As I cannot edit the title anymore: it's about upgrading to the last
version that can be used without toolchain change, which is not necessarily
the "latest" version of a dependency.
On Monday, May 6, 2024 at 10:42:17 AM UTC+2 TheDiveO wrote:
> FYI, go-mod-upgrade runs the following command under its hood:
>
> go list -u -mod=readonly -f '{{if (and (not (or .Main .Indirect))
> .Update)}}{{.Path}}: {{.Version}} -> {{.Update.Version}}{{end}}' -m all
>
> On Monday, May 6, 2024 at 10:36:08 AM UTC+2 TheDiveO wrote:
>
>> Up front, I have to admit that I'm struggling with the newly introduced
>> download-your-go-toolchain-on-the-fly when it comes to:
>>
>> 1. having reproducible builds in a CI/CD pipeline without getting
>> downloaded a different toolchain as installed at the stage start,
>> 2. being a module maintained as opposed to being a "leaf" app
>> maintainer without downstream users, while maintaining the N,N-1 go
>> (minor)
>> version guarantee.
>>
>> Over the years, I've found https://github.com/oligot/go-mod-upgrade to
>> be very useful to me in maintaining my (intermediate) module dependencies.
>> Unfortunately, this tool now breaks down and the author of go-mod-upgrade
>> at this time considers the situation to be a go toolchain upstream problem (
>> https://github.com/oligot/go-mod-upgrade/issues/52#issuecomment-2093537300
>> ).
>>
>> What happens is when I'm on a go 1.21.x toolchain in order to ensure the
>> N,N-1 guarantee, a go-mod-upgrade on a module with a k8s.io/api
>> "crashes" with the following error, caused by the go command used from
>> go-mod-upgrade under its hood:
>>
>>
>> *Error running go command to discover modules: exit status 1 stderr=go:
>> loading module retractions for k8s.io/a...@v0.26.2
>> <http://k8s.io/api@v0.26.2>: module k8s.io/a...@v0.30.0
>> <http://k8s.io/api@v0.30.0> requires go >= 1.22.0 (running go 1.21.7;
>> GOTOOLCHAIN=local)*
>>
>> Is there a way in the go command to upgrade to the "latest" dependency
>> that doesn't trigger this error? Manually
>> <https://pkg.go.dev/k8s.io/api?tab=versions>, I can see that there is a
>> 0.29.4 available. Unfortunately, even a single dependency like this causes
>> go-mod-upgrade to fail completely, so it's back for me to maintaining each
>> and ever of my many deps individually ... which absolutely sucks from the
>> UX perspective as I'm sure you can follow along with. Remember, I simply
>> cannot switch toolchains on a whim, not least due to CI/CD policies.
>>
>> How to deal with this situation? Is there a way to use the go tool so
>> that it would return only upgrades without toolchain changes? How might the
>> go-mod-upgrade tool work around this situation?
>>
>>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/07810048-2b9d-47f2-8694-5cc741e09884n%40googlegroups.com.
