Bug 2224307: build: update go modules #513
Conversation
Update go modules. The primary goal is to remove the goproxy import which has security warnings. The library is not used directly or indirectly by any called Rook code, only dependency modules. Therefore, exclude it from the build. At the same time, portworx deps are starting to complicate the module update again. Rook also doesn't directly or indirectly use the portworx code, so exclude it also. Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com> (cherry picked from commit 87fc552) Signed-off-by: subhamkrai <srai@redhat.com>
openshift-ci
bot
added
bugzilla/severity-medium
|
@subhamkrai: This pull request references Bugzilla bug 2224307, which is valid. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla (apolak@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
At the same time let's also cherry-pick the commits from rook#12764. |
The go package dependencies (go.mod and go.sum) were created under the pkg/apis directory to simplify the dependencies for other projects referencing the rook repo. The downside is that the dependabot can no longer open a working and valid PR since the bot is not aware of the go.mod and go.sum in the apis directory. Since the reduction of dependencies for vault in rook#12455, the list of extra dependencies is not quite so extensive. We are putting effort into shrinking the dependency list instead of using the modules files in the apis subdirectory. Note that rook#12419 updated the dependencies for the latest controller runtime which also increased the size of the modules list in the pkgs subdirectory, which means the difference in dependencies in the pkgs subdirectory is no longer signficant anyway. Signed-off-by: travisn <tnielsen@redhat.com> (cherry picked from commit 1a4917d)
Run make go.mod.update to update the go modules to the latest references. Signed-off-by: travisn <tnielsen@redhat.com> (cherry picked from commit 138624a) Signed-off-by: subhamkrai <srai@redhat.com>
|
/approve |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: subhamkrai, travisn The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@subhamkrai: All pull requests linked via external trackers have merged: Bugzilla bug 2224307 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Update go modules. The primary goal is to remove the goproxy import which has security warnings. The library is not used directly or indirectly by any called Rook code, only dependency modules. Therefore, exclude it from the build.
At the same time, portworx deps are starting to complicate the module update again. Rook also doesn't directly or indirectly use the portworx code, so exclude it also.
(cherry picked from commit 87fc552)
Description of your changes:
Which issue is resolved by this Pull Request:
Resolves #
Checklist:
skip-cion the PR.