Update gorethink from v3 to v6 and rename to proper rethinkdb-go package #1537
Conversation
|
It appears there are existing linting errors for |
|
Ah I think gosec did some updates recently and we are not pinning the version. |
cquon
force-pushed
the
gorethink_v6
branch
3 times, most recently
from
d3740f3 to
fcb498b
Compare
There was a problem hiding this comment.
Left some comments inline (bear with me, still trying to get used to some oddities of go modules);
Running go mod tidy, I get a diff;
git diff
diff --git a/go.sum b/go.sum
index fe661110..1e02e6e6 100644
--- a/go.sum
+++ b/go.sum
@@ -50,6 +50,7 @@ github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2V
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk=
github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls=
github.com/google/certificate-transparency-go v1.0.10-0.20180222191210-5ab67e519c93 h1:jc2UWq7CbdszqeH6qu1ougXMIUBfSy8Pbh/anURYbGI=
github.com/google/certificate-transparency-go v1.0.10-0.20180222191210-5ab67e519c93/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=We should probably update CI do a go mod tidy ?
On this PR, it also shows this output;
github.com/theupdateframework/notary/server imports
github.com/prometheus/client_golang/prometheus imports
github.com/prometheus/common/expfmt imports
github.com/matttproud/golang_protobuf_extensions/pbutil tested by
github.com/matttproud/golang_protobuf_extensions/pbutil.test imports
github.com/golang/protobuf/proto/testdata: module github.com/golang/protobuf@latest (v1.3.5) found, but does not contain package github.com/golang/protobuf/proto/testdata
The testdata package was renamed from testdata to test_proto in this commit: golang/protobuf@8cc9e46
So it looks like go mod checks test files, even though they're not vendored; the vendored code only mentions the gogo/protobuf package, which still has that directory in the version that's vendored;
git grep proto/testdata
vendor/github.com/gogo/protobuf/proto/Makefile: make -C testdata
vendor/github.com/gogo/protobuf/proto/Makefile: protoc-min-version --version="3.0.0" --proto_path=.:../../../../:../protobuf --gogo_out=Mtestdata/test.proto=github.com/gogo/protobuf/proto/testdata,Mgoogle/protobuf/any.proto=github.com/gogo/protobuf/types:. proto3_proto/proto3.proto
Looking at matttproud/golang_protobuf_extensions it indeed references that package; https://github.com/matttproud/golang_protobuf_extensions/blob/v1.0.1/pbutil/all_test.go#L23. That looks to be a bug, because its go.mod requires github.com/golang/[email protected], which does not have the testdata; https://github.com/golang/protobuf/tree/v1.2.0/proto
Ignore this, it's not referencing the package?
I don't expect this to be a problem (because we don't run those tests), but looks like we should open a PR in https://github.com/matttproud/golang_protobuf_extensions to fix.
Some things we should look at:
- I see your PR Verify the Pool connection is not nil before attempting to close it rethinkdb/rethinkdb-go#480 was merged, so probably update to v6.1.1, which has that fix
- Fix the
go.sum(rungo mod tidyand commit the results) - update the matttproud/golang_protobuf_extensions to the current release (it's currently 2 commits behind v1.0.0, 4 commits behind v1.0.1); matttproud/golang_protobuf_extensions@d0c3fe8...v1.0.1
- Should we update github.com/gogo/protobuf to the current version as well? I think it's usually updated in tandem with the golang/protobuf (current version is v1.3.1, which roughly matches the google/protobuf version)
- Perhaps update the
golang.org/x/netandgolang.org/x/syspackages to current master
Separate from this PR:
- Remove the vendor.conf
- Fix CI to check
go mod tidy(?) Open a PR in https://github.com/matttproud/golang_protobuf_extensions to fix theignore; no idea where it's referencedtestdataissue- Open a PR in https://github.com/rethinkdb/rethinkdb-go to update
github.com/cenkalti/backoffto the current (v4) release, which has go module support
Makefile
Outdated
| @@ -110,7 +110,7 @@ endif | |||
| # gosec - requires that the following be run first: | |||
| # go get -u github.com/securego/gosec/cmd/gosec/... | |||
| @rm -f gosec_output.csv | |||
| @gosec -fmt=csv -out=gosec_output.csv -exclude=G104,G304 ./... || (cat gosec_output.csv >&2; exit 1) | |||
| @gosec -fmt=csv -out=gosec_output.csv -exclude=G104,G304,G306 ./... || (cat gosec_output.csv >&2; exit 1) | |||
There was a problem hiding this comment.
For the record;
G306: Poor file permissions used when writing to a new file
This was to suppress a linting error complaing about a file having 0644 instead of 0600.
nit: probably would've been good to describe this in the commit message, but not a blocker for me
There was a problem hiding this comment.
