-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
downgrade go-difflib and go-spew to tagged releases #5830
downgrade go-difflib and go-spew to tagged releases #5830
Conversation
Welcome @thaJeztah! |
Hi @thaJeztah. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/ok-to-test @koba1t yes please to the downgrade proposed by @thaJeztah - we should try to use as much of tagged releases as possible unless absolutely necessary (for things in our control!). If we do use untagged release, we should treat that as tech debt and try to close it by working with those repos that we are using (by trying to get them to tag things for us to use) |
These dependencies were updated to "master" in some modules we depend on, but have no code-changes since their last release. Unfortunately, this also causes a ripple effect, forcing all users of the containerd module to also update these dependencies to an unrelease / un-tagged version. Both these dependencies will unlikely do a new release in the near future, so exclude these versions so that we can downgrade to the current release. For additional details, see [this PR][1] and links mentioned in it. [1]: kubernetes-sigs/kustomize#5830 (comment) Signed-off-by: Sebastiaan van Stijn <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/assign |
For reviewers; make sure I did the changes correctly; I wasn't sure what the correct procedure was, so my steps were;
I assume CI should flag if I did it wrong, but just in case 😅 |
Looks like this problem was introduced at this commit in PR #5541. @liggitt was mentioned this dependency. Maybe I should have downgraded this at this time. |
HI @thaJeztah! Could you try to execute Lines 181 to 185 in 214aa2a
That syncs go module version for every |
Signed-off-by: Sebastiaan van Stijn <[email protected]>
commit d35edbf updated these dependencies to untagged versions. The diff in both dependencies show that there's no code changes, and it's unlikely for those modules to do new releases. Unfortunate, because of that change all projects depending on kubernetes or any of it's modules now had to upgrade to unreleased versions of these. This patch reverts those updates (but it may take some time before all other projects can be reverted). Signed-off-by: Sebastiaan van Stijn <[email protected]>
Ah, right, I see the problem, and that explains why that other PR chose to upgrade it even though it was not a dependency of protobuf. And digging deeper, it's indeed related to spf13/viper; there's two modules that depend on that;
cd hack
go mod graph | grep ' github.com/davecgh/[email protected]'
sigs.k8s.io/kustomize/cmd/gorepomod github.com/davecgh/[email protected]
sigs.k8s.io/kustomize/hack github.com/davecgh/[email protected]
github.com/spf13/[email protected] github.com/davecgh/[email protected]
cd ../cmd/gorepomod
go mod graph | grep ' github.com/davecgh/[email protected]'
sigs.k8s.io/kustomize/cmd/gorepomod github.com/davecgh/[email protected]
sigs.k8s.io/kustomize/hack github.com/davecgh/[email protected]
github.com/spf13/[email protected] github.com/davecgh/[email protected] So the actual commit introducing this seems to be ed2ca23 which brings us back to the PR introducing it there (spf13/viper#1574), and the merged, but not yet released fix; If all modules must be at the same version, I can add an |
b6ef55b
to
6bcbf9d
Compare
This PR has multiple commits, and the default merge method is: merge. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
golang.org/x/sys v0.23.0 // indirect | ||
golang.org/x/sys v0.28.0 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pushed an extra commit to do a workspace sync before the downgrade, because I got a diff that was unrelated to the downgrade
exclude ( | ||
// These dependencies were updated to "master" in spf13/viper, but have no | ||
// code-changes since the last release. While a fix was merged in viper, | ||
// it's not released yet, and it may take time before other (indirect) | ||
// dependencies also downgraded. | ||
// | ||
// Exclude these versions so that go modules picks their latest release | ||
// before that. For additional details, see; https://github.com/kubernetes-sigs/kustomize/pull/5830 | ||
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc | ||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a exclude
in this module
exclude ( | ||
// These dependencies were updated to "master" in spf13/viper, but have no | ||
// code-changes since the last release. While a fix was merged in viper, | ||
// it's not released yet, and it may take time before other (indirect) | ||
// dependencies also downgraded. | ||
// | ||
// Exclude these versions so that go modules picks their latest release | ||
// before that. For additional details, see; https://github.com/kubernetes-sigs/kustomize/pull/5830 | ||
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc | ||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And here (there other module depending on viper)
