY=/path/to/modvendor
. This presupposes, however, that the idea ofmodvendor
makes sense in the first place.Background discussion:
https://twitter.com/_myitcv/status/1038885458950934528
cc @StabbyCutyou @fatih
cc @bcmills
The text was updated successfully, but these errors were encountered: