Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependencies: update opencontainers packages (rebased #87) #100

Merged
merged 1 commit into from
Nov 11, 2022
Merged

dependencies: update opencontainers packages (rebased #87) #100

merged 1 commit into from
Nov 11, 2022

Conversation

klihub
Copy link
Contributor

@klihub klihub commented Nov 11, 2022

The update runtime-tools contain
opencontainers/runtime-tools#755 and thus CDI will have less dependencies when only used to write files without validation.

Signed-off-by: Patrick Ohly patrick.ohly@intel.com

@klihub klihub mentioned this pull request Nov 11, 2022
Closed
@pohly @klihub
dependencies: update opencontainers packages
292bba6 
The update runtime-tools contain
opencontainers/runtime-tools#755 and thus CDI will have
less dependencies when only used to write files without validation.

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
@klihub klihub force-pushed the rebased/pohly/container-deps branch from b53abb0 to 292bba6 Compare November 11, 2022 14:33
elezar
elezar approved these changes Nov 11, 2022
View reviewed changes
Copy link
Contributor

@elezar elezar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor questions / comments, but not blockers.

go.mod
@@ -5,8 +5,8 @@ go 1.17
require (
github.com/fsnotify/fsnotify v1.5.1
github.com/opencontainers/runc v1.1.2
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
github.com/opencontainers/runtime-tools v0.0.0-20190417131837-cd1349b7c47e
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: I don't see v1.0.3 or v0.9.1 tags in these repos. Is this because these are pseudo versions that gomod bumps to the next patch release?

Copy link
Contributor Author

@klihub klihub Nov 11, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runtime tools has been going now for years untagged. We have to hand-pick/lock its version at or past the two commits that prevent the xeipuuv/jsonschema dependencies from always getting pulled in downstream. That sha1 is the tip of that tree. Same story for runtime-spec wrt. tagging. Last tagged one (1.0.2) is from January 2020. We don't need the absolute latest version, but we need newer than 1.0.2. Those pseudo-versions should result those sha1-exact versions being fetched.

go.sum Show resolved Hide resolved
bart0sh
bart0sh approved these changes Nov 11, 2022
View reviewed changes
Copy link
Contributor

@bart0sh bart0sh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@bart0sh bart0sh merged commit 845d598 into cncf-tags:main Nov 11, 2022
@klihub klihub deleted the rebased/pohly/container-deps branch November 11, 2022 19:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elezar elezar elezar approved these changes

@bart0sh bart0sh bart0sh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@klihub @elezar @bart0sh @pohly