-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/go: provide straightforward way to see non-test dependencies #26955
Comments
An example where a benchmark-only dependency appearing in In that example, one of the main points of this new project is to resuscitate a dead project (in a cleaner form), and there was surprise at seeing the dead project listed as a dependency of the new project. (There was surprise and consternation on the part of the authors, but one could also imagine that being a deterrent to a user evaluating whether or not to download and/or use this new project if it appears the new project relies on a dead project). |
We should see if it's better to have this information directly in the |
@flibustenet - just in case you haven't seen #26913 (comment) yet. I think it's worth focussing on what people are trying to achieve here... which I agree has some overlap with their workflow and hence the tools they are using, but in the case of using godoc.org, I believe the underlying question that someone is trying to answer is "what dependencies does module M have?" and making some judgement on whether or not to use M using that information. Getting more detail on that will, I think, help to steer us towards the building blocks we then need in place. As I noted on Slack:
That said, we don't need to load everything into the |
As an example of the issue here, I just noticed a dependency on
So the shortest path to this dependency takes us through four levels of external test dependencies. In practice I almost never care about test dependencies of external dependencies. |
Hi, I'm redirecting the comment here Russ's comment about scopes is compelling to have unified go.mod, but not compelling to hide scopes (build tags x test). I think having go mod why not refer to scopes can be confusing or worse: go mod why is arguably not providing the functionality advertised (i.e. explaining why) if it doesn't also give scope information, at least for the main module. |
I would like to be able to look at One idea is for |
Tests dependencies should be visible, even for direct test dependencies. It's a valuable information. I'd like to choose a lib with as few dependency as possible to run but the most tests (and test dependencies if needed) as possible... |
That's probably a task better suited to |
I think the go tool would be better. But, in theory the problem of deciding whether or not a file has satisfiable build tags is NP-complete :) |
I'm curious: does |
Per my answer in #27900 (comment), I think it depends if you expect/want that answer to be irrespective of build constraints. |
Yes, this is pretty much exactly what I was after (I wasn't aware of the PS I'd be happier if the go command never looked at external test dependencies (they can be enormous and it's often impossible or uneconomic to run all tests in all third party modules), but that's another story. |
Story I'm not building any thing exotic, a basic web app with a database. This is my go.mod file:
As a general policy I wanted all my dependencies to be at version v1 or higher. So unfortunately wire stands out here. I though that wire was only for code generation purposes so I was confused as to why it was here. Ergo, i run Because during my research above I went on to to open my go.sum file. Even though I managed my dependencies carefully I somehow ended up with 200 lines of packages I don't directly seem to use. Some of them quite big:
So why are they there? At this point I start googling and find all kinds of commands in issues such as Want I want to know is which code ends up in the binary I ship. So I can also just look at the build and see which packages are included for that, so I run: Solution
Simply build your binary using Ideas
Hopefully this information is usefully and I know that there are probably complex underlying issues that I don't understand as i'm not very knowledgable about how it all works. But go modules is also a part of the tooling new comers will interact with from the get go (phun intentded), so it makes sense to put some effort in the usability aspects. Cheers, Ad |
That's what the
|
Thank you for your response. I think in general my feedback here is that, besides making sure that dependencies are present, the module system is also a means for engineers to understand a codebase. Especially in large projects, developers need to understand what parts are included when they open and start working on it. The module system acts as a BoM (bill of materials) in that sense, it acts as the blueprint of a piece of software. In my experience (having tough this practice) the current tooling is ill suited for this activity. I understand that somewhere between:
there is a way of answering these questions but as it is now this information and spread out and confusing. |
Is there something that prevent to put something like |
@flibustenet, not all dependencies of your module are listed in your module's So a comment in the |
Sometimes users of a lib will check Separating the binary deps and test deps into 2 separate categories (
|
I would like to add that in downstream Linux packaging, we would like to have an easy way to split tests dependencies from non-tests dependencies. It is important for us to be able to disable tests and tests deps to solve cyclic dependencies (since we build iteratively, not everything together, it happens often). |
This comment has been minimized.
This comment has been minimized.
Updates golang/go#36460 Updates golang/go#27900 Updates golang/go#26955 Updates golang/go#30831 Updates golang/go#32058 Updates golang/go#32380 Updates golang/go#32419 Updates golang/go#33370 Updates golang/go#33669 Updates golang/go#36369 Change-Id: I1d4644e3e8b4e688c2fc5a569312495e5072b7d7 Reviewed-on: https://go-review.googlesource.com/c/proposal/+/220080 Reviewed-by: Russ Cox <rsc@golang.org>
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Hello @nim-nim and @eclipseo, one quick comment is that if you haven't already read this, it is probably worth reading #29410 (comment) and some of the related discussion in #29410 around Go modules packaging approaches for Debian. Debian is distinct from Fedora, so that might not be useful, but maybe there is some overlap at least in terms of some of the challenges. There is also a short comment there from @qbit (who I think works on packaging for OpenBSD) at #29410 (comment). There is also an older discussion on OpenBSD packaging challenges with modules in #26852. Again, perhaps not useful, but wanted to at least mention it. I have followed some of the different issues you have submitted, but not all of them, so sorry if this is redundant or otherwise not helpful. |
I am laymen. |
hubris got the better of me and I created: https://github.com/komuw/ote which adds a |
It would be useful if there was a way to get an equivalent list with |
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "dependencies" which contains only the main module dependencies and compute it from the "vendor" scope by filtering out all non-main module dependencies determined by [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "dependencies" which contains only the main module dependencies and compute it from the "vendor" scope by filtering out all non-main module dependencies determined by [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "dependencies" which contains only the main module dependencies and compute it from the "vendor" scope by filtering out all non-main module dependencies determined by [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main modules only. Determine the main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main module only. Determine the main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main module only. Determine these main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main module only. Determine these main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main module only. Determine these main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main module only. Determine these main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main module only. Determine these main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main module only. Determine these main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
The produced "vendor" scope, which is the only scope contained in the result, contains all modules needed for building and testing the main module. Introduce the scope "main" containing the dependencies of the main module only. Determine these main module dependencies by utilizing [1], see also the discussion around [2]. [1] `go list -deps -f '{{with .Module}}{{.Path}} {{.Version}}{{end}}' ./...` [2] golang/go#26955 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
It's important to be able to see the full set of dependencies used by production code exclusive of tests, particularly with different major versions as distinct modules, as inadvertently using an import with a different major version can introduce bugs (also, some external dependencies can be toxic to have in production code).
The
go mod why
command provides a-vendor
flag to exclude tests; perhapsgo list
could provide a similar flag to exclude testing dependencies.In addition to the above, it is also useful to be able to be able to see modules used by local production code and tests, but not transitively by tests in external dependencies, as external dependencies are harder to change, and inadvertently forked modules are still an issue for tests too. I'm not sure of a good way to specify that, though.
The text was updated successfully, but these errors were encountered: