-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove vendor directory. #1792
Remove vendor directory. #1792
Conversation
This was something previously brought up in tektoncd#1607, but was deferred to allow for continued discussion. Pros of making this change: * Reduces size of incoming PRs when new dependencies are used. * Removes confusion around source of truth for dependencies (e.g. vendor vs mod). This was an issue that tektoncd#1763 solved by pinning to vendor, this will solve the same problem differently by always deferring to the version in go.mod. * Allows easier use of upstream and dependent types without the use of vendor - see https://gist.github.com/wlynch/325293bc3fbc488d3b3d319f3a93bbea for an example of why this is difficult today. Risks of making this change: * Dependencies will not be present in initial clone. They will be fetched dynamicly when needed, which may cause workflow distruptions. * This breaks compatibility with older versions of Go (though for certain projects like triggers, we already require Go >= 1.13). Third-party obligations (for things like making source available in images) have already been addressed in tektoncd#1607. As with tektoncd#1607, this change is more easily viewed by running `git diff master -- ':!third_party' ':!vendor'`
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold |
@wlynch: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/hold
Yes, this is kinda of a problem with
What was the setup for this ^^.
This is already the case with There is additional problems, although more on go modules themselves that
As an example on this "unpredictability", cleaning my go setup (pkg, cache, …), I, somehow can't re-run successfully
This worries me as, at least with a Also
|
This is the same main.go that you see, with no other files. Notably this would work if you created a go.mod or used dep, since the go tool would know how to handle and override these. This is only a minor win, but would help dependencies get up and running faster since if pipelines depended on the scm type directly tools could theoretically use it without go mod. |
This is only for the initial version set though, right? This shouldn't change as long as you don't try and explicitly update (e.g. go get -u) a dependency. |
Well that’s my understanding. But depending on your go version, it doesn’t get the same deps, and.. on minor version like 1.13.1 vs 1.13.5 🤓 |
This ensures that `go mod download` in tests/scripts to make sure all dependencies are present. This should generally only be slow on the first attempt when it needs to download the modules locally, but subsequent calls should result in no change. This solves an issue raised in tektoncd/pipeline#1792 where the license DB used by a required tool wasn't being downloaded.
I'm thinking we close this for now until we make decisions around the vendor dir? |
@vdemeester I'm running into the same issue, do you remember how you solved it? Asking 2+ years later 😅 |
For what is worth, it seems it's fixed by installing |
Changes
This was something previously brought up in #1607, but was deferred to
allow for continued discussion.
Pros of making this change:
vs mod). This was an issue that Use vendored version of plumbing instead of go get 🦸 #1763 solved by pinning to vendor, this
will solve the same problem differently by always deferring to the
version in go.mod.
example of why this is difficult today.
Risks of making this change:
fetched dynamicly when needed, which may cause workflow distruptions.
certain projects like triggers, we already require Go >= 1.13).
Third-party obligations (for things like making source available in
images) have already been addressed in #1607.
As with #1607, this change is more easily viewed by running
git diff master -- ':!third_party' ':!vendor'
This should have no functional change for users (and ideally, even devs).
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Double check this list of stuff that's easy to miss:
cmd
dir, please updatethe release Task to build and release this image.
Reviewer Notes
If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.