Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: GOPROXY and dependency issues #1155

Merged
merged 2 commits into from
Sep 24, 2019
Merged

fix: GOPROXY and dependency issues #1155

merged 2 commits into from
Sep 24, 2019

Conversation

tpounds
Copy link
Contributor

@tpounds tpounds commented Sep 24, 2019

Updates Makefile to use official GOPROXY (proxy.golang.org) to detects issues in which third party module proxies differ in checksum behavior for broken/invalid packages. In this case the proxy.golang.org less permissive than gocenter.io.

The issue can easily be reproduced with the following commands:

Works:

$ go clean -modcache
$ GOPROXY=gocenter.io go get code.gitea.io/gitea@v1.10.0-dev.0.20190711052757-a0820e09fbf7

Broken:

$ go clean -modcache
$ GOPROXY=proxy.golang.org go get code.gitea.io/gitea@v1.10.0-dev.0.20190711052757-a0820e09fbf7

@tpounds
Use official GOPROXY (proxy.golang.org).
227ae65 
Detects issues in which third party module proxies
may differ in checksum behavior for broken/invalid
packages.

e.g.

$ go clean -modcache
$ GOPROXY=gocenter.io go get code.gitea.io/gitea@v1.10.0-dev.0.20190711052757-a0820e09fbf7

vs.

$ go clean -modcache
$ GOPROXY=proxy.golang.org go get code.gitea.io/gitea@v1.10.0-dev.0.20190711052757-a0820e09fbf7
@tpounds
Pin go-macaron/cors to fix invalid pseudo-version.
d627974
@tpounds
Copy link
Contributor Author

tpounds commented Sep 24, 2019

Mirrors a similar pr made to godownloader.

see: goreleaser/godownloader#135

@tpounds
Copy link
Contributor Author

tpounds commented Sep 24, 2019

@caarlos0 This partially reverts the removal of the go-macaron/cors replace directive made in #1152. Unfortunately, this wasn't caught due to differences in the way proxy.golang.org and gocenter.io due version validation.

@codecov-io
Copy link

Codecov Report

Merging #1155 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1155   +/-   ##
=======================================
  Coverage   82.71%   82.71%           
=======================================
  Files          58       58           
  Lines        3257     3257           
=======================================
  Hits         2694     2694           
  Misses        481      481           
  Partials       82       82

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update eb1a122...d627974. Read the comment docs.

@caarlos0 caarlos0 changed the title Fix GOPROXY and dependency issues fix: GOPROXY and dependency issues Sep 24, 2019
@caarlos0 caarlos0 merged commit 571569e into goreleaser:master Sep 24, 2019
@caarlos0
Copy link
Member

thanks :)

@tpounds tpounds deleted the fix-GOPROXY branch September 24, 2019 18:32
@tpounds tpounds mentioned this pull request Sep 24, 2019
Closed
@ankushchadha
Copy link

ankushchadha commented Sep 25, 2019
edited
Loading

@tpounds GoCenter does validation before a go module version is served to the users. As part of the validation, a go get operation is executed. For module versions where a go get failed, those are not served by GoCenter and the status is reflected in the UI.

When this module was included in GoCenter, there was no Go 1.13 and a go get operation works with Go 1.12 for github.com/go-macaron/cors v0.0.0-20190309005821-6fd6a9bfe14e9.

Since we honor immutability and availability requirement, GoCenter will continue to serve this module version. There might be bugs in Go 1.12 but atleast that was the actual behavior in Go 1.12 which is what we honor.

@tpounds
Copy link
Contributor Author

tpounds commented Sep 25, 2019

@ankushchadha Thanks for the info! I didn't investigate too deeply but figured it had to do with slight differences between how Go 1.12 and 1.13 handled modules. Unfortunately, this change is somewhat necessary since lots of folks will be transparently migrating to the default proxy when they upgrade to Go 1.13.

@kamilsk
Copy link
Contributor

kamilsk commented Sep 27, 2019
edited
Loading

default is

$ go env GOPROXY
https://proxy.golang.org,direct

and sometimes https://proxy.golang.org is unavailable

@kamilsk kamilsk mentioned this pull request Sep 27, 2019
Merged
@github-actions
Copy link
Contributor

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tpounds @codecov-io @caarlos0 @ankushchadha @kamilsk