Errors will happen when upgrading the libraries #25105
Comments
|
@smarterclayton @marun Could you help me review this issue? Thx :p |
I'm working on transitioning to maintaining hyperkube in openshift/kubernetes, and switching origin to go mod won't be a priority until that's complete. There is an alternative, though, to support go mod versioning with glide. I've already had to do it with structured-merge-diff: Are these dep bumps required, and if so, is that for hyperkube or for e2e tests? |
KateGo520
changed the title
|
@marun Thank you very much for your reply. I can understand your development schedule. |
KateGo520
changed the title
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
(The purpose of this report is to alert
openshift/originto the possible problems whenopenshift/origintry to upgrade the following dependencies)An error will happen when upgrading library prometheus/client_golang:
github.com/prometheus/client_golang
-Latest Version: v1.6.0 (Latest commit 6edbbd9 on 28 Apr)
-Where did you use it:
https://github.com/openshift/origin/search?q=prometheus%2Fclient_golang&unscoped_q=prometheus%2Fclient_golang
-Detail:
This problem was introduced since prometheus/client_golang v1.2.0 . If you try to upgrade prometheus/client_golang to version v1.2.0 and above, you will get an error--- no package exists at "github.com/cespare/xxhash/v2"
I investigated the libraries' (prometheus/client_golang >= v1.2.0) release information and found the root cause of this issue is that----
These dependencies all added Go modules in the recent versions.
They all comply with the specification of "Releasing Modules for v2 or higher" available in the Modules documentation. Quoting the specification:
physical path. So earlier versions of Go (including those that don't have minimal module awareness) plus all tooling (like dep, glide, govendor, etc) don't haveminimal module awarenessas of now and therefore don't handle import paths correctly See golang/dep#1962, golang/dep#2139.Solution
1. Migrate to Go Modules.
Go Modules is the general trend of ecosystem, if you want a better upgrade package experience, migrating to Go Modules is a good choice.
Migrate to modules will be accompanied by the introduction of virtual paths(It was discussed above).
Then the downstream projects might be negatively affected in their building if they are module-unaware (Go versions older than 1.9.7 and 1.10.3; Or use third-party dependency management tools, such as: Dep, glide, govendor…).
[*] You can see who will be affected here: [17 module-unaware users, i.e., lima1909/kube-kubernetes-deploy, lixwlixw/drone-test, zhanglianx111/c2o]
https://github.com/search?q=openshift%2Forigin+filename%3Avendor.conf+filename%3Avendor.json+filename%3Aglide.toml+filename%3AGodep.toml+filename%3AGodep.json&type=Code
2. Maintaining v2+ libraries that use Go Modules in Vendor directories.
If
openshift/originwant to keep using the dependency manage tools (like dep, glide, govendor, etc), and still want to upgrade the dependencies, can choose this fix strategy.Manually download the dependencies into the vendor directory and do compatibility dispose(materialize the virtual path or delete the virtual part of the path). Avoid fetching the dependencies by virtual import paths. This may add some maintenance overhead compared to using modules.
There are 22 module users downstream, such as diegodsac/istio-operator, dmage/doppel, ulikl/oapi-exporter…)
https://github.com/search?q=openshift%2Forigin+filename%3Ago.mod&type=Code
As the import paths have different meanings between the projects adopting module repos and the non-module repos, materialize the virtual path is a better way to solve the issue, while ensuring compatibility with downstream module users. A textbook example provided by repo
github.com/moby/mobyis here:https://github.com/moby/moby/blob/master/VENDORING.md
https://github.com/moby/moby/blob/master/vendor.conf
In the vendor directory,
github.com/moby/mobyadds the /vN subdirectory in the corresponding dependencies.This will help more downstream module users to work well with your package, otherwise they will be stuck in github.com/Masterminds/sprig v2.22.0 .
3. Request upstream to do compatibility processing.
The
prometheus/client_golanghave 1049 module-unaware users in github, such as: containerd/cri, gridgentoo/MapD, Mr8/yuanye…https://github.com/search?o=desc&q=prometheus%2Fclient_golang+filename%3Avendor.conf+filename%3Avendor.json+filename%3Aglide.toml+filename%3AGodep.toml+filename%3AGodep.json&s=indexed&type=Code
Summary
You can make a choice when you meet this DM issues by balancing your own development schedules/mode against the affects on the downstream projects.
For this issue, Solution 2 can maximize your benefits and with minimal impacts to your downstream projects the ecosystem.
References
Do you plan to upgrade the libraries in near future?
Hope this issue report can help you ^_^
Thank you very much for your attention.
Best regards,
Kate
The text was updated successfully, but these errors were encountered: