-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
distribution: Lock binary dependencies to specific commits #2550
Conversation
Pulling revisions was relegated to scripts/get_tools.sh The solution there isn't that elegant, but it works. A more elegant + clean solution would be using python, but we probably don't want to introduce that as a dependency. I think we can leave it right now as a shell file with redundant code, and improve the build process #postlaunch. The linters which gometalinters are versioned according to gometalinters install.sh. Its not locking to commit (AFAIK), but I think this is fine as that is purely dev tooling and doesn't affect the code. Closes #2238
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🍰 🌮 🍉
scripts/get_tools.sh
Outdated
# github.com/gogo/protobuf/protoc-gen-gogo | ||
# github.com/square/certstrap | ||
|
||
cd $GOPATH/src/github.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pushd $GOPATH/src/github.com
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This didn't work in shell scripts for me, though it works in bash
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nvm it worked after specifying the shell, thanks!
scripts/get_tools.sh
Outdated
go build | ||
cd ../../ | ||
|
||
cd $GOPATH/src/github.com/tendermint/tendermint |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
popd
scripts/get_tools.sh
Outdated
cd $GOPATH/src/github.com | ||
|
||
## install gox | ||
mkdir -p mitchellh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer multiline style
git checkout -q 51ed453898ca5579fea9ad1f08dff6b121d9f2e8 && \
go build && \
cd ../../
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find that more confusing personally, but I'll change it if you like :)
scripts/get_tools.sh
Outdated
## install protoc-gen-gogo | ||
mkdir -p gogo | ||
cd gogo | ||
if cd protobuf; then git fetch origin; else git clone https://github.com/gogo/protobuf.git; cd protobuf; fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if [ ! -d "protobuf" ]; then git clone ...; fi
no need for fetching imho if you later checkout specific commit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't you need to fetch if you already have the repo cloned, but the commit we specify is later than what you have?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, you're right. Anyway, [ -d "...]
syntax is more common for bash scripts
Makefile
Outdated
@gometalinter.v2 --install | ||
./scripts/get_tools.sh | ||
@echo "--> Downloading linters (this may take awhile)" | ||
./../../alecthomas/gometalinter/scripts/install.sh -b $(GOBIN) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we use absolute path here? $GOPATH/...
@@ -1,7 +1,7 @@ | |||
GOTOOLS = \ | |||
github.com/mitchellh/gox \ | |||
github.com/golang/dep/cmd/dep \ | |||
gopkg.in/alecthomas/gometalinter.v2 \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@zramsay what was the reason to use v2?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
locking to the latest version
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This checks out the v2.0.11
release (their latest release), which was being used anyway.
@@ -1,7 +1,7 @@ | |||
GOTOOLS = \ | |||
github.com/mitchellh/gox \ | |||
github.com/golang/dep/cmd/dep \ | |||
gopkg.in/alecthomas/gometalinter.v2 \ | |||
github.com/alecthomas/gometalinter \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will pull latest master, which can cause non-determinism in our linting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Metalinter is still hash locked in the script file. You only get different versions with update tools. (Though I could make update tools just call get tools as well)
Codecov Report
@@ Coverage Diff @@
## develop #2550 +/- ##
===========================================
+ Coverage 61.23% 61.26% +0.03%
===========================================
Files 202 202
Lines 16733 16734 +1
===========================================
+ Hits 10246 10252 +6
+ Misses 5617 5612 -5
Partials 870 870
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for doing this! My bash-fu wasn't up to par to figure this out lol. Github won't let me approve this b/c I made the PR though
Pulling revisions was relegated to scripts/get_tools.sh
The solution there isn't that elegant, but it works.
A more elegant + clean solution would be using python, but
we probably don't want to introduce that as a dependency.
I think we can leave it right now as a shell file with redundant
code, and improve the build process #postlaunch.
The linters which gometalinters are versioned according to gometalinters
install.sh.
Its not locking to commit (AFAIK), but I think this is fineas that is purely dev tooling and doesn't affect the code.
EDIT: It does lock to commit
Closes #2238