search

gocsaf / csaf

Tools to download or provide CSAF (Common Security Advisory Framework) documents.
https://csaf.io
40 stars 23 forks source link

Complete repo move #579

Open tschmidtb51 opened 3 weeks ago

tschmidtb51 commented 3 weeks ago

As the repo moved to gocsaf/csaf we need to complete that by finding all references in this repo and adapt them.

bernhardreiter commented 3 weeks ago

The package name SHOULD be so that both paths work for the time being.

bernhardreiter commented 3 weeks ago

We need to adjust our module directive in go.mod so that importing from the new go path works.

Once we do this in the main branch, but not in a released version, it works by giving the explicit development dependency to go get. (I will check if this is better to be done in a single or in separate merge requests.)

To make it work for a regular go get https://github.com/gocsaf/csaf@latest we need to have a released version.

When we have a released version with minor or patch level (like v3.0.1 or v3.1.0), the possibility of upgrades for the old path is gone. New uses of the old path will only be possible by explicitly giving the old revision @v3.0.0 to go get . As we want people to move, it is okay and even good if they stumble upon the situation when doing an explicit upgrade of their dependencies.

adjust checked-out git repos

Works like

 git remote -v
origin  https://github.com/csaf-poc/csaf_distribution (fetch)
origin  https://github.com/csaf-poc/csaf_distribution (push)
 git remote set-url origin https://github.com/gocsaf/csaf
 git remote -v
origin  https://github.com/gocsaf/csaf (fetch)
origin  https://github.com/gocsaf/csaf (push)
koplas commented 2 weeks ago

It is now possible to use the new path of the csaf library using this command: go get github.com/gocsaf/csaf/v3

thiha-min-thant commented 2 weeks ago

Hi @koplas , this command: go get github.com/gocsaf/csaf/v3 is not working for me. Am I missing something?

Screenshot 2024-11-06 at 1 00 04 PM
bernhardreiter commented 2 weeks ago

@thiha-min-thant my earlier testing suggested that you would need to give a git revision, too. However @koplas tests gave a different result, we will try to find out today where the difference is.

koplas commented 2 weeks ago

Hi @koplas , this command: go get github.com/gocsaf/csaf/v3 is not working for me. Am I missing something?

My bad, the correct command is: go get github.com/gocsaf/csaf/v3@main until a next version of gocsaf/csaf is released. After tagging a new version it should be possible to download using go get github.com/gocsaf/csaf/v3.

thiha-min-thant commented 2 weeks ago

Hi @bernhardreiter and @koplas ,

Thanks for the clarification! Do you have an estimate for the next release date? It would be helpful to know when we might switch to using a tagged version. Appreciate it!

bernhardreiter commented 2 weeks ago

Hi @thiha-min-thant, thanks for your interest and patience!

Do you have an estimate for the next release date?

It is high on our list, so it is likely in (iso) calender week 47. But it maybe earlier or later in November.