Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ci): go list check versions available for untagged dependencies #12774

Open
wants to merge 5 commits into
base: ci/dependency-checker
Choose a base branch
from
Open

feat(ci): go list check versions available for untagged dependencies #12774

wants to merge 5 commits into from
+40 −13

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Dec 12, 2024

This is on top of #12740, I'm experimenting with using go list -versions to inspect v0.0.0 dependencies (as per discussion with @BigLep). We should be able to say "you're using an untagged version, but it has a version, that's naughty.

@rvagg rvagg requested a review from galargh December 12, 2024 01:01
@rvagg rvagg force-pushed the rvagg/ci/dependency-checker branch from 55edcd9 to cf21ec5 Compare December 12, 2024 01:28
@rvagg
Copy link
Member Author

rvagg commented Dec 12, 2024

OK, this works now and reports:

v0.0.0 dependencies with available tags:
github.com/hannahhoward/go-pubsub
howett.net/plist

first one is a direct dependency and the second is an indirect; I've added an ignore to both, pubsub could be upgraded but I won't do it here, the other one is used by github.com/elastic/go-sysinfo which has an update but still doesn't use a tagged version of plist.

@rvagg rvagg marked this pull request as ready for review December 12, 2024 01:29
@rvagg rvagg requested review from BigLep and Stebalien December 12, 2024 01:29
@rvagg rvagg added the skip/changelog This change does not require CHANGELOG.md update label Dec 12, 2024
@rvagg rvagg mentioned this pull request Dec 12, 2024
Open
8 tasks
BigLep
BigLep approved these changes Dec 12, 2024
View reviewed changes
go.mod
@@ -352,7 +352,7 @@ require (
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect; indirect dependency-check-ignore: required by github.com/elastic/go-sysinfo
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect; indirect dependency-check-ignore: required by github.com/elastic/go-sysinfo
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect; dependency-check-ignore: required by github.com/elastic/go-sysinfo

extra indirect is redundant?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, that can be fixed, but this PR is full of conflicts now the base has shifted so I'm going to leave it to @galargh to resolve if he pulls this in, otherwise he can write it the way he wants

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BigLep BigLep BigLep approved these changes

@galargh galargh Awaiting requested review from galargh

@Stebalien Stebalien Awaiting requested review from Stebalien

Assignees
No one assigned
Labels
skip/changelog This change does not require CHANGELOG.md update
Projects
FilOz
Status: ✔️ Approved by reviewer
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rvagg @BigLep