chore: remove vendor modules from benchmark #1463
Conversation
k8s-ci-robot
added
area/dependency
|
Hi @kushthedude. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
cncf-cla: yes
|
/assign @wojtek-t |
|
Sorry, but we do we need the vendor dir? It's obsolete and redundant with the new We should also remove the vendor dir from clusterloader2 and other places (e.g. benchmarks) |
@mm4tt - That's not obvious to me - we have vendor/ in k/k repo and we don't have travis there at all. |
I don't know what are the reasons for k/k repo. I'd guess it has something to do with the complicated build system we have for kubernetes. e.g. doing the magic for the /staging dir requires all files to be on disk. But I know that the only reason for k/perf-tests to keep the vendor dir was the travis presubmit. Given that we don't have the travis presubmit anymore, we're free to remove it. And we should do it, as it'll get rid of the redundancy and make some operations easier, e.g. updating the dependencies will be a few line, easy-to-review change instead of a change with 1k+ modified files. |
I guess I disagree with it. Yes - the PRs are smaller, but it also makes introducing some backdoors (e.g. security vulnerabilities) super easy, because noone will be reviewing this code any more... |
I think it's quite the opposite. Consider bumping some k8s dep to the next minor, e.g. to Then the go mod change will be as above, a one liner. It's impossible to introduce any backdoors there as to do that someone would have to hack the k8s repo and place them there. On the other hand, with vendor dir, it'll be hundreds of files, and it's super easy to smuggle something there - no one really reviews the thousand of lines "update vendor" changes. The other argument is that having both vendor and go.mod file creates a huge redundancy in the system. It's easy to imagine a situation where someone updates one, but forget about the other. It can lead to some very hard to debug bugs. Unless we don't have a strong reason to have both go.mod and vendor dir (and we don't) we shouldn't keep both. |
We have tens of random dependencies, which I have no reason to believe into by default.
I'm actually on the opposite - until we fully understand why there are both in k/k, let's not remove. |
Where do we have "tens of random dependencies"? We have 16 deps in the clusterloader2's go.mod, I don't see a single random one. perf-tests/clusterloader2/go.mod Line 54 in 7db196a
I already explained one of the reasons. K/k is not a good example of typical go project when it comes to dependency management, we do a lot of things in our own quirky ways there. It doesn't make sense to look at it as an example. |
One example of reason is not a good explanation - the fact that one reason doesn't work for us, doesn't mean that other reasons will not work. That said:
That seems like a much stronger reason to me. Conceptually perf-tests repo is quite similar to test-infra so that looks like a good argument to me. |
|
Should I amend the PR to move away from vendor modules?
…On Mon, 14 Sep, 2020, 18:09 Wojciech Tyczynski, ***@***.***> wrote:
I already explained one of the reasons. K/k is not a good example of
typical go project when it comes to dependency management, we do a lot of
things in our own quirky ways there. It doesn't make sense to look at it as
an example.
One example of reason is not a good explanation - the fact that one reason
doesn't work for us, doesn't mean that other reasons will not work.
That said:
Looking at the more typical repo, k/test-infra, the vendor dir has been
removed there over a year ago - kubernetes/test-infra#14036
<kubernetes/test-infra#14036>
That seems like a much stronger reason to me. Conceptually perf-tests repo
is quite similar to test-infra so that looks like a good argument to me.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1463 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKQMTLVDOEEHSINSZ3UMJHLSFYFJ7ANCNFSM4RHNKZGA>
.
|
Yes :) |
kushthedude
changed the title
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
/retest |
|
It's a huge change. Let's do them separately - cl2 & benchmark. It'll be a bit easier. |
I agree, removing the commits related to cl2 |
kushthedude
changed the title
|
@mm4tt I don't guess the test failure is due to the changes are done in the PR, it is unable to fetch a dependency from bitbucket 😕 |
|
Yeah, this is being addressed in #1482 as we speak. |
|
/retest |
|
The PR seems to be touching both cl2 and benchmark files. Please fix |
|
Please also update the PR description |
BUILD files are removed from cl2 because they were listed in .gitignore. If the following files are to be committed then should the gitignore be amended? |
Please don't mix them. It's fine to remove those but in a separate PR. |
|
Got it, amending the PR
…On Tue, 22 Sep, 2020, 11:17 Wojciech Tyczynski, ***@***.***> wrote:
BUILD files are removed from cl2 because they were listed in .gitignore.
If the following files are to be committed then should the gitignore be
amended?
Please don't mix them. It's fine to remove those but in a separate PR.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1463 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKQMTLR6QYERCDEMJ5DSB7DSHA3APANCNFSM4RHNKZGA>
.
|
kushthedude
force-pushed
the
vendor
branch
2 times, most recently
from
00ca8bd to
6fae693
Compare
|
Fixed! |
Signed-off-by: Kush Trivedi <kushthedude@gmail.com>
|
/lgtm Thanks! |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kushthedude, mm4tt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Signed-off-by: Kush Trivedi kushthedude@gmail.com
What type of PR is this?
/area dependency
What this PR does / why we need it:
Which issue(s) this PR fixes:
Refers #1099
Does this PR introduce a user-facing change?: