New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an import verification tool #15620
Add an import verification tool #15620
Conversation
As we will soon see in the test output...
|
@deads2k give me a good review and I'll push it upstream too |
e249e88
to
fcbbf98
Compare
func resolvePackageTree(treeBase string) ([]Package, error) { | ||
cmd := "go" | ||
args := []string{"list", "-json", fmt.Sprintf("%s...", treeBase)} | ||
stdout, err := exec.Command(cmd, args...).Output() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, real bummer that we don't get a Go API for this, but grabbing the JSON and decoding it is good enough.
supersedes #15608 |
fcbbf98
to
4fc3f6b
Compare
@@ -0,0 +1,9 @@ | |||
[ | |||
{ | |||
"baseImportPath" : "pkg/image", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we place that as .import-restrictions in the respective directories. Then the OWNER/REVIEWER logic automatically applies.
type ImportRestriction struct { | ||
// BaseImportPath is the root of the package tree | ||
// that is restricted by this configuration | ||
BaseImportPath string `json:"baseImportPath"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need exceptions for that path very soon. E.g.:
everything under staging/src/k8s.io/kube-gen
, but do not apply the restrcitions to staging/src/k8s.io/kube-gen/test/...
.
Compare kubernetes/kubernetes@3d94b5f
Compare my comment about the exception. And dotfiles please. We don't want to poke hack/ OWNERs for every subpackage. |
Oh, overall looks very good! Well done! |
// - is not of the base import path or a sub-package of it | ||
// - is not of an allowed path or a sub-package of one | ||
func (i *ImportRestriction) isForbidden(imp string) bool { | ||
importsBelowRoot := strings.HasPrefix(imp, rootPackage) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if it has the prefix, then its not below the root, is it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My variable name may not be the best here -- but github.com/openshift/origin/pkg/util
has the prefix of github.com/openshift/origin/
and is thereby an import to something "below" the Origin root
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting. I read that as "under", not "below" when clearly they have very similar meanings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@deads2k do you have a suggestion for a more technically clear name here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would use "below" as well. But the choice of the name here probably not that critical ;-)
I'm disinclined to force additional requirements on this before its initial merge. @stevekuznetsov said he didn't want bash, I said that bash is what I had on and hand and I wasn't going to rewrite it for beauty, so @stevekuznetsov delivered an equivalent tool. Also, I've heard rumors of bazel in our future and that comes with some kind of import protection, so this gets us over the initial hump. |
I'll find a better home for it before I start enforcing. It probably needs to be pretty restrictive since this is about forcing better structure on the repo. @sttts I'm not clear on the exception. Why would I want to allow exceptions? It seems like that cold produce cycle problems for me. |
We create clients in client-gen, but that package should not depend on apimachinery in general, only the test output. |
That "exception" requirement is fulfilled any moment in master, when my kube-gen dependency PR merges. |
// IgnoredSubTrees are roots of sub-trees of the | ||
// BaseImportPath for which we do not want to enforce | ||
// any import restrictions whatsoever | ||
IgnoredSubTrees []string `json:"ignoredSubTrees,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 thanks!
/lgtm |
I'll make the verify soft-fail, so this can actually merge lol |
In order to ensure that selected package trees in our source import only from other package trees, we need a tool that will determine the imports for a package tree and verify them all. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
da67a37
to
506ada9
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: stevekuznetsov, sttts Assign the PR to them by writing No associated issue. Update pull-request body to add a reference to an issue, or get approval with The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/retest |
/test extended_conformance_install_update |
/test extended_conformance_install_update |
1 similar comment
/test extended_conformance_install_update |
Automatic merge from submit-queue |
In order to ensure that selected package trees in our source import only
from other package trees, we need a tool that will determine the imports
for a package tree and verify them all.
Signed-off-by: Steve Kuznetsov skuznets@redhat.com
/cc @deads2k @sttts