New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add script for restricting import of test only libraries #121735
Add script for restricting import of test only libraries #121735
Conversation
Hi @vlasebian. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test Probably, we can add it to kubernetes/hack/make-rules/verify.sh Lines 70 to 74 in 24e6b03
|
/cc @mikedanese |
test failed with
not sure if those are legitimate and need fixing or spurious and the verify script needs fixing |
Hi! Thank you for taking your time to check my PR. With the current version of the script I get the following results:
I checked the testing dependency in some of the packages to see if the results are incorrect:
Currently, the script is checking for the testing pacakge dependency for all the packages under ./cmd. Is the testing package from the golang standard library allowed? If yes, then the current method to detect the testing packages is not correct, the check has to be done in another way so "testing" should be allowed but something like "k8s.io/kubernetes/pkg/kubelet/container/testing" should not be allowed. |
The requirement is that the golang standard library
|
c6b041e
to
3df9013
Compare
Thank you for the clarification. I limited the search for the testing import only to the packages listed above. The .Deps field should contain all the dependencies of the specified package, it does a depth-first traversal. Currently, the packages containing the testing package as a dependency are the following:
So besides:
All the above have the testing dependency. To double check, I built kubectl and kube-apiserver, then checked the binaries:
For kube-apiserver it seems that the testing.init symbol is in the binary, I also tried with kube-proxy too and it's there:
|
it looks like two links to the stdlib testing package had crept into our binaries - fixed in #121913 if you want to rebase on that and see what your script reports, that would be good |
Sure, will do. |
@liggitt I cherry picked the commit from your pr to run the pull-kubernetes-verify job to check the script. I'll remove the cherry-picked commit afterwards. I tried it locally and no package is reported anymore as having a testing import. |
/test pull-kubernetes-verify |
/triage accepted |
/priority important-longterm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approval for component-base/metrics
@liggitt FWIW, the script doesn't report anything on this PR branch rebased on top of the latest master:
would it make sense to merge it? |
/lgtm thanks! |
LGTM label has been added. Git tree hash: 9e22e3ade2c04ae7984135fa630d6c267e6ff115
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dashpole, liggitt, vlasebian The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Presubmit check to restrict test only libraries from linking into prod binaries.
Which issue(s) this PR fixes:
Fixes #115175
Special notes for your reviewer:
I implemented a script following the advice in the issue, but I have a few questions to make sure I understood the problem:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: