"source" declaration not followed? #860
Comments
That would be nice. So far we have been telling people to make sure that their imports have the #286 (comment) has more info on the workaround and the on-going efforts to implement a solution. |
|
hi! thanks for the issue. This is a great question.
So, I totally get why these should seem like the same thing. But they're not, because there's two separate things that are intertwined, here. Everything comes back to project root deduction - given an import string, which subcomponents of it identify where the root of the repository - and, because dep assumes that repo root == project root - and root of the project lie? In a case like this, it seems obvious - And that just ruins everything. If we can't trust that The obvious option here is to assume that I've been turning it over in my mind for a few weeks, and I think it's something we can probably do. However, changing the meaning of that relationship has some pretty far-reaching implications, so I need to walk it out to its logical conclusion before being sure. That's probably going to take a little while, unfortunately - I don't have a lot of spare time at the moment. |
|
I see. As a user, I never considered that the given because I have vendored the Given that I would expect It would not gain any information by trying to talk to Clearly my example is a bit unrealistic but honestly I've seen worse, especially in in-house development where the source repo might live on a server called |
Nor did I, as a user. Only when I made the leap to designer did I veer off that particular happy path 😄
It would probably be meaningless in terms of the semantics we expect, but this is a problem with stringly typed systems - they tend to allow a lot of meaningless things. It's generally very difficult to draw boundaries around what is or is not valid, in any strictly enforceable sense.
s/package/project/, but basically yeah, this is what I'm saying I think we can do with minimal harm. |
|
Directed here from #174, where I am having similar issues with "source" definition not preventing an http lookup. At my studio we have a private internal network with limited access to the external network via http(s) proxy. First off, I cannot use Given the Gopkg.toml file: I will then set the proxy so that the external dependencies can be reached. But running How can I go about using the dep tool in this workflow? How can I control the difference between endpoints that need to use the proxy and ones that do not? |
|
Maybe this is a stupid idea, but I think I see quite an easy solution for this. We could simply allow an extra key in a constraint, called something like |
|
I still think the most reasonable thing to do is to have This should result in my fork of the should give me my hypothetical SHA768 package at |
|
@calmh, I think you make a good point and my previous solution is just confusing. The only problem I see with yours is that in that case there's no way to have a constraint like this: [[constraint]]
name = "golang.org/x/crypto"
version = "whatevs"
source = "https://github.com/calmh/my-forks.git/x/crypto"This should be easily solvable however by adding an extra key like I proposed before, but the opposite this time: [[constraint]]
name = "golang.org/x/crypto"
version = "whatevs"
source = "https://github.com/calmh/my-forks.git"
subdir = "x/crypto"Here |
|
Potentially that could be handled like the Go tool handles import paths: look for the |
|
we do use the
This is also a no-go - we don't allow chopping up repos. see e.g. #982. if nothing else, that'd permit a project to bypass |
|
workaround: use 0.3.0 release which works with a source not equals to name |
|
@easyrasta that might be a partial workaround for certain cases, but there is no workaround for the general case where |
I tried this now, and it does in fact work, which is good. The problem is, it doesn't solve the original problem as it requires a change of the import path. Taking my example, modified with this results in because the So yeah, it's a recourse, in some cases. (The stvn.cc domain is now up and works so there is no need for this specific gymnastic, this is just an example.) |
oh man, i'd not thought about the interaction of these two pieces before. yeah, that really sucks. we're really starting to overload names quite a bit 😢 |
|
Various issues around GHE seem to point down to this one as the one root issue, but trying to understand exactly what the current proposal is for the solution. Let's say I have a GHE installation at However, I'm guessing that this is because the code in Doing gymnastics (like adding Is there a current proposal (or thoughts for a proposal) for how to deal with this case? |
|
To add to this issue, my current implementation as mentioned in #411 is as below but to no avail. And the import import (
"os"
log "github.com/sirupsen/logrus"
myapp "github.company.com/org/repo.git/some_import"
"github.com/fatih/structs"
"path/filepath"
"strings"
)Output (copy pasted from Jenkins): |
|
@hoshsadiq That requires re-writing import paths which rather conflicts with our desire to transparently drop in our own copy of the repo for testing. |
|
well, in addition to technical solutions that we're contemplating... IF YOUR COMPANY IS A GITHUB ENTERPRISE CUSTOMER, please DM me on twitter. i'm trying to organize some collective pressure. |
|
@sdboyer is there a reason we need to use DM on twitter? I feel like this thread should be enough. who is the collective pressure for? |
how to use with git+sshSOLUTION: we have our own git server via ssh on so here is how we did it: dep versioninstalled via git clonefirst make sure, that git clone works with your in Gopkg.toml/root/.ssh/configmain.godrawback: we have to rename the import with the .git suffix. this is ok for our in-house code but it is no transparent replacement if we would want to hack on third party git dependencies. |
|
@sdboyer could we add a update Ias @hoshsadiq pointed out (below), it would be important, that this directory is a symlink or hardlink to the directory referenced in update IIi've got the impression that we just need to add a new additionally we could overload the |
|
I think the main issue is having to import with a |
|
I believe I have a solution for private repos with ssh access, see PR #1717 |
|
Adding the .git suffix does not work on AWS Codecommit. Any other workarounds? |
|
@domino14 unfortunately what I have found, you cannot just use AWS Codecommit repos as is, because of the folder structure they use. As a workaround I use in gitconfig (make sure to use correct region instead of us-east-1) After that you will be able to use But that will work only with the patch I have sent. |
|
They haven't merged that patch yet... this is a serious issue, we should really merge this, |
|
@domino14 The only possible workaround is for every project you use as a dependency from CodeCommit to have a configuration in gitconfig |
|
That configuration change is in addition to your fork?
…On Tue, Apr 3, 2018 at 11:34 AM Denis Gladkikh ***@***.***> wrote:
@domino14 <https://github.com/domino14> go get works, because dep made
some assumptions on how to resolve the projects, which aren't compatible
with go dep, like the way they resolve remotes and the order (ssh vs
https) of how they resolve it.
The only possible workaround is for every project you use as a dependency
from CodeCommit to have a configuration in gitconfig
[url "ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/myrepo"]
insteadOf = git+ssh://example.com/myrepo.git
insteadOf = ssh://example.com/myrepo.git
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#860 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAjuZu2ySoZQfpes3xo2oTdmhCWX9dytks5tk5Z2gaJpZM4OdwXB>
.
|
|
@domino14 it is a workaround with current |
|
Thank you, this worked great!
…On Tue, Apr 3, 2018 at 11:59 AM, Denis Gladkikh ***@***.***> wrote:
@domino14 <https://github.com/domino14> it is a workaround with current
dep, the change I made will not be required.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#860 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAjuZmBMN7TZ4RC_-P8jZuI5wDDSf7prks5tk5xEgaJpZM4OdwXB>
.
|
|
@sdboyer any update or possible solution? I agree with @calmh on removing the need to talk to This is preventing me for using my own repos with dep so I wouldn't mind putting some time on this, but some guidance before starting the work would be great. |
|
I'm in a similar situation in that we don't have GitHub Enterprise v2.13 deployed yet https://enterprise.github.com/releases/2.13.0/notes
So, that means importing a library hosted on our GHE doesn't work. In my opinion this isn't using |
|
if can't custom the repo url with the "source", what's the means of the "source" field |
|
+1, is there a workaround for go-get ? |
|
I have a related issue. We upgraded to GitHub Enterpise 2.14 but we now have the following issue: It seems like godep is trying to use port 80 and is probably assuming that the GitHub Enterprise instance answers with a redirect, like But what our instance actually does: We tried overriding the URL by using: But no success. Is there another way we might be able to "force" dep to use |
Dep version v0.1.0-236-g98f1d99
Attempting to work around #767. The following declaration feels like it should handle my situation (Gopkg.toml):
However,
Should the source declaration not remove the need to talk to the (down)
stvn.ccdomain?Attempting to do it explicitly results in roughly the same thing:
There should be some way to say "grab this github repo into this import path" without the import path having to resolve?
The text was updated successfully, but these errors were encountered: