Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove knative/pkg deps #2092

Merged
merged 3 commits into from
Jul 25, 2022
Merged

Remove knative/pkg deps #2092

merged 3 commits into from
Jul 25, 2022

Conversation

imjasonh
Copy link
Member

  • we were depending on knative/pkg for logging, now we just log.Printf
  • we were depending on depcheck from knative, now depending on a fork in a separate repo
  • we were depending on knative/pkg for worker goroutine pooling, now just using errgroup and limiting workers to to NumCPU ourselves

Dropping knative deps should drop a bunch of transitive deps as well.

Signed-off-by: Jason Hall jason@chainguard.dev

Summary

Reducing unnecessary dependencies limits our exposure to vulnerabilities in those dependencies.

This change has no effect on binary size (cosign is still 83 MB 🏋️ )

Release Note

NONE

Documentation

NONE

cc @mattmoor

@imjasonh
Remove knative/pkg deps
36c44a9 
- we were depending on knative/pkg for logging, now we just log.Printf
- we were depending on knative/pkg for worker goroutine pooling, now
  just using errgroup and limiting to NumCPU ourselves

Dropping knative deps should drop a bunch of transitive deps as well.

Signed-off-by: Jason Hall <jason@chainguard.dev>
@codecov-commenter
Copy link

codecov-commenter commented Jul 22, 2022
edited
Loading

Codecov Report

Merging #2092 (36c44a9) into main (95b74db) will decrease coverage by 0.06%.
The diff coverage is 8.69%.

@@            Coverage Diff             @@
##             main    #2092      +/-   ##
==========================================
- Coverage   26.33%   26.27%   -0.07%     
==========================================
  Files         129      129              
  Lines        7564     7574      +10     
==========================================
- Hits         1992     1990       -2     
- Misses       5317     5329      +12     
  Partials      255      255
Impacted Files Coverage Δ
pkg/cosign/fetch.go 0.00% <0.00%> (ø)
pkg/cosign/rego/rego.go 70.96% <ø> (-0.47%) ⬇️
pkg/policy/eval.go 78.94% <100.00%> (-0.54%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us.

@imjasonh
buffer channels
d8f6a28 
Signed-off-by: Jason Hall <jason@chainguard.dev>
@imjasonh
Use errgroup.SetLimit instead of trying to be clever
86fece7 
Signed-off-by: Jason Hall <jason@chainguard.dev>
mattmoor
mattmoor reviewed Jul 22, 2022
View reviewed changes
go.sum Show resolved Hide resolved
@imjasonh imjasonh mentioned this pull request Jul 22, 2022
Closed
@dlorenc dlorenc merged commit 75c597a into sigstore:main Jul 25, 2022
@github-actions github-actions bot added this to the v1.11.0 milestone Jul 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmoor mattmoor mattmoor approved these changes

@hectorj2f hectorj2f Awaiting requested review from hectorj2f

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.10.1
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@imjasonh @codecov-commenter @mattmoor @dlorenc