search

cruise-automation / isopod

An expressive DSL and framework for Kubernetes configuration without YAML
Apache License 2.0
482 stars 32 forks source link

Potential collision and risk from indirect dependence "github.com/gotestyourself/gotestyourself" #71

Open KateGo520 opened 4 years ago

KateGo520 commented 4 years ago

Background

Repo cruise-automation/isopod used the old path to import gotestyourself indirectly. This caused that github.com/gotestyourself/gotestyourself and gotest.tools coexist in this repo: https://github.com/cruise-automation/isopod/blob/master/go.mod (Line 50 & 104)

github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
gotest.tools v2.2.0+incompatible // indirect

That’s because the gotestyourself has already renamed it’s import path from "github.com/gotestyourself/gotestyourself" to "gotest.tools". When you use the old path "github.com/gotestyourself/gotestyourself" to import the gotestyourself, will reintroduces gotestyourself through the import statements "import gotest.tools" in the go source file of gotestyourself.

https://github.com/gotestyourself/gotest.tools/blob/v2.2.0/fs/example_test.go#L8 

package fs_test
import (
    …
    "gotest.tools/assert"
    "gotest.tools/assert/cmp"
    "gotest.tools/fs"
    "gotest.tools/golden"
)

"github.com/gotestyourself/gotestyourself" and "gotest.tools" are the same repos. This will work in isolation, bring about potential risks and problems.

Solution

Add replace statement in the go.mod file:

replace github.com/gotestyourself/gotestyourself => gotest.tools v2.3.0

Then clean the go.mod.

KateGo520 commented 4 years ago

@jonnylangefeld @cxuu Could you help me review this issue? Thx :p