FYI, go-mod-upgrade runs the following command under its hood:
go list -u -mod=readonly -f '{{if (and (not (or .Main .Indirect))
.Update)}}{{.Path}}: {{.Version}} -> {{.Update.Version}}{{end}}' -m all
On Monday, May 6, 2024 at 10:36:08 AM UTC+2 TheDiveO wrote:
> Up front, I have to admit that I'm struggling with the newly introduced
> download-your-go-toolchain-on-the-fly when it comes to:
>
> 1. having reproducible builds in a CI/CD pipeline without getting
> downloaded a different toolchain as installed at the stage start,
> 2. being a module maintained as opposed to being a "leaf" app
> maintainer without downstream users, while maintaining the N,N-1 go
> (minor)
> version guarantee.
>
> Over the years, I've found https://github.com/oligot/go-mod-upgrade to be
> very useful to me in maintaining my (intermediate) module dependencies.
> Unfortunately, this tool now breaks down and the author of go-mod-upgrade
> at this time considers the situation to be a go toolchain upstream problem (
> https://github.com/oligot/go-mod-upgrade/issues/52#issuecomment-2093537300
> ).
>
> What happens is when I'm on a go 1.21.x toolchain in order to ensure the
> N,N-1 guarantee, a go-mod-upgrade on a module with a k8s.io/api
> "crashes" with the following error, caused by the go command used from
> go-mod-upgrade under its hood:
>
>
> *Error running go command to discover modules: exit status 1 stderr=go:
> loading module retractions for k8s.io/a...@v0.26.2
> <http://k8s.io/api@v0.26.2>: module k8s.io/a...@v0.30.0
> <http://k8s.io/api@v0.30.0> requires go >= 1.22.0 (running go 1.21.7;
> GOTOOLCHAIN=local)*
>
> Is there a way in the go command to upgrade to the "latest" dependency
> that doesn't trigger this error? Manually
> <https://pkg.go.dev/k8s.io/api?tab=versions>, I can see that there is a
> 0.29.4 available. Unfortunately, even a single dependency like this causes
> go-mod-upgrade to fail completely, so it's back for me to maintaining each
> and ever of my many deps individually ... which absolutely sucks from the
> UX perspective as I'm sure you can follow along with. Remember, I simply
> cannot switch toolchains on a whim, not least due to CI/CD policies.
>
> How to deal with this situation? Is there a way to use the go tool so that
> it would return only upgrades without toolchain changes? How might the
> go-mod-upgrade tool work around this situation?
>
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/35dcd7f7-ef73-41d8-9f04-b36aa04fc94en%40googlegroups.com.
