Remove vendor dir in /test #1417
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dcantah
force-pushed
the
rm-testvendor
branch
2 times, most recently
from
9eb33d8
to
6a908ff
Compare
|
Need to rebase |
katiewasnothere
approved these changes
Jun 3, 2022
|
My gosh, needs ANOTHER rebase |
Given this slows down development both for us and external contributors as for most changes one would need to run `go mod vendor` in /test to bring in the latest local hcsshim changes, I think it's time we removed this. Pros: 1. Easier for automated tooling like dependabot, and more recently a Microsoft security bot, to make PRs that can just be checked in. All of these automated PRs tend to fail as the bot doesn't know it would need to run go mod vendor in /test as well for our repo. The approach today to check these in is typically someone manually checks out the branch dependabot (or whatever other bot) made, vendor to test, and then push a new commit to those automated PRs and then we can check them in. 2. Speeds up development flow as we don't need to go mod vendor in test before pushing almost every change. 3. Speeds up external contributions as well as there's no extra step to follow to make a change to most things in /internal anymore. We state that this needs to be done in our README, but it's probably a testament to how odd our setup is that it's missed here and there. Cons: 1. We lose the main selling point of vendoring for our test dependencies which is that if one of our dependencies is no longer accessible (deleted, renamed, whatever else) we don't have a local copy included in our repo. This will increase our dependence on the Go modules proxy server which seems like a fair tradeoff, and I think we're fine with this for test dependencies at least. I've removed the references to this extra step in the README as well as got rid of the CI step verifying that the vendor dir was up to date. I don't think we needed the mod=vendor env var either, as since go 1.14 if there's a top level vendor folder I believe the flag is transparently set for commands that accept it. Signed-off-by: Daniel Canter <dcanter@microsoft.com>
anmaxvl
approved these changes
Jun 3, 2022
kiashok
pushed a commit
to kiashok/hcsshim
that referenced
this pull request
Jul 11, 2022
Given this slows down development both for us and external contributors as for most changes one would need to run `go mod vendor` in /test to bring in the latest local hcsshim changes, I think it's time we removed this. Pros: 1. Easier for automated tooling like dependabot, and more recently a Microsoft security bot, to make PRs that can just be checked in. All of these automated PRs tend to fail as the bot doesn't know it would need to run go mod vendor in /test as well for our repo. The approach today to check these in is typically someone manually checks out the branch dependabot (or whatever other bot) made, vendor to test, and then push a new commit to those automated PRs and then we can check them in. 2. Speeds up development flow as we don't need to go mod vendor in test before pushing almost every change. 3. Speeds up external contributions as well as there's no extra step to follow to make a change to most things in /internal anymore. We state that this needs to be done in our README, but it's probably a testament to how odd our setup is that it's missed here and there. Cons: 1. We lose the main selling point of vendoring for our test dependencies which is that if one of our dependencies is no longer accessible (deleted, renamed, whatever else) we don't have a local copy included in our repo. This will increase our dependence on the Go modules proxy server which seems like a fair tradeoff, and I think we're fine with this for test dependencies at least. I've removed the references to this extra step in the README as well as got rid of the CI step verifying that the vendor dir was up to date. I don't think we needed the mod=vendor env var either, as since go 1.14 if there's a top level vendor folder I believe the flag is transparently set for commands that accept it. Signed-off-by: Daniel Canter <dcanter@microsoft.com>
helsaawy
added a commit
to helsaawy/hcsshim
that referenced
this pull request
Sep 8, 2023
Given this slows down development both for us and external contributors as for most changes one would need to run `go mod vendor` in /test to bring in the latest local hcsshim changes, I think it's time we removed this. Pros: 1. Easier for automated tooling like dependabot, and more recently a Microsoft security bot, to make PRs that can just be checked in. All of these automated PRs tend to fail as the bot doesn't know it would need to run go mod vendor in /test as well for our repo. The approach today to check these in is typically someone manually checks out the branch dependabot (or whatever other bot) made, vendor to test, and then push a new commit to those automated PRs and then we can check them in. 2. Speeds up development flow as we don't need to go mod vendor in test before pushing almost every change. 3. Speeds up external contributions as well as there's no extra step to follow to make a change to most things in /internal anymore. We state that this needs to be done in our README, but it's probably a testament to how odd our setup is that it's missed here and there. Cons: 1. We lose the main selling point of vendoring for our test dependencies which is that if one of our dependencies is no longer accessible (deleted, renamed, whatever else) we don't have a local copy included in our repo. This will increase our dependence on the Go modules proxy server which seems like a fair tradeoff, and I think we're fine with this for test dependencies at least. I've removed the references to this extra step in the README as well as got rid of the CI step verifying that the vendor dir was up to date. I don't think we needed the mod=vendor env var either, as since go 1.14 if there's a top level vendor folder I believe the flag is transparently set for commands that accept it. Signed-off-by: Daniel Canter <dcanter@microsoft.com> (cherry picked from commit 4e60239) Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
helsaawy
added a commit
that referenced
this pull request
Sep 8, 2023
Given this slows down development both for us and external contributors as for most changes one would need to run `go mod vendor` in /test to bring in the latest local hcsshim changes, I think it's time we removed this. Pros: 1. Easier for automated tooling like dependabot, and more recently a Microsoft security bot, to make PRs that can just be checked in. All of these automated PRs tend to fail as the bot doesn't know it would need to run go mod vendor in /test as well for our repo. The approach today to check these in is typically someone manually checks out the branch dependabot (or whatever other bot) made, vendor to test, and then push a new commit to those automated PRs and then we can check them in. 2. Speeds up development flow as we don't need to go mod vendor in test before pushing almost every change. 3. Speeds up external contributions as well as there's no extra step to follow to make a change to most things in /internal anymore. We state that this needs to be done in our README, but it's probably a testament to how odd our setup is that it's missed here and there. Cons: 1. We lose the main selling point of vendoring for our test dependencies which is that if one of our dependencies is no longer accessible (deleted, renamed, whatever else) we don't have a local copy included in our repo. This will increase our dependence on the Go modules proxy server which seems like a fair tradeoff, and I think we're fine with this for test dependencies at least. I've removed the references to this extra step in the README as well as got rid of the CI step verifying that the vendor dir was up to date. I don't think we needed the mod=vendor env var either, as since go 1.14 if there's a top level vendor folder I believe the flag is transparently set for commands that accept it. (cherry picked from commit 4e60239) Signed-off-by: Daniel Canter <dcanter@microsoft.com> Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Given this slows down development both for us and external contributors as for most changes one would need to run
go mod vendorin /test to bring in the latest local hcsshim changes, I think it's time we removed this.Pros:
Easier for automated tooling like dependabot, and more recently a Microsoft security bot, to make PRs that can just be checked in. All of these automated PRs tend to fail as the bot doesn't know it would need to run go mod vendor in /test as well for our repo. The approach today to check these in is typically someone manually checks out the branch dependabot (or whatever other bot) made, vendor to test, and then push a new commit to those automated PRs and then we can check them in.
Speeds up development flow as we don't need to go mod vendor in test before pushing almost every change.
Speeds up external contributions as well as there's no extra step to follow to make a change to most things in /internal anymore. We state that this needs to be done in our README, but it's probably a testament to how odd our setup is that it's missed here and there.
Cons:
I've removed the references to this extra step in the README as well as got rid of the CI step verifying that the vendor dir was up to date.