These dependencies were updated to "master" in some modules we depend on, but have no code-changes since their last release. Unfortunately, this also causes a ripple effect, forcing all users of the containerd module to also update these dependencies to an unrelease / un-tagged version. Both these dependencies will unlikely do a new release in the near future, so exclude these versions so that we can downgrade to the current release. For additional details, see [this PR][1] and links mentioned in it. [1]: kubernetes-sigs/kustomize#5830 (comment) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Thanks for taking care of this, I was waiting for a viper release but it makes sense to add |
#5832 shows what a viper bump would look like. I vote for getting this in first so we don’t have to wait for the release (see spf13/viper#1971). |
Thanks for looking @skitt - I saw you went down the same rabbit hole as I did 😂 🫶 (but I missed the viper <-> kustomize connection). Yeah, my main intent was to try and cut the cycle with "minimal" changes, knowing that k8s, containerd, moby have a very complex dependency tree; I opened a similar PR in containerd to do the same / with the same intent. |
/lgtm (note to observers, the only reason the |
I believe we should not use /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: koba1t, liggitt, thaJeztah The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Yeah, I usually would avoid |
These dependencies were updated to "master" in some modules we depend on, but have no code-changes since their last release. Unfortunately, this also causes a ripple effect, forcing all users of the containerd module to also update these dependencies to an unrelease / un-tagged version. Both these dependencies will unlikely do a new release in the near future, so exclude these versions so that we can downgrade to the current release. For additional details, see [this PR][1] and links mentioned in it. [1]: kubernetes-sigs/kustomize#5830 (comment) Signed-off-by: Sebastiaan van Stijn <[email protected]>
These dependencies were updated to "master" in some modules we depend on, but have no code-changes since their last release. Unfortunately, this also causes a ripple effect, forcing all users of the containerd module to also update these dependencies to an unrelease / un-tagged version. Both these dependencies will unlikely do a new release in the near future, so exclude these versions so that we can downgrade to the current release. For additional details, see [this PR][1] and links mentioned in it. [1]: kubernetes-sigs/kustomize#5830 (comment) Signed-off-by: Sebastiaan van Stijn <[email protected]>
These dependencies were updated to "master" in some modules we depend on, but have no code-changes since their last release. Unfortunately, this also causes a ripple effect, forcing all users of the containerd module to also update these dependencies to an unrelease / un-tagged version. Both these dependencies will unlikely do a new release in the near future, so exclude these versions so that we can downgrade to the current release. For additional details, see [this PR][1] and links mentioned in it. [1]: kubernetes-sigs/kustomize#5830 (comment) Signed-off-by: Sebastiaan van Stijn <[email protected]>
These dependencies were updated to "master" in some modules we depend on, but have no code-changes since their last release. Unfortunately, this also causes a ripple effect, forcing all users of the containerd module to also update these dependencies to an unrelease / un-tagged version. Both these dependencies will unlikely do a new release in the near future, so exclude these versions so that we can downgrade to the current release. For additional details, see [this PR][1] and links mentioned in it. [1]: kubernetes-sigs/kustomize#5830 (comment) Signed-off-by: Sebastiaan van Stijn <[email protected]>
These dependencies were updated to "master" in some modules we depend on, but have no code-changes since their last release. Unfortunately, this also causes a ripple effect, forcing all users of the containerd module to also update these dependencies to an unrelease / un-tagged version. Both these dependencies will unlikely do a new release in the near future, so exclude these versions so that we can downgrade to the current release. For additional details, see [this PR][1] and links mentioned in it. [1]: kubernetes-sigs/kustomize#5830 (comment) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Hi @thaJeztah @dims https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.6.0 |
@koba1t thank you! Done! kubernetes/kubernetes#129622 |
relates to:
commit d35edbf updated these dependencies to untagged versions. The diff in both dependencies show that there's no code changes, and it's unlikely for those modules to do new releases.
Unfortunate, because of that change all projects depending on kubernetes or any of it's modules now had to upgrade to unreleased versions of these.
This patch reverts those updates (but it may take some time before all other projects can be reverted).