FYI, go-mod-upgrade runs the following command under its hood: go list -u -mod=readonly -f '{{if (and (not (or .Main .Indirect)) .Update)}}{{.Path}}: {{.Version}} -> {{.Update.Version}}{{end}}' -m all
On Monday, May 6, 2024 at 10:36:08 AM UTC+2 TheDiveO wrote: > Up front, I have to admit that I'm struggling with the newly introduced > download-your-go-toolchain-on-the-fly when it comes to: > > 1. having reproducible builds in a CI/CD pipeline without getting > downloaded a different toolchain as installed at the stage start, > 2. being a module maintained as opposed to being a "leaf" app > maintainer without downstream users, while maintaining the N,N-1 go > (minor) > version guarantee. > > Over the years, I've found https://github.com/oligot/go-mod-upgrade to be > very useful to me in maintaining my (intermediate) module dependencies. > Unfortunately, this tool now breaks down and the author of go-mod-upgrade > at this time considers the situation to be a go toolchain upstream problem ( > https://github.com/oligot/go-mod-upgrade/issues/52#issuecomment-2093537300 > ). > > What happens is when I'm on a go 1.21.x toolchain in order to ensure the > N,N-1 guarantee, a go-mod-upgrade on a module with a k8s.io/api > "crashes" with the following error, caused by the go command used from > go-mod-upgrade under its hood: > > > *Error running go command to discover modules: exit status 1 stderr=go: > loading module retractions for k8s.io/a...@v0.26.2 > <http://k8s.io/api@v0.26.2>: module k8s.io/a...@v0.30.0 > <http://k8s.io/api@v0.30.0> requires go >= 1.22.0 (running go 1.21.7; > GOTOOLCHAIN=local)* > > Is there a way in the go command to upgrade to the "latest" dependency > that doesn't trigger this error? Manually > <https://pkg.go.dev/k8s.io/api?tab=versions>, I can see that there is a > 0.29.4 available. Unfortunately, even a single dependency like this causes > go-mod-upgrade to fail completely, so it's back for me to maintaining each > and ever of my many deps individually ... which absolutely sucks from the > UX perspective as I'm sure you can follow along with. Remember, I simply > cannot switch toolchains on a whim, not least due to CI/CD policies. > > How to deal with this situation? Is there a way to use the go tool so that > it would return only upgrades without toolchain changes? How might the > go-mod-upgrade tool work around this situation? > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/35dcd7f7-ef73-41d8-9f04-b36aa04fc94en%40googlegroups.com.