-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce the dependency vendoring tool: dep
.
#551
Introduce the dependency vendoring tool: dep
.
#551
Conversation
107480d
to
211bece
Compare
Split changes into 2 commits to simplify reviewing:
|
Have you created a |
@adambabik I did it in |
04ee720
to
5813f1a
Compare
rebased to the current |
Double-checked difference between |
823ee75
to
887468d
Compare
@divan @adambabik I created |
Hmm, is it by design, to lint |
dep
.dep
.
Resolved |
|
@adambabik, hmm, all the tests pass on my machine, both e2e and unit. Is that possible if it doesn’t compile? |
Cache maybe in Travis? Have you checked that on Travis and your local machine there are the same files? |
76fe80b
to
d8c66d3
Compare
@adambabik so it was an incompatibility of 2 libraries |
d8c66d3
to
5e93a5a
Compare
@adambabik all the checks are green now. |
@mandrigin awesome! Btw. these packages are used in |
@mandrigin are these constraints https://github.com/status-im/go-ethereum/blob/develop/vendor/vendor.json included in any |
Yes, in the lock file. |
@divan @adambabik I added a short doc[1] on how to use |
@mandrigin please do a push to status-go repository, it will run tests on public network they are failing currently (#565) and it would be nice to see if this PR will affect them in any way |
@dshulyak done! https://travis-ci.org/status-im/status-go/builds/332265950 should have a test on a public network. |
thanks, looks like it doesn't, test hangs the same way :) |
@mandrigin can you please post instruction how I can test it from scratch? Can I just delete |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
works well, i have couple of questions/suggestions
- I am seeing this warning, shouldn't we use override for transitive deps?
However, these projects are not direct dependencies of the current project:
they are not imported in any .go files, nor are they in the 'required' list in
Gopkg.toml. Dep only applies [[constraint]] rules to direct dependencies, so
these rules will have no effect.
Either import/require packages from these projects so that they become direct
dependencies, or convert each [[constraint]] to an [[override]] to enforce rules
on these projects, if they happen to be transitive dependencies,
- Usually it is good practice to strip tests from vendor directory. Can we add
find vendor -name '*_test.go' -delete
until it is not support by dep ensure?
DEPENDENCIES.md
Outdated
to be in-sync there. We want to reduce the regression scope. | ||
Hence, we pin down all the dependencies of `go-ethereum` with SHAs in `Gopkg.toml` when | ||
importing a new version of upstream. (This is considered a bad practice for | ||
`dep` but we are willing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
something is missing here)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oops 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in the latest push
2. Commit changes. | ||
|
||
|
||
## Updating a dependency |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think it worth noting how to install dependencies from scratch, e.g dep ensure
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we ever get a repo state when you need to install all deps from scratch? (aka with empty vendor
)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i guess you are right
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in the latest push
Gopkg.toml
Outdated
@@ -0,0 +1,109 @@ | |||
[[constraint]] # Required to be compatible with `btcd` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i would like to separate our deps and go-ethereum, what do you think about it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried it, it doesn't seem to worth it.
-
If we have SHAs in the lock file (as we should) it isn't propagated to the main dependency. That makes the versions we use in
status-go
slightly different from whatgo-ethereum
is using. That is exactly what we want to avoid. -
If we have SHAs as constraints in
go-ethereum/Gopkg.lock
(via manual labour), we will have dependency resolution issues if a dependency is used both instatus-go
andgo-ethereum
(otto
, for instance).
So the most stable method I found is to keep all the dependencies in Gopkg.toml
of status-go
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i meant just to put our own deps on top of the file, then go-ethereum and then all of the go-ethereum deps. but maybe thats not worth it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, no, that is a good idea, I'll do that.
One thing to note is that we won't have much of our dependencies in the toml
file anyways.
The idea of this toml
/lock
split that the toml file contains only constrained dependencies. If we don't care about the version, we don't add this dep in there. So basically we will have:
btcutils
(constrained becausebtcd
)go-ethereum
(constrained because a custom source and a custom branch)geth
dependencies.
dep
ensures that SHAs are in the lock
file and the components aren't updated until you specifically ask for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in the latest push
Also our vendor became 112M with tests, 86M without tests. And before that it was 32M. Do you know what might be the reason for such big change? |
@dshulyak that's because |
How to reproduce that? Is it with clean |
@mandrigin at first i removed vendor and saw this warning, but after initial sync i can reproduce it as well i suspect it might be related to dep version, i installed it in the morning)
|
fcf5ef7
to
fe46ebb
Compare
@dshulyak this warning... I can't reproduce it locally 😢 |
@mandrigin I just discovered that the code required for pruning unused packages and test files was merged and will be a part of next release. but in the documentation, we are recommending to use dep tool straight from GitHub, so maybe it makes sense to rely on those features and make our vendor folder smaller from the beginning. what do you think? |
Even if we can only remove tests it will reduce the size of vendor by ~30M |
@dshulyak I think it might make sense have a follow-up issue when the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure, sounds good to me
regarding the warning, the result was identical anyway, so I assume we can figure out its meaning later |
cbae543
to
4f748ce
Compare
Use commits from `go-ethereum@release/1.7` for most of the dependencies.
4f748ce
to
9c50dbd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The number of dependencies is alway horrifying.
LGTM
@mandrigin please rebase, i fixed mistake that blocked CI #572 |
good news, you don't have to :) restart of the job helped |
Use commits from
go-ethereum@release/1.7
for most of the dependencies.TODO
status-im/go-ethereum
status-im/go-ethereum
as a source inGopkg.toml
create an issue to use(no need to sincedep prune
when it is readyprune
will be a part ofensure
)make test-e2e
when it is availableCloses #223