Registry support #1172
Registry support #1172
Conversation
romangurevitch
requested review from
carolynvs,
ibrasho and
sdboyer
as code owners
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed, please reply here (e.g.
|
|
I signed it! |
|
CLAs look good, thanks! |
|
The build is failing because we added a new dependency but as a result when running dep ensure there are ~900 modified/new files in vendor folder. Thank you, looking forward for your feedback. |
|
yep! larger review is in progress. please commit everything into vendor, then run |
|
I have added the vendor dependencies and the build passes now as well as all the tests. |
internal/gps/registry.go
Outdated
| "io" | ||
| "os" | ||
| "compress/gzip" | ||
| "github.com/golang/dep/internal/fs" |
There was a problem hiding this comment.
nit: gofmt please, it'll sort the imports.
internal/gps/registry.go
Outdated
|
|
||
| var errNotFound = errors.New(http.StatusText(http.StatusNotFound)) | ||
|
|
||
| type Registry interface { |
internal/gps/registry.go
Outdated
| } | ||
|
|
||
| func (s *registrySource) listPackages(ctx context.Context, pr ProjectRoot, r Revision) (ptree pkgtree.PackageTree, err error) { | ||
| resp, err := s.execDownloadDependency(pr, r) |
There was a problem hiding this comment.
downloading on the fly may be OK as a first step, but eventually we're going to want to keep these downloaded tarballs locally.
internal/gps/registry.go
Outdated
| return &versionsResp, err | ||
| } | ||
|
|
||
| func (s *registrySource) execDownloadDependency(pr ProjectRoot, r Revision) (*http.Response, error) { |
There was a problem hiding this comment.
context.Context needs to be plumbed through this function in order to facilitate cancellation.
internal/test/test.go
Outdated
| @@ -21,6 +21,7 @@ import ( | |||
| "testing" | |||
|
|
|||
| "github.com/pkg/errors" | |||
| "github.com/golang/dep/cmd/dep/testdata/registry" | |||
There was a problem hiding this comment.
testdata dirs are for data, not for source code. this package needs to be relocated - i'll have thoughts about the right place to put it once i grok the pieces a bit better
| @@ -0,0 +1,150 @@ | |||
| package main | |||
There was a problem hiding this comment.
we need to hide this from normal builds until we're actually ready to ship the registry. feature-flag style, dep login needs to not even be recognized as a command until we flip the switch.
maybe we do this with build tags, or maybe something else, but we can't put new commands in front of our users until it's mostly baked.
| @@ -0,0 +1,308 @@ | |||
| package main | |||
|
|
|||
| import ( | |||
| @@ -0,0 +1,308 @@ | |||
| package main | |||
There was a problem hiding this comment.
as with login.go, this needs to be unreachable
| @@ -0,0 +1,21 @@ | |||
| # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. | |||
There was a problem hiding this comment.
"case1"
where possible, it's preferred that the name of the test fixture be descriptive, rather than just incrementing a number.
| @@ -588,6 +590,8 @@ func (dc *deductionCoordinator) deduceRootPath(ctx context.Context, path string) | |||
| switch d := data.(type) { | |||
| case maybeSource: | |||
| return pathDeduction{root: prefix, mb: d}, nil | |||
There was a problem hiding this comment.
this is probably a much better place to think about hooking in: instead of messing with the deduction process itself, which is really not where the registry belongs (per other comments), the thing to be taking over is the maybeSources returned in the pathDeductions. create a new type (the maybeRegistrySource in the current iteration of the PR isn't structured for this at all) that takes other maybeSources, and figures out how to transparently wrap them.
side note with that - it'll be very important that the path on disk used by registry-wrapped ones are entirely different from what would've been used by the underlying wrapped instance.
|
also, a more general note - seeing the results of opting for publishing into the registry, rather than transparently proxying it in, has really left a poor taste in my mouth. Yoav's point on the spec doc about this was that manual publishing of versions presents a much, much lower barrier of entry for the registry implementor than does proxying, which i understand, but the idea that we need to add a publish command to dep itself in order to have registries functioning in even a basic way feels like a non-starter to me. i need to ponder on this more, but my feeling is that transparent proxying needn't be nearly so hard for us because the |
|
@sdboyer with regards to My main concerns were:
In any case, since this impacts the registry implementation we would need to provide clarity :) |
|
i think we should set a time for another face-to-face about this - maybe late next week? - so that we can review and regroup. that way i can also set aside time to re-review this and the spec doc, as my mind currently feels like it's been sandblasted by the last couple weeks and i can scarcely remember any details here 😢 but...!
yeah, i think maybe i just need to up and do this. it's not hard -
no question. for example, i am utterly unconfident that today's
for sure - i've got no qualms about the importance of being able to publish projects. but it's that key difference between publishing projects to a canonical location (and thereby, import path), vs. publishing to fill an intermediate proxy where the essential purpose is to enforce policy. really, i think it goes all the way back up to the word meanings for me - i don't think "publish" is even the right verb to use there. yes, both are the action of pushing a version into a registry, and functionally are probably indistinguishable, and this works fine for other communities. but context is everything: if we accept the idea that there are canonical locations for projects, then "publishing" seems misleading - "mirroring" isn't quite right easier, but the idea is closer. the words we choose significantly impact users' understanding, and if we can find ones that tend to put peoples' expectations in the right ballpark, IMO it's a big win. |
That'd probably be the best thing to do. I'll ping you in slack to set something up.
yep. I know just the feeling 😜 |
|
I'm closing this pull request and soon will submit a new pull request to avoid merging issues and add your requests. |
What does this do / why do we need it?
A go dep registry will host packaged versions of go "projects" in self-contained format.
Developers will be able to publish new project versions to the registry and resolve them back from the registry as project dependencies.
The primary use case for a registry is to support development isolation against an in-house repository that serves immutable project dependencies. These dependencies can be external dependencies or internal projects used in-house as 3rd party dependencies.
The registry will support authentication via user tokens.
This pull request adds the functionality of downloading dependencies from a registry.
We will soon submit an additional pull request for publishing projects to a registry.