Skip to content
This repository has been archived by the owner on Sep 9, 2020. It is now read-only.

dep: Introduce noverify field to Gopkg.toml #1952

Merged
merged 6 commits into from
Jul 24, 2018
Merged

dep: Introduce noverify field to Gopkg.toml #1952

merged 6 commits into from
Jul 24, 2018

Conversation

sdboyer
Copy link
Member

@sdboyer sdboyer commented Jul 23, 2018
edited
Loading

What does this do / why do we need it?

This introduces a noverify field in Gopkg.toml that will allow bypassing of vendor verification (#1912) on a per-project basis. When set, dep check will ignore any hash verification problems with the directory, and dep ensure will not rewrite the dependency unless it is absent from vendor entirely, pruning rules change, or solving changes one of the other, higher-order properties.

We may want to switch to the safer behavior, in which we always rewrite vendor for non-verified projects, rather than only rewriting it if a higher-order change occurs. We'll have to see how it pans out. If we want to make the change, though, it's as simple as commenting one line and uncommenting another.

TODO

  • Tests
  • Docs

What should your reviewer look out for in this PR?

Weird combinations that i've missed?

Do you need help or clarification on anything?

Right now, dep check prints nothing for noverify projects on 1) empty hash 2) hash mismatch 3) hash version mismatch; would it be preferable to print the normal message + a suffix that says it's noverify, then still exit 0 instead of just silently exiting 0?

Which issue(s) does this PR fix?

fixes #1933

@sdboyer sdboyer requested a review from ibrasho as a code owner July 23, 2018 14:27
@sdboyer sdboyer added the area: check Related to `dep check` label Jul 23, 2018
@sdboyer sdboyer self-assigned this Jul 23, 2018
@sdboyer sdboyer added this to the v0.5.0 milestone Jul 23, 2018
@sdboyer
dep: Introduce noverify field to Gopkg.toml
b1e2532 
This field allows bypassing of vendor verification on a
project-by-project basis. When set, `dep check` will ignore any hash
verification problems with the directory, and `dep ensure` will not
rewrite the dependency unless it is absent from vendor entirely, pruning
rules change, or solving changes one of the other, higher-order
properties.
@sdboyer
check: Updated tests with clarified output
cc03c81
@sdboyer
dep: Add noverify harness tests
02b5be7 
This also updates the harness test system to be able to sniff for
non-zero exit cases. Doing so is important for dep check, as it is
specifically designed for automated use based on exit status.
@sdboyer
check: Print check fails even if noverify
e4e3ebe 
Without this, there's really no easy way to see what things marked
noverify are actually in a divergent state, and that information is
crucial. If the user doesn't care, or specifically wants to suppress it,
-q is always an option.
@sdboyer
docs: Update docs with info about noverify
ee0c846
@sdboyer
test: Cleanup detritus, fix doc comments
baebed0
@sdboyer sdboyer merged commit a9121da into golang:master Jul 24, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ibrasho ibrasho Awaiting requested review from ibrasho ibrasho is a code owner

Assignees

@sdboyer sdboyer

Labels
area: check Related to `dep check` area: ensure cla: yes
Projects
None yet
Milestone
v0.5.0
Development

Successfully merging this pull request may close these issues.

Add a Gopkg.toml field for skipping vendor verification
2 participants
@sdboyer @googlebot