Skip to content
This repository has been archived by the owner on Sep 9, 2020. It is now read-only.

Validate that imported locked revisions did not change after solving #908

Closed
carolynvs opened this issue Jul 26, 2017 · 4 comments · Fixed by #1475
Closed

Validate that imported locked revisions did not change after solving #908

carolynvs opened this issue Jul 26, 2017 · 4 comments · Fixed by #1475
Labels
area: init help wanted

Comments

@carolynvs
Copy link
Collaborator

During import, an importer generates a suggested set of locked revisions based on the locks from the imported config. Then dep solves, and this may end up changing the locked revision. For example, if the revision that they originally locked to no longer exists, or the imported constraint doesn't allow the locked revision.

The rootAnalyzer should verify that the imported set of locked revisions matches the final solved locked revisions. If there are any changes, print a warning highlighting the old/new locked revisions. We don't want to fail, because having the config files written to disk as a starting point is still quite useful.
This was referenced Jul 26, 2017
Closed
Merged
@carolynvs carolynvs mentioned this issue Aug 28, 2017
Closed
@sdboyer
Copy link
Member

sdboyer commented Aug 28, 2017

i think we'd ideally like to see not only a notification of the change, but also a reason why the change occurred. that's information that we can extract from the solver, although it'll probably take some refactoring to get at it.

@carolynvs
Copy link
Collaborator Author

That would be great, but would be best in a separate issue/PR, as we really need this ... yesterday 😀 , and the identification part isn't as difficult/involved as refactoring.

dlsniper added a commit to dlsniper/dep that referenced this issue Aug 28, 2017
@dlsniper
Explain the status of the project
f569c7f 
Following the discussion golang#1070 (comment)
"Agreed, dep cannot currently be trusted to not make changes after the importers are run.
The issue which tracks that is golang#908.", it is clear that the maintainers of
the tool do not see it as a reliable project.

As such, the users should be correctly informed about the status of the
project and what are the goals in order to make it a production ready one.
@dlsniper dlsniper mentioned this issue Aug 28, 2017
Closed
@carolynvs carolynvs mentioned this issue Sep 4, 2017
Closed
@carolynvs carolynvs mentioned this issue Oct 31, 2017
Closed
@zmackie
Copy link
Contributor

zmackie commented Dec 20, 2017

@carolynvs I was thinking of taking a crack at this over the holiday. Is it still live?

@carolynvs
Copy link
Collaborator Author

@Zanadar Yes, I would really appreciate help with this! 💖 It's a high priority item at this point and I will be working on closely related features over holiday as well. If you end up not having time (it is the holidays after all), please let me know as my one of my issues rely on this feature.

The change needs to be made here:

dep/cmd/dep/root_analyzer.go

Line 167 in a926781

func (a *rootAnalyzer) FinalizeRootManifestAndLock(m *dep.Manifest, l *dep.Lock, ol dep.Lock) {

We need to warn about any projects where the final revision is different than the original imported revision. This warning only applies to projects that are in both locks, a deleted or new locked project should not print a warning.

That function is already looping over the final lock, and we need this logic to happen for every locked project, so don't stuff the logic into the if/else in there.

Please feel free to open a PR with whatever you have an ask questions from there. I'll keep an eye for it.

@zmackie zmackie mentioned this issue Dec 22, 2017
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area: init help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Note diffs b/w imported and solved lock zmackie/dep
3 participants
@sdboyer @carolynvs @zmackie