Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Download Protocol's @latest Endpoint #243

Closed
marwan-at-work opened this issue Jul 11, 2018 · 3 comments

Comments

@marwan-at-work
Copy link
Contributor

commented Jul 11, 2018

The Download Protocol mentions this endpoint GET baseURL/module/@t/yyyymmddhhmmss to retrieve a non-tagged package's latest RevInfo (more here https://research.swtch.com/vgo-module)

From vgo's source code, this seem to have changed to GET baseURL/module/@latest https://github.com/golang/vgo/blob/master/vendor/cmd/go/internal/modfetch/proxy.go#L107

Athens needs to add this URL and get the latest RevInfo for a package from the ultimate source of truth (github, gitlab etc) -- This is because asking for the "latest" is always asking for the package's latest commit, regardless of what we have cached.

This is how I think of implementing it:

  1. Naively split the module paths by /, and validate the first el is github.com
  2. Ask the GitHub API what the default branch is through /repos/:owner/:repo
  3. Ask the Github API what the latest commit it /repos/:owner/:repo/commits/:default_branch

Appreciate any feedback :)

@michalpristas

This comment has been minimized.

Copy link
Member

commented Jul 11, 2018

can we respond with 404 and let vgo handle these? we won't cache them anyway as they are not nicely versioned packages and latest does not support reproducible builds in any way

@marwan-at-work

This comment has been minimized.

Copy link
Contributor Author

commented Jul 11, 2018

@michalpristas As of today, Vgo will fail if we return 404. From a slack conversations, we have two options:

  1. Have vgo ignore the GOPROXY for non-tagged modules.

Benefit: Makes Athens only work with tagged modules which makes it cleaner, easier to reason about, and encourages the community to tag their stuff.

Drawback: vgo will need to be updated for this option to work, and significantly change the Download Protocol from its original proposal.

  1. If vgo requires the proxies to be non-tag aware, then we can't return 404 and would have to fully implement @latest and all the other endpoints must work with timestamps/shas.
@arschles

This comment has been minimized.

Copy link
Member

commented Jul 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.