Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/exp/cmd/gorelease: retraction diagnostic reported for dependency which doesn't exist #66892

Open
sbunce opened this issue Apr 18, 2024 · 1 comment
Open

x/exp/cmd/gorelease: retraction diagnostic reported for dependency which doesn't exist #66892

sbunce opened this issue Apr 18, 2024 · 1 comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@sbunce
Copy link

sbunce commented Apr 18, 2024

Go version

go 1.22.2

Output of go env in your module/workspace:

GO111MODULE='on'
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/seth.bunce/.cache/go-build'
GOENV='/home/seth.bunce/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/seth.bunce/go/pkg/mod'
GONOPROXY='github.robot.car'
GONOSUMDB='github.robot.car'
GOOS='linux'
GOPATH='/home/seth.bunce/go'
GOPRIVATE='github.robot.car'
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/home/seth.bunce/src/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/seth.bunce/src/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.2'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/home/seth.bunce/go/src/github.robot.car/cruise/rbe/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3617164854=/tmp/go-build -gno-record-gcc-switches'

What did you do?

I have run gorelease.

What did you see happen?

gorelease printed two diagnostics and returned exit code 1

# diagnostics
required module github.com/microcosm-cc/bluemonday@v1.0.23 retracted by module author: Retract older versions as only latest is to be depended upon
required module go.mongodb.org/mongo-driver@v1.11.0 retracted by module author: Retract v1.11.0 through v1.11.2 because they contain a data race bug in

What did you expect to see?

I do not expect to see the diagnostics, because I do not have those modules listed in my go.mod as either direct or indirect dependencies.

I was able to get gorelease working by introducing a dependency on the retracted modules (which otherwise won't be in my go.mod after running "go mod tidy").

import (
	_ "github.com/microcosm-cc/bluemonday"
	_ "go.mongodb.org/mongo-driver/version"
)

Once depending on these dependencies (which I don't otherwise need). I was able to "go get" to get non-retracted versions.

go get github.com/microcosm-cc/bluemonday@v1.0.26
go get go.mongodb.org/mongo-driver@v1.15.0

The end result is that I've added extra unneeded dependencies to my project to make it so gorelease won't fail. This is definitely not working as intended.
@gopherbot gopherbot added this to the Unreleased milestone Apr 18, 2024
@cherrymui
Copy link
Member

cc @golang/tools-team

@cherrymui cherrymui added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@sbunce @gopherbot @cherrymui