Introduce the dependency vendoring tool: dep.
#551
Conversation
mandrigin
force-pushed
the
igorm/investigate-vendoring-tool-223-dep-geth173
branch
from
107480d
to
211bece
Compare
|
Split changes into 2 commits to simplify reviewing:
|
|
Have you created a |
|
@adambabik I did it in |
mandrigin
force-pushed
the
igorm/investigate-vendoring-tool-223-dep-geth173
branch
2 times, most recently
from
04ee720
to
5813f1a
Compare
|
rebased to the current |
|
Double-checked difference between |
mandrigin
force-pushed
the
igorm/investigate-vendoring-tool-223-dep-geth173
branch
2 times, most recently
from
823ee75
to
887468d
Compare
|
@divan @adambabik I created |
|
Hmm, is it by design, to lint |
mandrigin
changed the title
dep.dep.
|
Resolved |
|
|
@adambabik, hmm, all the tests pass on my machine, both e2e and unit. Is that possible if it doesn’t compile? |
|
Cache maybe in Travis? Have you checked that on Travis and your local machine there are the same files? |
mandrigin
force-pushed
the
igorm/investigate-vendoring-tool-223-dep-geth173
branch
2 times, most recently
from
76fe80b
to
d8c66d3
Compare
|
@adambabik so it was an incompatibility of 2 libraries |
mandrigin
force-pushed
the
igorm/investigate-vendoring-tool-223-dep-geth173
branch
from
d8c66d3
to
5e93a5a
Compare
|
@adambabik all the checks are green now. |
|
@mandrigin awesome! Btw. these packages are used in |
|
@mandrigin are these constraints https://github.com/status-im/go-ethereum/blob/develop/vendor/vendor.json included in any |
|
Yes, in the lock file. |
|
@divan @adambabik I added a short doc[1] on how to use |
|
@mandrigin please do a push to status-go repository, it will run tests on public network they are failing currently (#565) and it would be nice to see if this PR will affect them in any way |
|
@dshulyak done! https://travis-ci.org/status-im/status-go/builds/332265950 should have a test on a public network. |
|
thanks, looks like it doesn't, test hangs the same way :) |
|
@mandrigin can you please post instruction how I can test it from scratch? Can I just delete |
There was a problem hiding this comment.
works well, i have couple of questions/suggestions
- I am seeing this warning, shouldn't we use override for transitive deps?
However, these projects are not direct dependencies of the current project:
they are not imported in any .go files, nor are they in the 'required' list in
Gopkg.toml. Dep only applies [[constraint]] rules to direct dependencies, so
these rules will have no effect.
Either import/require packages from these projects so that they become direct
dependencies, or convert each [[constraint]] to an [[override]] to enforce rules
on these projects, if they happen to be transitive dependencies,
- Usually it is good practice to strip tests from vendor directory. Can we add
find vendor -name '*_test.go' -deleteuntil it is not support by dep ensure?
DEPENDENCIES.md
Outdated
| to be in-sync there. We want to reduce the regression scope. | ||
| Hence, we pin down all the dependencies of `go-ethereum` with SHAs in `Gopkg.toml` when | ||
| importing a new version of upstream. (This is considered a bad practice for | ||
| `dep` but we are willing |
There was a problem hiding this comment.
something is missing here)
There was a problem hiding this comment.
fixed in the latest push
| 2. Commit changes. | ||
|
|
||
|
|
||
| ## Updating a dependency |
There was a problem hiding this comment.
i think it worth noting how to install dependencies from scratch, e.g dep ensure
There was a problem hiding this comment.
Do we ever get a repo state when you need to install all deps from scratch? (aka with empty vendor)?
There was a problem hiding this comment.
fixed in the latest push
Gopkg.toml
Outdated
| @@ -0,0 +1,109 @@ | |||
| [[constraint]] # Required to be compatible with `btcd` | |||
There was a problem hiding this comment.
i would like to separate our deps and go-ethereum, what do you think about it?
There was a problem hiding this comment.
I tried it, it doesn't seem to worth it.
-
If we have SHAs in the lock file (as we should) it isn't propagated to the main dependency. That makes the versions we use in
status-goslightly different from whatgo-ethereumis using. That is exactly what we want to avoid. -
If we have SHAs as constraints in
go-ethereum/Gopkg.lock(via manual labour), we will have dependency resolution issues if a dependency is used both instatus-goandgo-ethereum(otto, for instance).
So the most stable method I found is to keep all the dependencies in Gopkg.toml of status-go.
There was a problem hiding this comment.
i meant just to put our own deps on top of the file, then go-ethereum and then all of the go-ethereum deps. but maybe thats not worth it
There was a problem hiding this comment.
Ah, no, that is a good idea, I'll do that.
One thing to note is that we won't have much of our dependencies in the toml file anyways.
The idea of this toml/lock split that the toml file contains only constrained dependencies. If we don't care about the version, we don't add this dep in there. So basically we will have:
btcutils(constrained becausebtcd)go-ethereum(constrained because a custom source and a custom branch)gethdependencies.
dep ensures that SHAs are in the lock file and the components aren't updated until you specifically ask for it.
There was a problem hiding this comment.
fixed in the latest push
|
Also our vendor became 112M with tests, 86M without tests. And before that it was 32M. Do you know what might be the reason for such big change? |
|
@dshulyak that's because |
How to reproduce that? Is it with clean |
|
@mandrigin at first i removed vendor and saw this warning, but after initial sync i can reproduce it as well i suspect it might be related to dep version, i installed it in the morning) |
mandrigin
force-pushed
the
igorm/investigate-vendoring-tool-223-dep-geth173
branch
2 times, most recently
from
fcf5ef7
to
fe46ebb
Compare
|
@dshulyak this warning... I can't reproduce it locally 😢 |
|
@mandrigin I just discovered that the code required for pruning unused packages and test files was merged and will be a part of next release. but in the documentation, we are recommending to use dep tool straight from GitHub, so maybe it makes sense to rely on those features and make our vendor folder smaller from the beginning. what do you think? |
|
Even if we can only remove tests it will reduce the size of vendor by ~30M |
|
@dshulyak I think it might make sense have a follow-up issue when the |
|
regarding the warning, the result was identical anyway, so I assume we can figure out its meaning later |
mandrigin
force-pushed
the
igorm/investigate-vendoring-tool-223-dep-geth173
branch
2 times, most recently
from
cbae543
to
4f748ce
Compare
Use commits from `go-ethereum@release/1.7` for most of the dependencies.
mandrigin
force-pushed
the
igorm/investigate-vendoring-tool-223-dep-geth173
branch
from
4f748ce
to
9c50dbd
Compare
|
@mandrigin please rebase, i fixed mistake that blocked CI #572 |
|
good news, you don't have to :) restart of the job helped |
Use commits from
go-ethereum@release/1.7for most of the dependencies.TODO
status-im/go-ethereumstatus-im/go-ethereumas a source inGopkg.tomlcreate an issue to use(no need to sincedep prunewhen it is readyprunewill be a part ofensure)make test-e2ewhen it is availableCloses #223