[jira] [Commented] (HTRACE-59) Add a way of locking go dependencies to a specific version

Fri, 09 Jan 2015 12:17:26 -0800 

    [ 
https://issues.apache.org/jira/browse/HTRACE-59?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14271812#comment-14271812
 ] 

Colin Patrick McCabe commented on HTRACE-59:
--------------------------------------------

So, I looked into this, and produced another patch that worked via godep.  This 
patch does the same thing as before, but using {{godep restore}} instead of 
{{dowloader.go}}.

I wasn't able to get "godep save" to work.  I think it's because our go code is 
under a subdirectory, rather than in the structure which godep expects.  I 
looked through a few godep issues, such as 
https://github.com/tools/godep/issues/63, but nothing seemed to help.  I even 
downloaded the fork of godep attached to 
https://github.com/tools/godep/pull/48.  That allowed "godep save" to succeed, 
but it produced an empty dependency list for some reason.  Eventually I 
manually created a {{Godeps.json}} file, and that seemed to work just fine with 
"godep restore".

My big concern about depending on godep here is that godep itself could change 
in incompatible ways, which would break our old apache releases.  I guess you 
could say I'm putting on my tinfoil hat, but it was only 3 months ago that 
godep removed the {{\-copy=false}} argument, an incompatible change to its 
command-line.  See https://github.com/tools/godep/commits/master .  So I think 
I'd still rather commit version #2 of the patch for now.  It's just a few lines 
of code, and if things change later, we can always revisit this.  In the 
meantime, we'll have a 100% repeatable build.

Maybe a year or two down the road, {{godep}} will be included in all the 
distros, and we can make it an external dependency without giving it too much 
thought.  Or there will be a good way for us to do {{godep save}}.  Until then, 
I don't think it's adding much value beyond {{downloader.go}}, and it 
introduces some risk.

> Add a way of locking go dependencies to a specific version
> ----------------------------------------------------------
>
>                 Key: HTRACE-59
>                 URL: https://issues.apache.org/jira/browse/HTRACE-59
>             Project: HTrace
>          Issue Type: Bug
>    Affects Versions: 3.1.0
>            Reporter: Colin Patrick McCabe
>            Assignee: Colin Patrick McCabe
>         Attachments: HTRACE-59.001.patch, HTRACE-59.002.patch, 
> HTRACE-59.003.patch
>
>
> We should add a way of locking our go dependencies to a specific version, so 
> that we can get 100% repeatable builds for a specific HTrace release.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to