For the archeologists, underlying issue has been acknowledged
https://github.com/golang/go/issues/67574; sadly, this forum kept schtumm.
On Monday, May 6, 2024 at 1:46:17 PM UTC+2 TheDiveO wrote:
> As I cannot edit the title anymore: it's about upgrading to the last
> version that can be used without toolchain change, which is not necessarily
> the "latest" version of a dependency.
>
> On Monday, May 6, 2024 at 10:42:17 AM UTC+2 TheDiveO wrote:
>
>> FYI, go-mod-upgrade runs the following command under its hood:
>>
>> go list -u -mod=readonly -f '{{if (and (not (or .Main .Indirect))
>> .Update)}}{{.Path}}: {{.Version}} -> {{.Update.Version}}{{end}}' -m all
>>
>> On Monday, May 6, 2024 at 10:36:08 AM UTC+2 TheDiveO wrote:
>>
>>> Up front, I have to admit that I'm struggling with the newly introduced
>>> download-your-go-toolchain-on-the-fly when it comes to:
>>>
>>> 1. having reproducible builds in a CI/CD pipeline without getting
>>> downloaded a different toolchain as installed at the stage start,
>>> 2. being a module maintained as opposed to being a "leaf" app
>>> maintainer without downstream users, while maintaining the N,N-1 go
>>> (minor)
>>> version guarantee.
>>>
>>> Over the years, I've found https://github.com/oligot/go-mod-upgrade to
>>> be very useful to me in maintaining my (intermediate) module dependencies.
>>> Unfortunately, this tool now breaks down and the author of go-mod-upgrade
>>> at this time considers the situation to be a go toolchain upstream problem (
>>> https://github.com/oligot/go-mod-upgrade/issues/52#issuecomment-2093537300
>>> ).
>>>
>>> What happens is when I'm on a go 1.21.x toolchain in order to ensure the
>>> N,N-1 guarantee, a go-mod-upgrade on a module with a k8s.io/api
>>> "crashes" with the following error, caused by the go command used from
>>> go-mod-upgrade under its hood:
>>>
>>>
>>> *Error running go command to discover modules: exit status 1 stderr=go:
>>> loading module retractions for k8s.io/a...@v0.26.2
>>> <http://k8s.io/api@v0.26.2>: module k8s.io/a...@v0.30.0
>>> <http://k8s.io/api@v0.30.0> requires go >= 1.22.0 (running go 1.21.7;
>>> GOTOOLCHAIN=local)*
>>>
>>> Is there a way in the go command to upgrade to the "latest" dependency
>>> that doesn't trigger this error? Manually
>>> <https://pkg.go.dev/k8s.io/api?tab=versions>, I can see that there is a
>>> 0.29.4 available. Unfortunately, even a single dependency like this causes
>>> go-mod-upgrade to fail completely, so it's back for me to maintaining each
>>> and ever of my many deps individually ... which absolutely sucks from the
>>> UX perspective as I'm sure you can follow along with. Remember, I simply
>>> cannot switch toolchains on a whim, not least due to CI/CD policies.
>>>
>>> How to deal with this situation? Is there a way to use the go tool so
>>> that it would return only upgrades without toolchain changes? How might the
>>> go-mod-upgrade tool work around this situation?
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/5032c3c3-74cc-4272-bd97-3d99c55bd4a7n%40googlegroups.com.
