distribution: Lock binary dependencies to specific commits #2550
Conversation
Pulling revisions was relegated to scripts/get_tools.sh The solution there isn't that elegant, but it works. A more elegant + clean solution would be using python, but we probably don't want to introduce that as a dependency. I think we can leave it right now as a shell file with redundant code, and improve the build process #postlaunch. The linters which gometalinters are versioned according to gometalinters install.sh. Its not locking to commit (AFAIK), but I think this is fine as that is purely dev tooling and doesn't affect the code. Closes #2238
scripts/get_tools.sh
Outdated
| # github.com/gogo/protobuf/protoc-gen-gogo | ||
| # github.com/square/certstrap | ||
|
|
||
| cd $GOPATH/src/github.com |
There was a problem hiding this comment.
pushd $GOPATH/src/github.com
There was a problem hiding this comment.
This didn't work in shell scripts for me, though it works in bash
There was a problem hiding this comment.
nvm it worked after specifying the shell, thanks!
scripts/get_tools.sh
Outdated
| go build | ||
| cd ../../ | ||
|
|
||
| cd $GOPATH/src/github.com/tendermint/tendermint |
scripts/get_tools.sh
Outdated
| cd $GOPATH/src/github.com | ||
|
|
||
| ## install gox | ||
| mkdir -p mitchellh |
There was a problem hiding this comment.
I'd prefer multiline style
git checkout -q 51ed453898ca5579fea9ad1f08dff6b121d9f2e8 && \
go build && \
cd ../../
There was a problem hiding this comment.
I find that more confusing personally, but I'll change it if you like :)
scripts/get_tools.sh
Outdated
| ## install protoc-gen-gogo | ||
| mkdir -p gogo | ||
| cd gogo | ||
| if cd protobuf; then git fetch origin; else git clone https://github.com/gogo/protobuf.git; cd protobuf; fi |
There was a problem hiding this comment.
if [ ! -d "protobuf" ]; then git clone ...; fi
no need for fetching imho if you later checkout specific commit
There was a problem hiding this comment.
Don't you need to fetch if you already have the repo cloned, but the commit we specify is later than what you have?
There was a problem hiding this comment.
Oh, you're right. Anyway, [ -d "...] syntax is more common for bash scripts
Makefile
Outdated
| @gometalinter.v2 --install | ||
| ./scripts/get_tools.sh | ||
| @echo "--> Downloading linters (this may take awhile)" | ||
| ./../../alecthomas/gometalinter/scripts/install.sh -b $(GOBIN) |
There was a problem hiding this comment.
can we use absolute path here? $GOPATH/...
| @@ -1,7 +1,7 @@ | |||
| GOTOOLS = \ | |||
| github.com/mitchellh/gox \ | |||
| github.com/golang/dep/cmd/dep \ | |||
| gopkg.in/alecthomas/gometalinter.v2 \ | |||
There was a problem hiding this comment.
@zramsay what was the reason to use v2?
There was a problem hiding this comment.
locking to the latest version
There was a problem hiding this comment.
This checks out the v2.0.11 release (their latest release), which was being used anyway.
| @@ -1,7 +1,7 @@ | |||
| GOTOOLS = \ | |||
| github.com/mitchellh/gox \ | |||
| github.com/golang/dep/cmd/dep \ | |||
| gopkg.in/alecthomas/gometalinter.v2 \ | |||
| github.com/alecthomas/gometalinter \ | |||
There was a problem hiding this comment.
this will pull latest master, which can cause non-determinism in our linting
There was a problem hiding this comment.
Metalinter is still hash locked in the script file. You only get different versions with update tools. (Though I could make update tools just call get tools as well)
Codecov Report
@@ Coverage Diff @@
## develop #2550 +/- ##
===========================================
+ Coverage 61.23% 61.26% +0.03%
===========================================
Files 202 202
Lines 16733 16734 +1
===========================================
+ Hits 10246 10252 +6
+ Misses 5617 5612 -5
Partials 870 870
|
xla
changed the title
Pulling revisions was relegated to scripts/get_tools.sh
The solution there isn't that elegant, but it works.
A more elegant + clean solution would be using python, but
we probably don't want to introduce that as a dependency.
I think we can leave it right now as a shell file with redundant
code, and improve the build process #postlaunch.
The linters which gometalinters are versioned according to gometalinters
install.sh.
Its not locking to commit (AFAIK), but I think this is fineas that is purely dev tooling and doesn't affect the code.
EDIT: It does lock to commit
Closes #2238