Skip to content
This repository has been archived by the owner on Sep 9, 2020. It is now read-only.

dep does not import same revision for dependencies that are declared in Godeps.json #1070

Closed
dlsniper opened this issue Aug 28, 2017 · 7 comments

Comments

@dlsniper
Copy link

In the following project https://github.com/gopheracademy/gopher , running dep init.

See:

Observe the difference between versions for github.com/nlopes/slack:

  • godeps: b5c480d57859099b2050e071f2df92c2b3170ced
  • dep: c86337c0ef2486a15edd804355d9c73d2f2caed1

dep version: f134697
gopher version: 7bb1dd8a82cff5fb8172bcb768d0decd9ba80420

@AlekSi
Copy link
Contributor

AlekSi commented Aug 28, 2017

I think it is the same as #1069.

@dlsniper
Copy link
Author

Imho, this one is different. While #1069 tracks the fact that unneeded packages are vendored as well as unneeded repositories (if that's what dep is tracking at).

However, this one reflects a bigger problem. Currently dep cannot be trusted to cleanly migrate a project from an existing package management system to dep without potentially breaking changes. In this case, gopher is unbuildable after running dep . The difference in versions / commit hashes is tracked by this issue.

@carolynvs
Copy link
Collaborator

Agreed, dep cannot currently be trusted to not make changes after the importers are run. The issue which tracks that is #908.

@dlsniper
Copy link
Author

@carolynvs do you think I should close this in favor of #908?

dlsniper added a commit to dlsniper/dep that referenced this issue Aug 28, 2017
Following the discussion golang#1070 (comment)
"Agreed, dep cannot currently be trusted to not make changes after the importers are run.
The issue which tracks that is golang#908.", it is clear that the maintainers of
the tool do not see it as a reliable project.

As such, the users should be correctly informed about the status of the
project and what are the goals in order to make it a production ready one.
@carolynvs
Copy link
Collaborator

Before closing, I'd like to understand if the issue was that our godep importer didn't preserve the original revision in the lock, or if the constraints later caused the solver to pick a different version for the slack project.

Can you run dep init -v and provide the console output and resulting Gopkg.toml/lock files?

@sdboyer
Copy link
Member

sdboyer commented Aug 28, 2017

i did the dep init -v - this is the relevant bit, where the original rev gets rejected:

(15)  ? attempt github.com/nlopes/slack with 1 pkgs; at least 1 versions to try
(21)      try github.com/nlopes/slack@b5c480d57859099b2050e071f2df92c2b3170ced
(22)  ✗   github.com/nlopes/slack@b5c480d57859099b2050e071f2df92c2b3170ced not allowed by constraint ^0.1.0-2-gb5c480d:
(22)      ^0.1.0-2-gb5c480d from (root)
(21)      try github.com/nlopes/[email protected]
(21)  ✓ select github.com/nlopes/[email protected] w/1 pkgs

@carolynvs i think we have an issue open for this already? trying to use the comments from Godeps.json as constraints seems to not be having the desired effect.

@carolynvs
Copy link
Collaborator

carolynvs commented Aug 28, 2017

@sdboyer Ah okay, yeah this is part of a bigger question that I had about locking to untagged revisions during import. Can you take a look at my question and let me know what you think? #939 (comment)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants