Dep Support #113
Dep Support #113
Conversation
|
Hi @gpaul, It occurs to me I should probably add the following at the top of # The following packages are required because they're either build
# tools or are dependencies only if the "csi" package is already
# generated. However, if the "csi" package is removed (a valid
# condition), a "dep ensure" will not fetch the dependencies it
# no longer sees in the project's dependency graph. Including the
# dependencies in the "required" list ensures they're always
# downloaded.
required = [
"github.com/golang/protobuf/protoc-gen-go",
"golang.org/x/net/context",
"google.golang.org/grpc"
]If that's not present and someone removes the The vendor: | $(DEP)
$(DEP) ensure -v -vendor-onlyThe Thoughts? |
lib/go/Makefile
Outdated
| ######################################################################## | ||
| ## PROTOC ## | ||
| ######################################################################## | ||
|
|
||
| # Only set PROTOC_VER if it has an empty value. |
There was a problem hiding this comment.
Hi @jieyu ,
I've always err'd on the side of caution and opted for the use of ifeq to determine if a variable is already set instead of ?=. I've always assumed my method is more performant since ?= is subject to recursive expansion (and still is in the case of the value as a result of a $(shell ...) command).
I made this change because it occurs to me if the value contains no variables or use of the $(shell ...) command then ?= probably doesn't incur the penalty of the would-be recursive expansion and is simpler and as effective as the previous method.
Do you know if this is true? Is ?= without variables in the value still subject to a check for recursive expansion everything the variable is referenced?
There was a problem hiding this comment.
Hi @gpaul,
Do you have any advice or guidance related to the above question?
There was a problem hiding this comment.
gnu make will short-circuit the recursive expand if it doesn't find a '$' in the value:
http://git.savannah.gnu.org/cgit/make.git/tree/expand.c#n230
The stack trace as I read it would be:
http://git.savannah.gnu.org/cgit/make.git/tree/expand.c#n194
http://git.savannah.gnu.org/cgit/make.git/tree/expand.c#n230
http://git.savannah.gnu.org/cgit/make.git/tree/expand.c#n415
http://git.savannah.gnu.org/cgit/make.git/tree/expand.c#n457
http://git.savannah.gnu.org/cgit/make.git/tree/expand.c#n557
http://git.savannah.gnu.org/cgit/make.git/tree/variable.c#n1090
where v.recursive = recursive due to
http://git.savannah.gnu.org/cgit/make.git/tree/variable.c#n263
where recursive = 1 due to
http://git.savannah.gnu.org/cgit/make.git/tree/variable.c#n1420
and specifically
http://git.savannah.gnu.org/cgit/make.git/tree/variable.c#n1203
as the ?= case is handled by
http://git.savannah.gnu.org/cgit/make.git/tree/variable.c#n1195
There was a problem hiding this comment.
But seriously @gpaul, thank you for tracking this down. I know there are hundreds of locations where I've used the other pattern to ensure that things are more performant. Knowing this information is truly helpful.
|
In what workflow will the If they're removing the csi package they might as well remove the |
lib/go/Makefile
Outdated
| dep: $(DEP) | ||
| endif | ||
|
|
||
| vendor: | $(DEP) |
There was a problem hiding this comment.
Shouldn't $(DEP) be a hard dependency (ie., without the |) ?
There was a problem hiding this comment.
Ah just realized that this would download dep anew every time as it's a PHONY dependency. If we let make do its job and not mark dep as PHONY then it shouldn't need to re-run that dependency every time.
There was a problem hiding this comment.
Again, this is to handle the case where dep is a phony dependency to point to an existing version of the binary.
There was a problem hiding this comment.
Also, it's an order only dependency because I don't care so much if the version of dep changes. It just needs to exist. That and vendor is a directory and you don't really want to compare a dir's mtime as Make does funny things with that. Order only dependencies are the best approach when depending on or being a dependency of a directory.
lib/go/Makefile
Outdated
| chmod 0755 "$$DEP_BIN" && \ | ||
| mv -f "$$DEP_BIN" "$@" | ||
| ifneq (./dep,$(DEP)) | ||
| dep: $(DEP) |
There was a problem hiding this comment.
I'm not sure I follow. This would expand to
dep: ./dep
And if DEP=dep is given, this will expand to
dep: dep
which will likely break.
I wonder if we shouldn't do
DEP ?= dep
...
.PHONY: $(DEP)
$(DEP):
...
ineq (dep, $(DEP))
.PHONY: dep
dep: $(DEP)
endif
vendor: dep
...
And then, looking at that, I wonder how valuable it is to have DEP configurable?
There was a problem hiding this comment.
If we drop the configurability this could be
... remove 'DEP ?= ./dep' line ...
dep:
... current contents of $(DEP)
vendor: dep
dep ...
There was a problem hiding this comment.
This is really nit-picky and I'm more than happy if this is merged as is and we revisit this with a use case if it breaks at some point.
There was a problem hiding this comment.
