apps
/
urtrator
Archived
2
0
Fork 0
Code Issues 22 Pull Requests Packages Projects Releases 8 Wiki Activity

adds vendor directory #36

Closed
bsdlp wants to merge 1 commits from bikeshedding/vendor into master
pull from: bikeshedding/vendor
merge into: apps:master
Conversation 5 Commits 1 Files Changed 2173 +2312028
bsdlp commented 2017-05-15 07:40:18 +05:00 (Migrated from github.com)
Copy Link

vendors dependencies in standard vendor directory, managed by glide

vendors dependencies in standard `vendor` directory, managed by [glide](https://github.com/Masterminds/glide)
pztrn commented 2017-05-15 12:12:38 +05:00
Copy Link

As I can see you haven't ignored vendor directory contents and imported whole source tree of each dependency. This is a very bad practice and I will not accept this PR.

If you want to add dependencies locking and tracking you can take a look at tool that will be included in Golang: https://github.com/golang/dep.

As I can see you haven't ignored vendor directory contents and imported whole source tree of each dependency. This is a very bad practice and I will not accept this PR. If you want to add dependencies locking and tracking you can take a look at tool that will be included in Golang: https://github.com/golang/dep.
bsdlp commented 2017-05-15 13:15:06 +05:00 (Migrated from github.com)
Copy Link

on the contrary importing the vendor folder is very much an accepted best practice. it allows for repeatable builds.

golang/dep has its share of problems and while i look forward to the day when it is production ready, as of today (2017-05-15) golang/dep is in ALPHA
screen shot 2017-05-15 at 01 13 47

on the contrary importing the `vendor` folder is [very much](https://github.com/aws/aws-sdk-go/tree/master/vendor/github.com) an [accepted](https://github.com/moby/moby/tree/master/vendor) best [practice](https://github.com/hashicorp/consul/tree/master/vendor). it allows for repeatable builds. golang/dep has its share of problems and while i look forward to the day when it is production ready, as of today (2017-05-15) golang/dep is in ALPHA <img width="877" alt="screen shot 2017-05-15 at 01 13 47" src="https://cloud.githubusercontent.com/assets/744549/26048411/d4756ea6-390b-11e7-853e-304864574b79.png">
pztrn commented 2017-05-15 15:08:08 +05:00
Copy Link

Reproducible builds can be achieved without importing dependencies source code into repository by checking out required version (revision, etc.) of dependency. Glide (govendor, etc.) allows to do that. I do not want to make this repository to be megabytes of weight.

Reproducible builds can be achieved without importing dependencies source code into repository by checking out required version (revision, etc.) of dependency. Glide (govendor, etc.) allows to do that. I do not want to make this repository to be megabytes of weight.
bsdlp commented 2017-05-16 04:24:57 +05:00 (Migrated from github.com)
Copy Link

would you agree that even if the dependencies were not included in the vendor directory the user would need to pull down the same dependencies?

relying on a version pinned (but not vendored) by glide or other tool is not a guarantee that the build will be reproducible. see left-pad

would you agree that even if the dependencies were not included in the vendor directory the user would need to pull down the same dependencies? relying on a version pinned (but not vendored) by glide or other tool is not a guarantee that the build will be reproducible. see [left-pad](http://blog.npmjs.org/post/141577284765/kik-left-pad-and-npm)
pztrn commented 2017-05-16 11:30:42 +05:00
Copy Link

Of course, you also have to do some more things (like placing source of URTrator in specific directory). But pinned versions is enough for that. And, as you can see in blog post linked by you, failures was happened because someone unpublished his package and due to inability to use old package versions.

Making reproducible builds is planned, of course, but not like you proposed, because this will make repository be (eventually) measured in hundreds of megabytes, which is bad.

Of course, you also have to do some more things (like placing source of URTrator in specific directory). But pinned versions is enough for that. And, as you can see in blog post linked by you, failures was happened because someone unpublished his package and due to inability to use old package versions. Making reproducible builds is planned, of course, but not like you proposed, because this will make repository be (eventually) measured in hundreds of megabytes, which is bad.
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
feature-request

   
help wanted

   
invalid

   
question

   
wontfix
No Label
bug
duplicate
enhancement
feature-request
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: apps/urtrator#36
No description provided.
Delete Branch "bikeshedding/vendor"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?