You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 9, 2020. It is now read-only.
There is a nasty problem with Github Enterprise where, if the portal is redirected to a login style page, it is not possible to use dep ensure to keep any dependencies in check.
I would like to be able to do the following work-around:
Manually create directories under vendor/ which are git submodules pointing to arbitrary git repositories. This allows whatever crazy hoops git needs to jump through to get the code in place completely transparent to dep ensure.
Specify unused-packages=false and other options for the appropriate prune in Gopkg.toml to make sure dep doesn't try to remove the git submodule directories I manually added to vendor
Specify the appropriate project roots in Gopkg.toml in noverify so that dep isn't required to pass any checks.
What version of dep are you using (dep version)?
$ dep version
dep:
version : v0.5.0
build date : 2018-07-26
git hash : 224a564
go version : go1.10.3
go compiler : gc
platform : darwin/amd64
features : ImportDuringSolve=false
What dep command did you run?
dep ensure -vendor-only
What did you expect to see?
Warnings that indicate unable to read metadata: go-import metadata not found on the configured components, but as long as all affected paths are accounted in noverify, then dep ensure should complete with only printing warnings.
What did you see instead?
unable to read metadata: go-import metadata not found
and dep does not complete
The text was updated successfully, but these errors were encountered:
Another corner case: we have a dependency that removed the ref that we were using. I was hoping that noverify might allow us to still use this ref but that didn't work.
GHE recently added support for responding to go get-style metadata requests - you might have better luck if you can update your instance.
Unfortunately, manual creation of directories under vendor is just never gonna be something dep can support. You're effectively asking for noverify to cause dep to treat the contents of vendor as canonical for the purposes of analyzing imports. That turns vendor into both a source of truth, and a target that we populate - an ouroboros. We just can't do that and maintain our basic guarantees.
The most that noverify can do is preserve what's in vendor.
@bhiggins that case is actually one that we designed for early on, but it fell by the wayside. It's possible it could be picked back up, but i'm not sure when 😢
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There is a nasty problem with Github Enterprise where, if the portal is redirected to a login style page, it is not possible to use
dep ensure
to keep any dependencies in check.See:
I would like to be able to do the following work-around:
vendor/
which are git submodules pointing to arbitrary git repositories. This allows whatever crazy hoopsgit
needs to jump through to get the code in place completely transparent todep ensure
.unused-packages=false
and other options for the appropriateprune
inGopkg.toml
to make suredep
doesn't try to remove the git submodule directories I manually added tovendor
Gopkg.toml
innoverify
so thatdep
isn't required to pass any checks.What version of
dep
are you using (dep version
)?What
dep
command did you run?What did you expect to see?
Warnings that indicate
unable to read metadata: go-import metadata not found
on the configured components, but as long as all affected paths are accounted innoverify
, thendep ensure
should complete with only printing warnings.What did you see instead?
and dep does not complete
The text was updated successfully, but these errors were encountered: