Update 2 dependencies #1253
Update 2 dependencies #1253
Conversation
mtrmac
requested review from
jonjohnsonjr,
stevvooe,
sudo-bmitch,
sajayantony,
tianon and
cyphar
as code owners
|
As we just discussed in the OCI weekly meeting, Go version updates always make me nervous, especially with how many people import One idea we discussed was perhaps moving these deps/constraints to a new (Doing that would resolve my concerns pretty well, since the |
…module Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This requires adding a $schema field to defs-descriptor.json, otherwise the "format": "uri" restriction was is ignored. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
For a preview, this is what splitting out a Note the process in https://go.dev/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository : the next release of this repository would have to add tags, and a new inter-module dependency. I couldn’t test all of that directly, that would remain a lingering disk for the next release. |
| # Ideally we would also want to test with 1.18 for the top-level go.mod, | ||
| # but that doesn't work with the newer schema subdirectory. |
| # current Go releases plus the version in the schema/go.mod are tested. | ||
| # Ideally we would also want to test with 1.18 for the top-level go.mod, | ||
| # but that doesn't work with the newer schema subdirectory. | ||
| go: ['1.21', 'oldstable', 'stable'] |
There was a problem hiding this comment.
Lets revert this back to the original values. The go.mod file used can be changed in the setup-go step. In the render and lint step, initialize the go.work file.
| @@ -90,6 +90,7 @@ $sig | |||
| - [ ] edit/update the pull-request to link to the VOTE thread, from <https://groups.google.com/a/opencontainers.org/forum/#!forum/dev> | |||
| - [ ] a week later, if the vote passes, merge the PR | |||
| - [ ] `git tag -s $version $versionBumpCommit` | |||
| - [ ] `git tag -s schema/$version $versionBumpCommit` | |||
There was a problem hiding this comment.
I don't think this is needed. The tag at the top level will apply to the whole repo. The only issue with that is the schema/go.mod needs to refer to the version of the image-spec. Tagging that spec sets a hash, that hash needs to be in the go.sum, and that file needs to be part of the tagged content, so there's a circular dependency. We might want to solve that by pinning to a preceding commit rather than the tagged release.
|
|
||
| require golang.org/x/text v0.14.0 // indirect | ||
|
|
||
| replace github.com/opencontainers/image-spec => ../ |
There was a problem hiding this comment.
Replace should only be used in development, and in this scenario, I think a go.work is a better solution. To implement:
cd ..
go work init
go work use .
go work use schema
There was a problem hiding this comment.
Note that the go.work file should not be checked into the repo, so it would be added to the .gitignore, and the beginning of the GHA jobs can recreate it.
github.com/santhosh-tekuri/jsonschema/v5is about 2 years old,github.com/russross/blackfridaymore than 4 years old. Keeping up will only get harder as the users stay behind.Note a possible downside: The
v6of the JSON schema parser importsgolang.org/x/textto support localized error messages, and that is +17570 of a dependency.Warning: I am not an expert in either of the packages, I was looking for the most similar new APIs. (I did manually verify that the markdown parsing produces the same code examples.)