Vendor dependencies #1144
Vendor dependencies #1144
Conversation
|
NB: I am having issues making the Travis CI run complete in time on my fork: The integration tests keep failing and must be retried until they pass. Once that happens, there's not enough time left to finish cross-compiling within the 50 minute timeout that Travis imposes. I'm not entirely sure whether this is a consequence of my PR or just flakiness, but I'm slightly leaning towards the latter. Feedback on this part is appreciated! |
|
Looks like it went green on the first try. :-) @emilevauge @errm @vdemeester: PTAL. |
|
Wow! Great job @timoreimann !
I don't think this respect some deps' licences sadly. I know this is annoying, and I'm not a lawyer, but I think we can't modify what in |
|
Disclaimer: I'm not a lawyer either. :-) Yes, that's indeed somewhat of a disputed topic. FWIW, the Google lawyers think it's okay, and govendor follows a similar approach by just holding on to *.go and licencing files by default. It'll be interesting to see what conclusions golang/dep#120 will eventually draw in this regard. That said, I realize that neither of the mentioned entities will defend you, me, or the Traefik project when in doubt. :-) Therefore, I'll push another commit to remove the contentious part. |
|
On this, WDYT @containous/traefik ? |
|
Travis CI fails right now due to the new Will need to investigate. |
timoreimann
force-pushed
the
vendor-dependencies
branch
from
52bc335
to
65676b0
Compare
|
For some reason, the build container behaves slightly differently than my host system: Running If I install the dependencies on my host machine (Mac) using glide, that last line is there in the file as can be seen on the committed file. I suspected different glide versions but they are equal (except for the varying architectures). I have been debugging this issue for a few hours now and start to run out of things to try next. If anyone has an idea, I'd be happy to hear. |
|
sounds like something to do with the version of hg(mercurial)? Is there a difference in the output of |
|
@errm good point: I have 3.9 on my host, the jessie-backed golang Docker image is on a fairly old 3.1. There's 3.9 available on jessie-backports. I'll try to upgrade to that one in the container. Thanks! |
|
Looks like it was the mercurial version: Validation runs to a successful completion. 🎉 Crossing fingers for the Travis CI run now... |
|
Build went green. 😀 I think we are ready for review again. (if / once this PR gets approval, please do not merge yourself; I'd like to squash commits first.) |
|
@emilevauge @vdemeester @errm any chance to get a review and ideally an LGTM? :-) |
|
From a outsider just looking around :). Is there any reason you need to add all the files, couldn't you just use something like submodule? |
|
@klausenbusk using git submodule is the same as not vendoring, and has shortcommings too
The thing with vendoring is : do we clean the mess or not — i.e. do we only keep packages we use, without the test files, and keeping LICENCE and other important files (and limit a lot what we store) ; or do we not clean and store waaayy too much file. I'm for the first (and there is a few project who do that). |
Oh yeh, you correct. I didn't through of that, for my small "hobby"-project (a few hundred lines) I just use submodules, but is has some shortcoming defiantly. |
|
@vdemeester since you're around anyway :) Any chance for a review of my PR? Thanks! |
|
I'm in 💯 on vendoring, but I'm really not a huge fan of So, from me it would be a LGTM with removing some file to keep only what's needed. But I'm a little biased on the subject (@containous/traefik maintainers knows my point of view 😅) so I'll let other maintainer give their opinion. |
|
I think I can answer those glide behavior questions:
|
timoreimann
force-pushed
the
vendor-dependencies
branch
8 times, most recently
from
a2ae03e
to
5ce0f31
Compare
|
Following my discussion with @emile, this PR is back to where it used to be in the beginning, with dependency pruning enabled. The overall Do we agree to move forward with vendoring as-is? @vdemeester? |
timoreimann
force-pushed
the
vendor-dependencies
branch
3 times, most recently
from
24fd82f
to
1618fd8
Compare
| @@ -1,5 +1,12 @@ | |||
| FROM golang:1.7 | |||
|
|
|||
| # Install a more recent version of mercurial to avoid mismatching results | |||
| # between glide run on a decently updated host system and the build container. | |||
There was a problem hiding this comment.
The golang builder is based on Debian jessie. 🙁
| @@ -1,15 +1,13 @@ | |||
| /dist | |||
| gen.go | |||
| /autogen/gen.go | |||
There was a problem hiding this comment.
I think we could now include generated files in git. This will allow to go get Traefik. WDYT? But that wan be done in another PR.
There was a problem hiding this comment.
I'd love to get rid of the extra generator step. I haven't worked a lot with generated code, however, so no idea if checking that in is a good practice or not.
(I know the Kubernetes folks are trying hard to undo committing generated code, but that might be because they are playing in a different league.)
Either way, discussing / considering in a separate issue / PR sounds good. 👍
|
@vdemeester with pruning now part of this PR, can I get your LGTM? :) |
timoreimann
force-pushed
the
vendor-dependencies
branch
from
1618fd8
to
dcde0ae
Compare
|
Ping @containous/traefik |
- Add helper script to simplify glide usage.
- Add validation script for unwanted changes to vendoring.
- Relax/tighten up .{git,docker}ignore to cover vendored files properly.
- .validate: Protect from unbound variable in case of nounset setting.
- Install more recent hg version in the build container.
- Remove glide installation steps from Dockerfile.
- Update documentation.
timoreimann
force-pushed
the
vendor-dependencies
branch
from
dcde0ae
to
5417f06
Compare
timoreimann
force-pushed
the
vendor-dependencies
branch
from
5417f06
to
55b57c7
Compare
This PR switches the way we handle dependencies by committing the vendor folders (main and integration) into the VCS.
Some noteworthy changes:
glide install [--strip-vendor]as-is results in more than 400 MB of dependency files. That's why we also--skip-tests and run glide-vc afterwards to trim down deps to 62 MB. (Note that I have decided to keep the licencing information in place for reasons described here.)glide listto determine the files which can be eliminated. What I found out though is that this even removes needed files. This might be a bug in glide; for now, I have resorted to using the glide.lock file as the basis for what can be trimmed (--use-glide-lockswitch on glide-vc).glide.shthat should be used whenever we need to work with dependencies (install/update/get/trim).I separated the vendor folder changes into dedicated commits so that the actual changes to the project infrastructure can be reviewed more easily (the first commit).
Fixes #1097.