For the archeologists, underlying issue has been acknowledged https://github.com/golang/go/issues/67574; sadly, this forum kept schtumm.
On Monday, May 6, 2024 at 1:46:17 PM UTC+2 TheDiveO wrote: > As I cannot edit the title anymore: it's about upgrading to the last > version that can be used without toolchain change, which is not necessarily > the "latest" version of a dependency. > > On Monday, May 6, 2024 at 10:42:17 AM UTC+2 TheDiveO wrote: > >> FYI, go-mod-upgrade runs the following command under its hood: >> >> go list -u -mod=readonly -f '{{if (and (not (or .Main .Indirect)) >> .Update)}}{{.Path}}: {{.Version}} -> {{.Update.Version}}{{end}}' -m all >> >> On Monday, May 6, 2024 at 10:36:08 AM UTC+2 TheDiveO wrote: >> >>> Up front, I have to admit that I'm struggling with the newly introduced >>> download-your-go-toolchain-on-the-fly when it comes to: >>> >>> 1. having reproducible builds in a CI/CD pipeline without getting >>> downloaded a different toolchain as installed at the stage start, >>> 2. being a module maintained as opposed to being a "leaf" app >>> maintainer without downstream users, while maintaining the N,N-1 go >>> (minor) >>> version guarantee. >>> >>> Over the years, I've found https://github.com/oligot/go-mod-upgrade to >>> be very useful to me in maintaining my (intermediate) module dependencies. >>> Unfortunately, this tool now breaks down and the author of go-mod-upgrade >>> at this time considers the situation to be a go toolchain upstream problem ( >>> https://github.com/oligot/go-mod-upgrade/issues/52#issuecomment-2093537300 >>> ). >>> >>> What happens is when I'm on a go 1.21.x toolchain in order to ensure the >>> N,N-1 guarantee, a go-mod-upgrade on a module with a k8s.io/api >>> "crashes" with the following error, caused by the go command used from >>> go-mod-upgrade under its hood: >>> >>> >>> *Error running go command to discover modules: exit status 1 stderr=go: >>> loading module retractions for k8s.io/a...@v0.26.2 >>> <http://k8s.io/api@v0.26.2>: module k8s.io/a...@v0.30.0 >>> <http://k8s.io/api@v0.30.0> requires go >= 1.22.0 (running go 1.21.7; >>> GOTOOLCHAIN=local)* >>> >>> Is there a way in the go command to upgrade to the "latest" dependency >>> that doesn't trigger this error? Manually >>> <https://pkg.go.dev/k8s.io/api?tab=versions>, I can see that there is a >>> 0.29.4 available. Unfortunately, even a single dependency like this causes >>> go-mod-upgrade to fail completely, so it's back for me to maintaining each >>> and ever of my many deps individually ... which absolutely sucks from the >>> UX perspective as I'm sure you can follow along with. Remember, I simply >>> cannot switch toolchains on a whim, not least due to CI/CD policies. >>> >>> How to deal with this situation? Is there a way to use the go tool so >>> that it would return only upgrades without toolchain changes? How might the >>> go-mod-upgrade tool work around this situation? >>> >>> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/5032c3c3-74cc-4272-bd97-3d99c55bd4a7n%40googlegroups.com.