I'll need to make some changes so I'll rebase and update the commit message!
| @@ -25,7 +25,7 @@ import ( | |||
| "github.com/theupdateframework/notary/tuf/signed" | |||
| "github.com/theupdateframework/notary/utils" | |||
| "golang.org/x/net/context" | |||
| "gopkg.in/gorethink/gorethink.v3" | |||
| gorethink "gopkg.in/rethinkdb/rethinkdb-go.v6" | |||
There was a problem hiding this comment.
Curious; didn't it work without the manual aliasing? (I thought anything -go was automatically handled, but perhaps that doesn't work in combination with the .vXX suffix)
No need to change, just curious
There was a problem hiding this comment.
No they renamed the package name from gorethink to rethinkdb
https://gopkg.in/rethinkdb/rethinkdb-go.v3
https://gopkg.in/rethinkdb/rethinkdb-go.v6
so figured the path of least resistance was to alias it, also because there is another rethinkdb package in this code that it caused conflict with in some of the files.
There was a problem hiding this comment.
oh! for some reason I only saw the -go suffix 🤦♂️
vendor.conf
Outdated
| gopkg.in/rethinkdb/rethinkdb-go.v6 bbcde53c1229eece19f8df1ff58cc962e52c0c10 # v6.1.0 | ||
| gopkg.in/yaml.v2 5420a8b6744d3b0345ab293f6fcba19c978f1183 # v2.2.1 |
There was a problem hiding this comment.
We need to remove this file, as it should no longer be used; I noticed that just after the go mod PR was merged; I'll open a PR
| github.com/bugsnag/bugsnag-go v1.0.5-0.20150529004307-13fd6b8acda0 | ||
| github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b // indirect | ||
| github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 // indirect | ||
| github.com/cenkalti/backoff v1.0.0 // indirect |
There was a problem hiding this comment.
Curious why it removes this one from go.mod because the vendor directory still has this dependency vendored. Is it because it's github.com/cenkalti/backoff v2.2.1+incompatible now (no go module support in that version?)
| github.com/google/certificate-transparency-go v1.0.10-0.20180222191210-5ab67e519c93 // indirect | ||
| github.com/gorilla/mux v1.7.0 | ||
| github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect |
There was a problem hiding this comment.
Same for this (just curious); as this one is still vendored
| github.com/kr/pretty v0.0.0-20130510082846-bc9499caa0f4 // indirect | ||
| github.com/kr/text v0.0.0-20130911015532-6807e777504f // indirect |
There was a problem hiding this comment.
And these (also just curious)
| golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 | ||
| golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e |
There was a problem hiding this comment.
Should we update these to a more current version? They seem to be somewhat behind
There was a problem hiding this comment.
can you do another PR for that?
|
Oh, ignore the mattproud testdata comment; I don't think it's referencing it (looking again) |
|
Looks like that issue was fixed in v1.0.1, so updating it to v1.0.1 should address it; matttproud/golang_protobuf_extensions@v1.0.0...v1.0.1 Can you also run |
|
D'oh! That may be because I ran it on Go 1.13. sigh. I hate it that they continue breaking go modules between releases. |
cquon
force-pushed
the
gorethink_v6
branch
2 times, most recently
from
11bbbcb to
9046bbe
Compare
|
Looks like it's still failing on that permission error 😞 I also noticed these errors; Could it be that we're using busybox, and that busybox's |
This change shouldn't be affecting busybox though right? |
cquon
force-pushed
the
gorethink_v6
branch
2 times, most recently
from
c43a3ba to
2606549
Compare
|
@thaJeztah I believe the buildscripts/circle-validate-vendor.sh script which invokes buildscripts/validate-vendor.sh ends up touching the go.sum file Seems to have been a known issue: golang/go#34634 which is likely due to the fact the container is using go 1.12.5. I bumped it to go 1.13 and I saw the file permissions still became readable, but the |
buildscripts/validate-vendor.sh
Outdated
| @@ -23,6 +23,8 @@ if [ -d vendor ]; then | |||
| go mod vendor | |||
| fi | |||
|
|
|||
| chmod 644 "go.sum" | |||
There was a problem hiding this comment.
This must be a bug. Even if go mod ... updates the contents, it should not change file permissions
There was a problem hiding this comment.
Yea copied the issue here: golang/go#34634 I think it's resolved in newer versions of go but this is on 1.12
There was a problem hiding this comment.
With go 1.12 having reached EOL, should we update to go 1.13 or go 1.14 @justincormack ? I see there's some existing PRs but they appear to be outdated; #1515, #1522, #1536
There was a problem hiding this comment.
Could this potentially be merged in to get get updated dependencies working for 1.12 until we can migrate to a newer version of go?
There was a problem hiding this comment.
I would rather update Go first.
|
Go is updated now, this needs a rebase and should fix the go.mod issue. |
cquon
force-pushed
the
gorethink_v6
branch
2 times, most recently
from
d478f15 to
992a3e6
Compare
Thanks @justincormack it did indeed 👍 |
|
@HuKeping ptal 🤗 |
Gorethink is currently on v6 this is a bump to the v3 client to consume the latest client as well as update required dependencies by the v6 library as well.