⚠️ Proposal to rename go.mozilla.org/sops/v3 to github.com/getsops/sops/v3 without major version bump

[hiddeco]

With the project changing home from the Mozilla Foundation to the CNCF, it is necessary to update the Go module path to reflect this change. This proposal suggests renaming the Go module from go.mozilla.org/sops/v3 to github.com/getsops/sops/v3 while maintaining the current major version.

Motivation

• Alignment with new stewardship: As the project transitions from the Mozilla Foundation to being a CNCF Sandbox project, it is important to reflect this change in the module's naming and ownership. Updating the module path to github.com/getsops/sops/v3 ensures that it accurately represents the current stewardship.
• Avoiding a major version bump: By preserving the existing major version, we can minimize the impact on the consumers of the module. A major version change often implies breaking changes and requires (more) significant adjustments from the users. Renaming the module without bumping the major version allows for a smoother transition.
• "Ripping off the bandage": The current (upcoming) changes are already causing disruption and difficulties for users. By renaming the module and addressing related updates simultaneously, we aim to minimize additional pain and provide a clear path forward.

Impact

To end-users (users of the sops binary), the impact should be minimal and/or non-existent.

SDK users

Transitioning to the new Go module name, github.com/getsops/sops/v3, involves a few steps for dependents of the module, who want to upgrade from <= v3.7.3 to a newer version (>= v3.8.0).

1. Update Go module dependency: In your project's go.mod file, update the path for the module go.mozilla.org/sops/v3 to the new module path github.com/getsops/sops/v3.
2. Update import statements: In your project's Go files, update the import statements related to the module. Replace occurrences of import "go.mozilla.org/sops/v3" with import "github.com/getsops/sops/v3".

Feedback

We highly value your feedback! If you have any thoughts and concerns around the proposed rename, please share them. Any comments will be carefully considered as we move forward.

---

@devstein @onedr0p @sabre1041

[felixfontein]

As a contributor, it feels confusing that I need to look at something called go.mozilla.org/sops/v3 when the project and repository do not seem to have any connection to Mozilla (anymore). So IMO the rename is a good thing.

Also for existing contributors this isn't much work (and we have to update the branch anyway), but honestly when I updated my checkout of the repo yesterday it felt confusing to be working in ~/go/src/go.mozilla.org/sops/v3/ while knowing that the connection to Mozilla isn't there anymore.

[hiddeco]

It's also worth noting that this type of name change happens across the board as we do not have e.g. push access to the Mozilla container image repositories, and this change would thus align with all the disruptions already caused in this area.

[devstein]

I agree that this renaming change is inevitable and this is likely the best time to do it.

What if we create a migration script for users? It should be relatively straightforward to use sed (for linux users) to replace go.mozilla.org/sops/v3 references with github.com/getsops/sops/v3.. Along the lines of

#!/bin/bash

# the root directory of the repository, assumed to be the current directory
repo_dir="."

# find all go files in the repository and the go.mod file
files=$(find $repo_dir -type f -name "*.go" -o -name "go.mod")

# the URL to be replaced
old_url="go.mozilla.org\/sops\/v3"

# the new URL
new_url="github.com\/getsops\/sops\/v3"

# loop over each file
for file in $files
do
    # replace old URL with new URL in-place
    sed -i "s/$old_url/$new_url/g" $file
done

echo "Migration complete"

[onedr0p]

@devstein that's a good idea, or at least point to this issue where we've mentioned it since we don't have a docs site yet.

For a one-liner...

find /path/to/repo -type f \( -name "*.go" -o -name "go.mod" \) -exec sed -i 's|go.mozilla.org/sops/v3|github.com/getsops/sops/v3|g' {} \;
# or on mac:
find /path/to/repo -type f \( -name "*.go" -o -name "go.mod" \) -exec sed -i '' 's|go.mozilla.org/sops/v3|github.com/getsops/sops/v3|g' {} \;

[hiddeco]

One-liner does not actually appear to work for import statements, but does for go.mod.

[onedr0p]

Updated my comment above so it is working @hiddeco