Skip to content

Simplify project tool dependencies into seperate go module#461

Merged
gardener-prow[bot] merged 6 commits intomasterfrom
tools/separate-go-module
Mar 10, 2026
Merged

Simplify project tool dependencies into seperate go module#461
gardener-prow[bot] merged 6 commits intomasterfrom
tools/separate-go-module

Conversation

@nickytd
Copy link
Collaborator

@nickytd nickytd commented Mar 10, 2026
edited by hyperspace-insights bot
Loading

How to categorize this PR?
/kind technical-debt
/area logging

What this PR does / why we need it:
This PR separates build/development tool dependencies into a dedicated Go module at tools/go.mod, decoupling them from the main project module (go.mod). Previously, tools like golangci-lint, gci, gotestsum, kind, addlicense, and gosec were tracked as tool directives and indirect dependencies in the main go.mod, polluting it with hundreds of linter and toolchain-only packages. The new tools/go.mod is a standalone module (github.com/gardener/logging/v1/tools) that exclusively manages these tool dependencies. The Makefile is updated to use go tool -modfile=$(TOOLS_MODFILE) for all tool invocations, hack/ scripts are updated accordingly, and the hack/tools.mk file is removed. The tools/ directory is now included in the Docker build context and tracked in git, while .gitignore and .dockerignore rules are cleaned up. Additionally, sort.Strings is replaced with the modern slices.Sort in pkg/client/otlp_log_record_builder.go, and a revive package-naming lint suppression comment is added to pkg/log/logger.go.

Code changes:

  • tools/go.mod (new): Introduces a separate Go module for build tools (golangci-lint, gci, gotestsum, kind, addlicense, gosec), removing these from the main module.
  • go.mod: Removes all tool tool directives and their associated transitive dependencies (~100+ indirect entries), significantly slimming the main module.
  • Makefile: Adds TOOLS_MODFILE variable pointing to tools/go.mod; updates all go tool invocations to use -modfile=$(TOOLS_MODFILE); adds cd $(TOOLS_DIR) && go mod tidy to the tidy target; removes include hack/tools.mk and the $(GOSEC) dependency from sast/sast-report targets.
  • hack/tools.mk: Deleted (superseded by tools/go.mod).
  • hack/add-license-header.sh and hack/sast.sh: Updated to reference tools/go.mod via -modfile.
  • .dockerignore: Added !tools/ to include tools module in Docker build context.
  • .gitignore: Cleaned up and reorganized; removed tools/ from the ignore list.
  • pkg/client/otlp_log_record_builder.go: Replaced sort.Strings with slices.Sort.
  • pkg/log/logger.go: Added // nolint:revive comment to suppress package-naming lint warning.

Additional context:
This change requires go 1.26.1 (which supports go tool -modfile) and ensures that tool dependency churn no longer affects the main module's go.sum or dependency graph. The tools/go.sum is committed alongside tools/go.mod.

Which issue(s) this PR fixes:
N/A

Special notes for your reviewer:
The tools/go.sum file is large but should be reviewed to confirm it only contains tool-related dependencies. Any CI pipeline invoking go tool commands will need access to the tools/ directory at build time.

Release note:

Build tooling dependencies (golangci-lint, gci, gotestsum, kind, addlicense, gosec) have been moved to a separate Go module at `tools/go.mod`, decoupling them from the main project module and reducing noise in `go.mod`/`go.sum`.
  • 🔄 Regenerate and Update Summary

📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!

PR Bot Information

Version: 1.17.99 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

  • Correlation ID: 0642ead0-1c56-11f1-9579-3c66935d40a9
  • Event Trigger: issue_comment.edited

nickytd added 6 commits March 10, 2026 08:29
@nickytd
fix: use slices package and suppress revive package-naming lint
38d569b 
- Replace sort.Strings with slices.Sort in otlp_log_record_builder.go
- Add nolint directive for intentional `log` package name
@nickytd
build: add separate tools Go module at tools/go.mod
409e1b9 
Move tool dependencies out of the main module into a dedicated
tools/go.mod module (github.com/gardener/logging/v1/tools).

Includes all previous tool directives plus gosec, which was
previously installed ad-hoc via go install in tools.mk.
@nickytd
build: wire Makefile and hack scripts to tools/go.mod
89c9107 
- Replace `include hack/tools.mk` with inline TOOLS_MODFILE variable
- Remove GOSEC install target; gosec is now a go tool directive
- Update all `go tool <cmd>` calls to `go tool -modfile=$(TOOLS_MODFILE) <cmd>`
- Run `cd tools && go mod tidy` in the tidy target
- Update add-license-header.sh and sast.sh to use go tool -modfile
- Delete hack/tools.mk (no longer needed)
@nickytd
chore: track tools/go.mod and tools/go.sum in git
045ec9c 
Change /tools ignore pattern to /tools/* so tool binaries remain
ignored, but add negation rules to explicitly track go.mod and go.sum.
@nickytd
chore: include tools/go.mod and tools/go.sum in Docker build context
f17a919 
The .dockerignore uses an allowlist; add the tools module files so
`cd tools && go mod tidy` succeeds inside the Docker builder stage.
@nickytd
chore: simplify tools ignore rules in .gitignore and .dockerignore
776ca89 
The tools/ directory only ever contains go.mod and go.sum — tool
binaries are installed at runtime into GOBIN. Remove the complex
allowlist patterns and simply track the whole tools/ directory.
@gardener-prow gardener-prow bot added do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. kind/technical-debt Something that is only solved on the surface, but requires more (re)work to be done properly area/logging Logging related and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Mar 10, 2026
@nickytd
Copy link
Collaborator Author

nickytd commented Mar 10, 2026

/approve

@gardener-prow gardener-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 10, 2026
@nickytd
Copy link
Collaborator Author

nickytd commented Mar 10, 2026

/lgtm

@gardener-prow
Copy link

gardener-prow bot commented Mar 10, 2026

@nickytd: you cannot LGTM your own PR.

Details

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Bobi-Wan
Bobi-Wan approved these changes Mar 10, 2026
View reviewed changes
Copy link

@Bobi-Wan Bobi-Wan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@gardener-prow gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 10, 2026
@gardener-prow
Copy link

gardener-prow bot commented Mar 10, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Bobi-Wan, nickytd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow
Copy link

gardener-prow bot commented Mar 10, 2026

LGTM label has been added.

DetailsGit tree hash: 4065f9eb9bafbd3f7a8677dc69eeb112d837694b

@gardener-prow gardener-prow bot merged commit 57bb7c4 into master Mar 10, 2026
43 checks passed
@gardener-prow gardener-prow bot deleted the tools/separate-go-module branch March 10, 2026 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Bobi-Wan Bobi-Wan Bobi-Wan approved these changes

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/logging Logging related cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/technical-debt Something that is only solved on the surface, but requires more (re)work to be done properly lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nickytd @Bobi-Wan