New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose go.sum for use by packaging systems. #1279
Comments
This is a little beyond the initial design of the proxy, but builder functionality that can "bundle" a dependency list would be especially helpful for these types of build systems. Basically, a 'GET' request endpoint for a specific module/version (w/ the hash for verification) and the server does a download of that module, validates it, unzips it, then runs a Build systems would then need to call that endpoint, unpack the bundle into a directory, set that directory as |
"local Athens proxy" here means the uncompressed files that |
I'm using "local" in reference to the On the user's machine, |
Just so I know we are on the same page, from my perspective:
I assume this means the server running Athens? If so, I agree - no need to do the build there, however, if you mean there is no good reason for us to build on our build servers, I can go into more detail on the numerous (quite good) reasons why it’s done this way. |
Yes, I mean the Athens server wouldn't be building binaries since it doesn't know (or care) the target architecture. Build servers/user install/etc would be able to fetch all the needed source code with a single GET call, since it cannot use the go tool during that phase to do package selection. |
Packaging frameworks like OpenBSD's follow a fairly strict workflow (FreeBSD and pkgsrc are have similar systems) :
Currently with athens I am very close to being able to package Go applications under the above constraints. I am able to:
GOPROXY=file://
or extracting the zip files intovendor
.The last remaining issue is getting a complete list of dependencies. If the
go.sum
file is exposed, I would be able to get a complete list of modules for a given application.Alternatively, I could download the
go.mod
file and query/download the modules for each dependency, however, this is duplicating a lot of the work already gone by the Go tooling.This was previously discussed here, which is how I found out about athens in the first place! :D
The text was updated successfully, but these errors were encountered: