-
Notifications
You must be signed in to change notification settings - Fork 335
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[oauth2] Remove oauth2 go.mod and go.sum #802
Conversation
3fb63f8
to
7900c57
Compare
The main module contained a newer version of |
I did a bit of testing just to make sure that this change doesn't break existing apps. AFAICT, a normal In some cases, users may see an
The fix for this is to remove the indirect dependency line from go.mod, and the run
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, and i believe that we need add notes for this problem when release.
In some cases, users may see an ambiguous import error after upgrading.
@liangyuanpeng Thanks for the feedback, I have added some info to the README about the possible error. |
86600fc
to
e638f1b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This removes the module definition in the oauth2 subdirectory. Since the oauth2 module is not released independently of the main module, it can/should be treated as a normal module subdirectory. Signed-off-by: Paul Gier <paul.gier@datastax.com>
Signed-off-by: Paul Gier <paul.gier@datastax.com>
Signed-off-by: Paul Gier <paul.gier@datastax.com>
e638f1b
to
ce26507
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
IIRC streamnative/pulsar-ctl uses oauth2 only and provides an admin API. It will be affected due to this patch and it proves that there're existing packages depends on the isolated releases. cc @nodece |
And we may add some doc (README.md under oauth2?) to say this situation. |
Thanks for telling me, that changes should break the pulsarctl. I verified the pulsarctl, it works fine. |
@nodece thanks for your validation! Interesting. I ever thought of you can only add a dep in the top level of |
When using the
|
@nodece as long as the whole codebase is small and it isn't polluted in the linking stage, it's fine. Although, such usage may indicate that oauth2 deserves an isolated release lifecycle. You can trade off the choices. I tend to revert this patch and keep oauth2 a separate go module. Because we accept this patch due to "there wasn't any justification given (AFAICT) for creating a separate sub-module", now we have one. |
@tisonkun I tested the pulsar-ctl build, and this change has no immediate effect on it. Go modules are tied to specific checksums, so this change would only be noticeable during the next upgrade. The pulsar-ctl go.mod currently also has a Here are the steps to upgrade, if you want to test:
I don't think this justifies the need for a sub-module. Go is pretty efficient in terms of using only the code that it needs, so depending on the root module instead of the oauth2 module should not add any additional code/size to your binary. The oauth2 module has never actually had an isolated release lifecycle (separate release process and version), it's always just been released along with the main project. |
@pgier thanks for your explanation! I'll try to learn how go.mod works nowadays in details :) Actually, such an assumption prevents me reuse a package inner inside vitess and I'm happy to see there's no restriction. |
@pgier I read your comment now. And it seems my statement above holds:
Out of topic, still, I can hardly reuse a package inner inside vitess since the top level mod is a relative large codebase to pull. |
Motivation
When the oauth2 sub-directory was added in PR #313 there wasn't any justification given (AFAICT) for creating a separate sub-module instead of just treating the oauth2 sources as a normal directory. Since the oauth2 module does not have a separate release cycle, treating it as a sub-module just adds unnecessary complexity.
Modifications
Removed
go.mod
andgo.sum
from the oauth2 sub-directory. Updated the maingo.mod
andgo.sum
to included the necessary dependencies.