Migrate from glide to dep for dependency management #1670
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Nice list. Are we picking up this llrb lib somewhere and we have missed it? |
As I understand it, it is coming from this: |
carolynvs
force-pushed
the
dep-migration
branch
from
ee725cb
to
a8e4bc7
Compare
|
Okay, I've pushed changes that vendor the code generators (the first item from my TODO list). There was one dependency that I was unable to keep at the same revision as before: |
carolynvs
force-pushed
the
dep-migration
branch
from
a8e4bc7
to
bf04ef1
Compare
|
Rebased with the recent bump to k8s 1.9.1. I have a couple open questions in the OP that need to be answered before working on this further. |
|
Not sure I understand enough about how go dependencies work to be able to answer questions. Maybe we can go through some of the questions in the next meeting? |
Sure! |
|
Per our sig meeting today, I will update this PR to add a build task, verifying that if someone uses dep to vendor service catalog's generated client, that it builds. This will help us know when we need to add extra constraints to the manifest without blindly pinning. |
carolynvs
force-pushed
the
dep-migration
branch
5 times, most recently
from
e558d6a
to
b49e7f2
Compare
|
@duglin Is there a way to ignore a directory when running |
|
@carolynvs not right now but I can add a flag to specify a set of dirs to ignore. Let me try to find some time tonight... |
|
@duglin Thanks! ❤️ |
|
@carolynvs try adding "-s WORD" to the href checker cmd line and it should skip any file with WORD in its path. |
carolynvs
force-pushed
the
dep-migration
branch
from
ee397ae
to
c2a3760
Compare
|
@duglin That worked perfectly, thank you! |
carolynvs
changed the title
Makefile
Outdated
| DEP_TAG=$$(git describe --abbrev=0 --tags) && \ | ||
| git checkout $$DEP_TAG && \ | ||
| go install -ldflags="-X main.version=$$DEP_TAG" ./cmd/dep; \ | ||
| git checkout master # Make go get happy by switching back to master |
There was a problem hiding this comment.
Can we dep do the dep stuff in docker? fyi @duglin
There was a problem hiding this comment.
This needs to be removed (get-dep and check-dep) aren't used, because I baked dep into the docker image.
I originally had them there to help someone developing without docker, but because the Makefile redefines the GOPATH, it doesn't work anyway.
| @@ -111,6 +105,7 @@ else | |||
| scBuildImageTarget = .scBuildImage | |||
| endif | |||
|
|
|||
| # Even though we migrated to dep, it doesn't replace the `glide nv` command | |||
| NON_VENDOR_DIRS = $(shell $(DOCKER_CMD) glide nv) | |||
There was a problem hiding this comment.
I think some go tooling by default knows not to look at the vendor directory. Need to look at what this was used for.
There was a problem hiding this comment.
If you run go test ./... using 1.9+, it won't run the tests in vendor. I believe all go tools (not just test but say vet and fmt) are also well behaved.
There was a problem hiding this comment.
Okay. The only place we use this output is as input to go vet. We can investigate this later.
| $(if $(realpath vendor/k8s.io/apimachinery/vendor), \ | ||
| $(error the vendor directory exists in the apimachinery \ | ||
| vendored source and must be flattened. \ | ||
| run 'glide i -v')) |
There was a problem hiding this comment.
dep automatically flattens (i.e. removes nested vendor directories) so we don't need to defend against a forgotten flag anymore.
| vendor/github.com/petar/GoLLRB/doc/* | ||
| contrib/examples/consumer/Gopkg.lock | ||
| contrib/examples/consumer | ||
| contrib/examples/vendor/* |
There was a problem hiding this comment.
besides gollrb, are these to just avoid dealing with contrib? dep automagically finds them or something?
There was a problem hiding this comment.
contrib/examples/consumer is something that I added to test a downstream consumer using dep to vendor the Service Catalog client library. make test-dep runs dep to vendor our generated clientset, and ensures that the app can compile. I added those ignore lines so that after running that target, a bunch of generated test files don't show up when someone runs git status. 😀
That test-dep target helps us sanity check that the constraints in our Gopkg.toml aren't missing anything with respect to downstream consumers. Otherwise, we wouldn't find out for example that we need to be pinning to a particular revision, or avoiding a bug with a semver range until someone reported it to us.
When we use dep internally when working on service catalog, dep takes into account our Gopkg.lock where all of the dependencies are locked to an exact revision. When someone vendors us using dep, only Gopkg.toml is used. That's why I was asking a bunch of questions in the sig meeting on Monday about why in our glide.yaml so many projects were pinned to an exact revision. I wanted to figure out how much we had to manually manage in the Gopkg.toml and what we could "get away with" letting dep deal with in the Gopkg.lock file.
* Resolve conflict for code.cloudfoundry.org/lager code.cloudfoundry.org/lager is required to be at 0bfa98e by github.com/pivotal-cf/brokerapi https://github.com/pivotal-cf/brokerapi/blob/35946a0079bda144d0c9ed68df36899451f90209/Gopkg.toml#L26 * Require code generators and build tools I had to change the constraint for repo-infra from a pinned revision to latest on master. I was running into dependency hell otherwise. Can revisit if necessary.
* Ignoring large doc files in GoLLRB
* Add test-dep target Validates that a downstream consumer of our client library can use dep * Add verify-vendor target Validates that what is in vendor/ is in sync with Gopkg.lock * Install dep in the docker build image
We cannot completely remove glide because we are using `glide nv`. If we had a requirement of Go 1.9+ maybe that could be dropped, since the go tools in that version don't include vendor anymore with `./...`, but until then it needs to stay.
They don't work because GOPATH is redefined in the Makefile So people will just have to rely on the docker, or install dep themselves.
carolynvs
force-pushed
the
dep-migration
branch
from
bb93bd3
to
6be0903
Compare
|
I've rebased to address a merge conflict in the Makefile. Not sure why the travis build is stuck in the queue but hopefully it will hurry up and start soon. 😀 |
|
I would bet dollars to donus on cri-o being the culprit, but I think kube-incubator as an org is getting full. Seemed to have failed on a |
|
LGTM |
There was a problem hiding this comment.
I think it's been plenty of time for everyone to weigh in on this PR, and I've seen lots of support for this move for a bit now. I am LGTMing this and merging.
Thanks for doing this @carolynvs 👍
|
Adding an |
|
whoopsy again. |
|
also yay \o/ |
|
Woooo! Hopefully everything doesn't light on fire after this. 😇 |
Closes #1665.
This migrates from glide to dep for dependency management. All locked revisions stayed the same except:
k8s.io/repo-infrawas updated to the latest on master. I was running into dependency hell otherwise.All glide commands have been updated to use dep, except for
glide nv(which lists packages in the project, excluding vendor) which doesn't have an analog in dep because it's nicely supported in Go 1.9+ now via./...I have added make targets:
verify-vendor: Run during theverifytarget. Ensures that the vendor/ directory is in sync with the contents of Gopkg.lock.test-dep: Run during thetesttarget. Checks that when a downstream consumer of our generated client library uses dep to vendor Service Catalog, that the information contained in our Gopkg.toml is sufficient for them to compile.NOTE: A big release of dep just landed today (v0.4.0) but this is using (v0.3.2). I recommend starting there and then upgrading after the dust has settled.
Tasks:
requiredentries with a path to a main package to force dep to do what we want.dep prune, etc).dep prune(which very soon will be built into ensure and the manifest configuration). Answer: can't use prune yet because of our hack for dep cannot vendor dependencies that do not have Go source code golang/dep#1306 (first bullet above). It's removing files we use for dev tools, that aren't imported. Will make sure we consider this scenario for that issue