The point is to allow you to specify an absolute path to an existing dep binary. You would never specify just "dep" as it would be the same binary that gets downloaded.
|
Hi @gpaul, The Makefile allows the csi directory to be complete removed as its contents are wholly generated. The process should account for that. |
|
@akutz Thanks but I'm still quite confused. Removed from where? By whom and under what circumstances? What is "the process"? |
|
Hi @gpaul, The process is to run make, but if someone accidentally or on purpose nuked the csi package knowing it is generated l, the make process wouldn't put it back since dep will, by default, remove any dependencies it no longer sees in the graph. |
|
Thanks @akutz
I understand perfectly now. |
|
Hi @gpaul, FWIW, this all stems from the fact that $ dep ensure -update my.package/import
Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -updateThe above command fails with the above error even if the TOML and Lock files have not changed. The reason is described in the aforementioned issue -- this is the actual dep model:
This behavior has changed at my request as it's sometimes desirable to edit the TOML file manually before running However, the crucial point here is that if the Hence the Makefile doing |
|
Hi @gpaul, I've just rebased this PR to remove this from the Makefile: ifneq (./dep,$(DEP))
dep: $(DEP)
endifIt occurred to me that I only had this when I used to use the |
Worth a lot (to me at least)! I'll have to give it some more thought, but my immediate thought is that your initial suggestion re: |
| ] | ||
|
|
||
| [[constraint]] | ||
| branch = "master" |
There was a problem hiding this comment.
Should we target a specific revision? These can be updated periodically if needed.
| name = "github.com/golang/protobuf" | ||
|
|
||
| [[constraint]] | ||
| branch = "master" |
| DEP_BIN := dep-$$GOHOSTOS-$$GOHOSTARCH | ||
| DEP_URL := https://github.com/golang/dep/releases/download/v$(DEP_VER)/$$DEP_BIN | ||
|
|
||
| $(DEP): |
There was a problem hiding this comment.
I don't spend much time designing makefiles, but a little iffy in automatically installing a binary for people. We can add how to get dep in the README or in a contributing guide.
|
Hi @cpuguy83, Thank you very much for your comments and thorough examination of this PR! A few things:
Thank you again! |
|
I'm still iffy on the binary. We are taking something from the internet and executing it without confirmation. It wouldn't be so bad if we had a checksum to work against, but even then I think it's best to have the developer install dep. |
|
Hi @cpuguy83, I understand your concern. However, when you go get something you’re also often installing a binary from source. The Makefile is such that it won’t install dep if you define its location ahead of time. That’s what the ?= means. |
|
I am majorly 👎 on automatically downloading a binary and executing it. I know it only does it if dep is missing, but this is really kinda gross. I see we are also doing this with protoc, so... 🤷♂️ |
|
Hi @cpuguy83, I understand your concern, but we’ve already been doing this and it’s the only way to ensure a consistent and deterministic result for the generated code. Otherwise it’s up to those modifying things to configure the required versions. |
|
Wouldn't CI be able to check for this? |
|
Hi @cpuguy83, Absolutely. And it does. The purpose though is to make it easy for people modifying the spec to do just that. Look, I agree with your concerns. I do. In a lot of my own projects I manage the build dependencies in the |
| chmod 0755 "$$DEP_BIN" && \ | ||
| mv -f "$$DEP_BIN" "$@" | ||
|
|
||
| vendor: | $(DEP) |
There was a problem hiding this comment.
maybe a compromise would be a vendor: check-dep dependency, where check-dep tests for the presence of dep in the $PATH and if it's missing exits the build?
if we want to stay friendly, we could also have a target dep: | $(DEP) so that a user that's missing dep could simply invoke make dep to pull it down.
There was a problem hiding this comment.
Or we merge as is and handle it later since this adds value without detracting from any. This needs to be deterministic, period. Or bindings could be off since the tool used to grab the eps may influence the eps.
This patch introduces support for the Golang dependency management program `dep`. The changes include using a predetermined version of the gRPC plug-in for Go, `protoc-gen-go`.
|
Ping. This was opened in September of last year. Please either merge or close this. Thank you. |
|
@akutz I don't want to have an implicit pull down of a binary. |
|
Hi @cpuguy83, I understand your concern, but this is not a new behavior, and your reluctance is blocking a needed fix. We've already encountered multiple cases where the bindings are not generated correctly due to incompatible dependencies, such as |
|
@akutz Breaking it more because it's already broken is not the best argument. If we want to make sure that the correct protos are generated then we need to verify it in CI. |
|
Hi @cpuguy83,
I disagree with the idea it's broken at all.
We do today Brian, that's the point. It's troublesome, it seems, for people generating them locally when they don't have the correct dependencies in place. This PR ensures all moving parts are removed.
Travis-CI containerized builds do not allow Docker. They're much faster than Travis-CI VM builds that do allow Docker. See #181 where I created a Docker image that can be used to generate the bindings locally or on Travis. The issue is that it would mean switching Travis-CI to use the slower VM builds. |
|
I understand the issues with sudo mode in travis, but my question is why would we need sudo mode? |
|
Hi @cpuguy83, Because it makes Docker available to the build and thus Docker could be used to generate the language bindings with no dependencies. Does that make sense? If you see #181, the Docker image |
|
@akutz I think we can get the correct versions for CI without necessitating that CI runs a docker image. |
|
Hi @cpuguy83, Perhaps I'm not clear, but the goal is for devs to generate the bindings locally and then commit it and push with the PR. The CI environment then validates the generated bindings. Because we've encountered problems where devs do not have the correct dependencies locally, the Makefile ensures that they do by removing any possibility of mismatched versions. Transitioning to using Docker to generate the bindings would produce a similarly deterministic means of generating the bindings both locally and on the CI platform. Today that deterministic method is achieved via the Makefile. |
|
Of course I said it seemed like the go community was moving to dep and the go team releases vgo. |
|
We plan to use go modules in the future, so this is not needed anymore. |
This patch introduces support for the Golang dependency management program
dep. The changes include using a predetermined version of the gRPC plug-in for Go,protoc-gen-go.cc @gpaul