Go Modules version and dependency support! #2528
Conversation
app/models/package_manager/go.rb
Outdated
| number: info["Version"], | ||
| published_at: info["Time"].presence && Time.parse(info["Time"]) | ||
| } | ||
| end |
There was a problem hiding this comment.
This is the only questionable part -- it's a choice between two options:
- this, where we make a superfast request for each version to get it's actual published_at
- or, make a single request to the pkg.go.dev page, and get each version with a Date-only-version of its published_at
🤷♂️
There was a problem hiding this comment.
I like the approach here of doing a request per version. This is a background job and so would rather get the full and correct info
There was a problem hiding this comment.
@katzj I just switched this to use the pkg.go.dev scraping instead, because I noticed pkg.go.dev will index packages that aren't technically Go Modules (i.e. don't have go.mod), e.g. https://pkg.go.dev/github.com/BurntSushi/toml , which works, whereas the Go proxy url fails 😕 :
$ curl http://proxy.golang.org/github.com/BurntSushi/toml/@v/list
bad request: invalid escaped module path "github.com/BurntSushi/toml"Seem ok?
Use chronic library to parse version timestamps like "1 day ago"
app/models/package_manager/go.rb
Outdated
| end | ||
|
|
||
| def self.install_instructions(project, version = nil) | ||
| "go get #{project.name}" | ||
| end | ||
|
|
||
| def self.project_names | ||
| get("http://go-search.org/api?action=packages") | ||
| # Currently the index only shows the last <=2000 modules from the date given. (https://proxy.golang.org/) |
There was a problem hiding this comment.
About how many a day are there usually?
There was a problem hiding this comment.
Uh oh, just realized this is actually package-specific (not module-specific), and it's version-specific too. So this list is gonna change [very frequently]. Left a note about that in the Go issue above tho.
app/models/package_manager/go.rb
Outdated
| end | ||
|
|
||
| def self.project(name) | ||
| get("http://go-search.org/api?action=package&id=#{name}") | ||
| if pkg_html = get_html("https://pkg.go.dev/#{name}?tab=doc") | ||
| go_module, _latest_version = pkg_html.css('a[data-test-id="DetailsHeader-infoLabelModule"]').first&.text&.split('@', 2) |
There was a problem hiding this comment.
This seems fragile... how often is name != go_module? Because then we could just use the version list from the proxy and figure out latest version ourselves
There was a problem hiding this comment.
We're currently indexing both packages+modules, so name could be either the package or the parent module.
This part's not to get the latest_version tho, it's just to strip the latest_version from this module name. I might be wrong and it's not there, so I'll circle back in a bit and see if the splitting is necessary.
app/models/package_manager/go.rb
Outdated
| # NB this requires a quick request for each version, but we could alternatively fetch from | ||
| # https://pkg.go.dev/mod/#{go_module}?tab=versions and the '.Versions-commitTime', selector, | ||
| # but the dates are a combination of date-only or natural language (e.g. '1 day ago') | ||
| versions = get_raw("http://proxy.golang.org/#{go_module}/@v/list") |
There was a problem hiding this comment.
| versions = get_raw("http://proxy.golang.org/#{go_module}/@v/list") | |
| versions = get_raw("https://proxy.golang.org/#{go_module}/@v/list") |
app/models/package_manager/go.rb
Outdated
| number: info["Version"], | ||
| published_at: info["Time"].presence && Time.parse(info["Time"]) | ||
| } | ||
| end |
There was a problem hiding this comment.
I like the approach here of doing a request per version. This is a background job and so would rather get the full and correct info
tiegz
changed the title
Def! I'm afraid of overwhelming pkg.go.dev tho -- maybe something like this? With 1.8 million Go packages, that'd take about 21 days. The slowest thing in an |
This adds support for "Releases" and "Dependencies" for Go Modules, which most Go projects are using now. It switches us from "go-search.org" (which doesn't work anymore) to "pkg.go.dev" (the new Go Module directory) and "proxy.golang.org" (the official Go Module proxy).
Example from k8s: