[tor-bugs] #33953 [Applications/Tor Browser]: Provide a way for easily updating Go dependencies of projects

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 27 19:07:48 UTC 2020 

#33953: Provide a way for easily updating Go dependencies of projects
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-rbm                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by boklm):

 Replying to [comment:4 gk]:
 > Replying to [comment:3 boklm]:
 > > Replying to [comment:2 cohosh]:
 > > > > 1) Use go mod vendor to vendor in the dependencies and then build
 with -mod=vendor to use the vendor folder with the dependencies.
 > > >
 > > > How would this work? Would we have to pull from a separate snowflake
 branch that has this vendor folder checked in? If we're going to pull all
 the dependencies at once, I'd rather do something like option (3), since
 it sounds like there's already a workflow present for something similar.
 Maintaining the vendor directory sounds tricky.
 > >
 > > I think this can be done by adding a `go_mod_vendor` step, which will
 use a container with network enabled and a snowflake source tarball (from
 the same git clone) to run `go mod vendor` and generate a tarball which
 will be used as `input_files` for the snowflake build.
 >
 > That's one approach, yes. I had more the option in mind to do it like we
 handle our Rust crates. One would update all the modules and then put them
 into a .tar.bz2 file somewhere which then gets used during the build. I
 don't like the idea of using just what `go mod vendor` gives us
 automatically for building for each build but it seems you have addressed
 that with your PoC. We'd have right now duplicated repos, though, due to
 #33988, right?

 That would be separate steps from the same project, so they would use the
 same git clone. #33988 is when different projects use the same repo.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33953#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list