-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 verify go modules are in sync with upstream k/k #2774
🌱 verify go modules are in sync with upstream k/k #2774
Conversation
Hi @alexandremahdhaoui. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
714596f
to
86ad2dc
Compare
Here is a list of currently out of sync dependencies: {
"outOfSyncModules": [
{
"name": "github.com/prometheus/client_golang",
"version": "v1.17.0",
"upstreamVersion": "v1.16.0"
},
{
"name": "github.com/prometheus/client_model",
"version": "v0.4.1-0.20230718164431-9a2bf3000d16",
"upstreamVersion": "v0.4.0"
},
{
"name": "golang.org/x/sys",
"version": "v0.19.0",
"upstreamVersion": "v0.18.0"
},
{
"name": "go.uber.org/zap",
"version": "v1.27.0",
"upstreamVersion": "v1.26.0"
},
{
"name": "sigs.k8s.io/yaml",
"version": "v1.4.0",
"upstreamVersion": "v1.3.0"
}
]
} |
/ok-to-test |
Looks like we can downgrade go.uber.org/zap, golang.org/x/sys, sigs.k8s.io/yaml I assume this is also what we would want to do to play it absolutely safe (consumers of CR can still bump to higher versions if they are sure). Not sure what is going on with the prometheus/client_* libs. go mod tidy automatically bumps them. I think that is also how I somehow downgraded to the wrong version after bringing them in sync with k/k on my last PR. Have to take a closer look. EDIT: Turns out I just also had to downgrade (cc @vincepri @alvaroaleman) |
PR to fix the current open findings: #2776 |
c2deb09
to
75371f3
Compare
The modules listed below are now flagged as out of sync: {
"outOfSyncModules": [
{
"name": "github.com/go-logr/logr",
"version": "v1.4.1",
"upstreams": [
{
"ref": "k8s.io/utils",
"version": "v1.2.0"
}
]
},
{
"name": "k8s.io/klog/v2",
"version": "v2.120.1",
"upstreams": [
{
"ref": "k8s.io/utils",
"version": "v2.80.1"
}
]
}
]
} |
Did I understand this correctly that we are now finding inconsistencies between our dependencies? E.g.
Given that we are using the same k8s.io/utils as k/k go.mod I don't think it's fixable for us to ensure all of these dependencies sync up. I think we have to restrict the dependencies we go through (e.g. focusing on that some "core/main" k/k modules are in sync with us, like k8s.io/client-go) We shouldn't become responsible to ensure that all k/k dependencies are using the same transitive dependencies |
@vincepri I think this is a consequence of now looking at the go mod graph instead of looking at the k/k go.mod file. WDYT? (I would suggest to just compare dependencies between CR and a few "main/core" go modules of k/k) |
Edit: NVM, we can just remove |
816be5e
to
846b2c1
Compare
NB: I was wondering if it can be considered okay if I create a personal repo to write an enhanced version of |
Definitely okay to do that, but we're very hesitant to add dependencies to personal repos. So we would continue to use our local version I think |
@alexandremahdhaoui I tried to use it on top of #2786 and I'm getting some strange results:
|
846b2c1
to
87a14b0
Compare
@sbueringer it looks like you cherry-picked an old commit of this branch. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good. Just a few smaller findings
This commit addresses issues were go modules aren't in sync with upstream k/k by adding these changes: - add `tools/cmd/gomodcheck/main.go` to: - Parse and compares k/k dependencies to controller-runtime's ones. - If any version diffs is found, returns a payload describing the diffs and exit 1. - The user may exclude packages by passing them as arguments. - extend the `verify-modules` make target with `gomodcheck`.
Co-authored-by: Stefan Büringer <4662360+sbueringer@users.noreply.github.com>
Signed-off-by: Alexandre Mahdhaoui <alexandre.mahdhaoui@gmail.com>
0ad4c4c
to
105349a
Compare
Signed-off-by: Alexandre Mahdhaoui <alexandre.mahdhaoui@gmail.com>
Very nice. Thank you! /lgtm |
LGTM label has been added. Git tree hash: 3881f0ce785eddfc99d0a4fd7e16a93444ea8bd9
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alexandremahdhaoui, sbueringer The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This PR should address the following issue #2769.
Changes
gomodcheck
:gomodcheck
to theverify-modules
make target.Fixes #2769