Closed ldez closed 3 weeks ago
lasiar
commented
3 weeks ago @ldez, Hi!
Yes, v1.0.7 is recreating, is it problem?
About PR to v1: The main branch will v2, and for golangci-lint 1.59.0. I create the branch v1 for fixes bugs, for maintaining backward compatibility.
ldez
commented
3 weeks ago Yes, v1.0.7 is recreating, is it problem?
Yes it's a major problem, a tag for a module should never be recreated (verifying module: checksum mismatch).
$ docker run --rm -it golang:1.22-alpine sh
/go # go env -w GOPROXY=direct
/go # cd ..
/ # mkdir foo && cd $_
/foo # go mod init example.com/foo
go: creating new go.mod: module example.com/foo
/foo # apk add -q git
/foo # go get github.com/lasiar/canonicalheader@v1.0.7
go: downloading github.com/lasiar/canonicalheader v1.0.7
go: github.com/lasiar/canonicalheader@v1.0.7: verifying module: checksum mismatch
downloaded: h1:fiXWB5G7EXzCfGEryAgoeYjITDxzl4kM4DBGFwfmtM8=
sum.golang.org: h1:3xjg7XR2JVptNjOF5Xx3SZmo0Z6tbszJkBh3bng6T8U=
SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.
/foo # My recommendations:
v1 inside mainldez
commented
3 weeks ago A major version (like v2) should only be created if there are breaking changes.
Your linter doesn't have a configuration, so it cannot be breaking.
lasiar
commented
3 weeks ago If I create v1.0.8, this will solve the problem?
I'm planning: all tags v1.x.x from the v1 branch all tags v2.x.x from the v2 branch
ldez
commented
3 weeks ago Why do you want to create a major version?
You need to create a minor version when you add new features, not a major.
lasiar
commented
3 weeks ago Add configuration: permit list for headers
ldez
commented
3 weeks ago So it's just a feature, no breaking changes here.
ldez
commented
3 weeks ago Configuration example:
canonical-header:
useDefaultExclusion: true
exclusions:
- foo
- barThere are no breaking changes, it's just a new feature.
A breaking change can be:
Adding an option is not a breaking change if the default behavior and the exposed API stay the same.
ldez
commented
3 weeks ago Maybe it's because you want to change the API, but the analyzer can have configuration without changing the public API: Analyzer.Flags
lasiar
commented
3 weeks ago I create v1.1.1 release and tag.
lasiar
commented
3 weeks ago @ldez, thanks!
ldez
commented
3 weeks ago Just for the information: removing a tag is not enough to "remove" a module version, you should retract the version.
https://go.dev/ref/mod#go-mod-file-retract
https://pkg.go.dev/github.com/lasiar/canonicalheader@v1.0.7
Once inside the GoProxy a version cannot be removed but only retracted.
In your context, I don't think you need to do it but I just wanted to share the good practices.
lasiar
commented
3 weeks ago Thanks!
I don't work on open source before, only private repo in private instance GitLab...
canonicalheader@v1.1.1 include golangci-lint@v1.58.2 or golangci-lint@v1.59.0
In v1.56.1 errcheck updated from 1.6.3 to 1.7.0
ldez
commented
3 weeks ago I review every linter update and I decide based on the changes if it should be a part of the next minor or the next patch.
v1.1.1 will be in the next release patch.
ldez
commented
3 weeks ago I consider the problem as fixed, thank you for your reactivity :heart:
I think the tag has been recreated, so the content of this release is corrupted. A version of a module should never be recreated.
The content of the module `github.com/lasiar/canonicalheader@v1.0.7`
``` . ├── analyzer.go ├── analyzer_test.go ├── cmd │ └── canonicalheader │ └── main.go ├── go.mod ├── go.sum ├── LICENCE ├── makefile ├── README.md └── testdata └── src ├── alias │ ├── alias.go │ └── alias.go.golden ├── common │ ├── common.go │ └── common.go.golden ├── embedded │ ├── embedded.go │ └── embedded.go.golden ├── global │ ├── global.go │ ├── global_usage.go │ └── global_usage.go.golden └── struct ├── struct.go └── struct.go.golden 10 directories, 19 files ```The content of the current tag v1.0.7
``` . ├── analyzer.go ├── analyzer_test.go ├── cmd │ ├── canonicalheader │ │ └── main.go │ └── initialismer │ └── main.go ├── go.mod ├── go.sum ├── initialism.go ├── LICENCE ├── makefile ├── README.md └── testdata └── src ├── alias │ ├── alias.go │ └── alias.go.golden ├── common │ ├── common.go │ └── common.go.golden ├── embedded │ ├── embedded.go │ └── embedded.go.golden ├── global │ ├── global.go │ ├── global_usage.go │ └── global_usage.go.golden ├── initialism │ └── initialism.go └── struct ├── struct.go └── struct.go.golden 12 directories, 22 files ```Also, one of the PRs has been merged inside a branch
v1and not insidemain, I guess it was an attempt not to create a minor release without features.