Closed ldez closed 3 weeks ago
@ldez, Hi!
Yes, v1.0.7 is recreating, is it problem?
About PR to v1: The main branch will v2, and for golangci-lint 1.59.0. I create the branch v1 for fixes bugs, for maintaining backward compatibility.
Yes, v1.0.7 is recreating, is it problem?
Yes it's a major problem, a tag for a module should never be recreated (verifying module: checksum mismatch).
$ docker run --rm -it golang:1.22-alpine sh
/go # go env -w GOPROXY=direct
/go # cd ..
/ # mkdir foo && cd $_
/foo # go mod init example.com/foo
go: creating new go.mod: module example.com/foo
/foo # apk add -q git
/foo # go get github.com/lasiar/canonicalheader@v1.0.7
go: downloading github.com/lasiar/canonicalheader v1.0.7
go: github.com/lasiar/canonicalheader@v1.0.7: verifying module: checksum mismatch
downloaded: h1:fiXWB5G7EXzCfGEryAgoeYjITDxzl4kM4DBGFwfmtM8=
sum.golang.org: h1:3xjg7XR2JVptNjOF5Xx3SZmo0Z6tbszJkBh3bng6T8U=
SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.
/foo #
My recommendations:
v1
inside main
A major version (like v2) should only be created if there are breaking changes.
Your linter doesn't have a configuration, so it cannot be breaking.
If I create v1.0.8, this will solve the problem?
I'm planning: all tags v1.x.x from the v1 branch all tags v2.x.x from the v2 branch
Why do you want to create a major version?
You need to create a minor version when you add new features, not a major.
Add configuration: permit list for headers
So it's just a feature, no breaking changes here.
Configuration example:
canonical-header:
useDefaultExclusion: true
exclusions:
- foo
- bar
There are no breaking changes, it's just a new feature.
A breaking change can be:
Adding an option is not a breaking change if the default behavior and the exposed API stay the same.
Maybe it's because you want to change the API, but the analyzer can have configuration without changing the public API: Analyzer.Flags
I create v1.1.1 release and tag.
@ldez, thanks!
Just for the information: removing a tag is not enough to "remove" a module version, you should retract the version.
https://go.dev/ref/mod#go-mod-file-retract
https://pkg.go.dev/github.com/lasiar/canonicalheader@v1.0.7
Once inside the GoProxy a version cannot be removed but only retracted.
In your context, I don't think you need to do it but I just wanted to share the good practices.
Thanks!
I don't work on open source before, only private repo in private instance GitLab...
canonicalheader@v1.1.1
include golangci-lint@v1.58.2
or golangci-lint@v1.59.0
In v1.56.1 errcheck
updated from 1.6.3 to 1.7.0
I review every linter update and I decide based on the changes if it should be a part of the next minor or the next patch.
v1.1.1 will be in the next release patch.
I consider the problem as fixed, thank you for your reactivity :heart:
I think the tag has been recreated, so the content of this release is corrupted. A version of a module should never be recreated.
The content of the module `github.com/lasiar/canonicalheader@v1.0.7`
``` . ├── analyzer.go ├── analyzer_test.go ├── cmd │ └── canonicalheader │ └── main.go ├── go.mod ├── go.sum ├── LICENCE ├── makefile ├── README.md └── testdata └── src ├── alias │ ├── alias.go │ └── alias.go.golden ├── common │ ├── common.go │ └── common.go.golden ├── embedded │ ├── embedded.go │ └── embedded.go.golden ├── global │ ├── global.go │ ├── global_usage.go │ └── global_usage.go.golden └── struct ├── struct.go └── struct.go.golden 10 directories, 19 files ```The content of the current tag v1.0.7
``` . ├── analyzer.go ├── analyzer_test.go ├── cmd │ ├── canonicalheader │ │ └── main.go │ └── initialismer │ └── main.go ├── go.mod ├── go.sum ├── initialism.go ├── LICENCE ├── makefile ├── README.md └── testdata └── src ├── alias │ ├── alias.go │ └── alias.go.golden ├── common │ ├── common.go │ └── common.go.golden ├── embedded │ ├── embedded.go │ └── embedded.go.golden ├── global │ ├── global.go │ ├── global_usage.go │ └── global_usage.go.golden ├── initialism │ └── initialism.go └── struct ├── struct.go └── struct.go.golden 12 directories, 22 files ```Also, one of the PRs has been merged inside a branch
v1
and not insidemain
, I guess it was an attempt not to create a minor release without features.