go.mod: cut circular dependency on github.com/containerd/containerd #5441
Conversation
Signed-off-by: Sebastiaan van Stijn <[email protected]>
go.mod
Outdated
There was a problem hiding this comment.
Without this, it would downgrade to v0.2.0, which is the version that github.com/prometheus/client_golang uses in its go.mod. Perhaps we should downgrade to match that version, but I tried to keep the diff small
|
Build succeeded.
|
This forces vendoring to only take dependencies of this repository to be taken into account, effectively cutting the circular dependency (for the vendored code), and to prevent depending on transitive dependencies coming from older versions of containerd. go mod does not allow using the main module as a local "replace" rule using a path; see golang/go#45492 and golang/go#34417, so instead, an empty module is used. One change observed is that older versions containerd depended on an older version of imgcrypt that had an "indirect" dependency on more current versions of gopkg.in/yaml.v2 and prometheus/procfs. For those, a temporary "indirect" dependency was added, until prometheus/client_golang and kubernetes are updated. from go mod graph (before): github.com/containerd/[email protected] gopkg.in/[email protected] github.com/containerd/[email protected] github.com/prometheus/[email protected] For some reason, some older versions of containerd are still taken into account, causing satori/go.uuid to be added as "indirect" dependency, likely because some modules have this dependency in their go.sum. This should likely disappear once those plugins are updated to contain a current version of containerd. git grep 'github.com/satori/go.uuid' vendor/github.com/Microsoft/hcsshim/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= vendor/github.com/containerd/aufs/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= vendor/github.com/containerd/imgcrypt/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= vendor/github.com/containerd/nri/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= vendor/github.com/containerd/zfs/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
dont_loop_da_loop
branch
from
2c484bf to
e26fc84
Compare
|
Build succeeded.
|
| // The replace rule forces go modules to consider the "current" version of | ||
| // containerd to be the source of truth, helping us catch missing go.mod rules, | ||
| // or version changes early. | ||
| module empty-mod |
There was a problem hiding this comment.
interesting technique! has this been used anywhere/anybody else?
There was a problem hiding this comment.
My original attempt was to use replace github.com/containerd/containerd => ./, but that didn't work due to limitations of go modules (golang/go#45492); the "empty module" approach was discussed in golang/go#34417, which looks like other people also used it to fix circular dependencies.
I think go modules should be able to handle this automatically, not requiring any of these tricks; perhaps I should write up a features request / proposal for that in the Golang issue tracker.
| @@ -0,0 +1,11 @@ | |||
| // module empty-mod is an empty module that's used to help with containerd | |||
There was a problem hiding this comment.
Nit: Don't we need the copyright header here?
There was a problem hiding this comment.
I looked at the main go.mod, which didn't have it. I also doubt if people would copy it (likely not useful to copy another project's go.mod), let alone if it's technically copyright'able (as its mostly mechanical, no real creativity)
That said, we can have a look at adding the header to other files, such as the github action workflows etc
thaJeztah
added
cherry-picked/1.5.x
7 participants
This forces vendoring to only take dependencies of this repository to
be taken into account, effectively cutting the circular dependency (for
the vendored code), and to prevent depending on transitive dependencies
coming from older versions of containerd.
go mod does not allow using the main module as a local "replace" rule using
a path; see golang/go#45492 and golang/go#34417, so instead, an empty module
is used.
One change observed is that older versions containerd depended on an older
version of imgcrypt that had an "indirect" dependency on more current versions
of gopkg.in/yaml.v2 and prometheus/procfs.
For those, a temporary "indirect" dependency was added, until prometheus/client_golang
and kubernetes are updated.
from go mod graph (before):
For some reason, some older versions of containerd are still taken into account,
causing satori/go.uuid to be added as "indirect" dependency, likely because some
modules have this dependency in their go.sum. This should likely disappear once
those plugins are updated to contain a current version of containerd.