Update generate dependencies to fix Go 1.18 packer-sec cmd install #108
Conversation
* Update x/tools package to latest version to fix code generation error ``` go get golang.org/x/tools go mod tidy ``` Closes #103
| @(cd $(TEMPDIR) && GO111MODULE=on go get github.com/mna/pigeon@master) | ||
| @(cd $(TEMPDIR) && GO111MODULE=on go get github.com/alvaroloes/enumer@master) | ||
| @go install github.com/mna/pigeon@v1.1.0 | ||
| @go install github.com/alvaroloes/enumer@master |
There was a problem hiding this comment.
Ah let me leave a comment on that one. The latest release is outdated. So keeping it at master for now.
There was a problem hiding this comment.
does it allow for a @commit-id?
There was a problem hiding this comment.
I believe it does. But TBH a tag would be preferred. Seeing as it was set to master before, and the code has not changed, I will keep it as it is. There appears to be a few forks that have since been updated, which we may want to look into.
I'm going to merge this change but please continue the conversation as we can iterate on the change.
There was a problem hiding this comment.
I'm generally worried about these loose dependencies, because they generally mean the build has less chances of being reproducible in the future. And being non-reproducible has a tendency to break, not only this upstream project, but also downstream clients. Downstream clients generally seem to a have a tendency to be "stuck" until upstream fixes these kind of problems, or they themselves try to fix it (if they even known how) with(out) upstream help, but until a fix is ready, someone might be "stuck".
Please note that I understand this is a fine balance between practicality and maintainability, and I'm not trying to push anything, I'm just expressing my opinion.
FWIW, I was a tiny bit impacted by this; mind you, by my own doing! I though I was pinning the go version, but I was not really doing that, so this was an enlightenment moment for me! and at the end, I was graceful that this has happened!
* Replaces the deprecated `go get` calls with `go install`. * Add version to pigeon install command The v1.1.0 release of pigeon was released back in March of 2021 points to the latest change in the master branch, which was committed over two years ago. Instead of pulling from master we will pull in the latest release and update dependenbot to check for this dependency. * Add github.com/mna/pigeon to dependebot tracking file Related to: #103
nywilken
force-pushed
the
nywilken/update-gen-deps
branch
from
29449d2
to
db3a2b9
Compare
These changes update the golang.org/x/tools pkg to fix code generation issue with Go 1.18+, and update the projects Makefile to use
go installover the deprecatedgo getinstallation command.Closes #103