#33953: Provide a way for easily updating Go dependencies of projects
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-rbm | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cohosh):
> 1) Use go mod vendor to vendor in the dependencies and then build with
-mod=vendor to use the vendor folder with the dependencies.
How would this work? Would we have to pull from a separate snowflake
branch that has this vendor folder checked in? If we're going to pull all
the dependencies at once, I'd rather do something like option (3), since
it sounds like there's already a workflow present for something similar.
Maintaining the vendor directory sounds tricky.
> I think it's worth attempting to exclude go module dependencies that are
not needed.
My thought now is that if we go with options (1) or (3) this might not
matter so much. Since the dependencies aren't used to build the binary,
it's not like they are contributing to binary size. It was more a pain
point from a maintenance and rbm project blowup perspective. It added to
the size of the rbm repository and increased build time. But if we're
doing (1) or (3) these aren't a concern anymore if I am understanding
correctly.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33953#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online