search

oligot / go-mod-upgrade

Update outdated Go dependencies interactively
MIT License
894 stars 42 forks source link

Error running go command to discover modules: exit status 1 stderr=go: loading module retractions for k8s.io/api@v0.26.2: module k8s.io/api@v0.30.0 requires go >= 1.22.0 (running go 1.21.7; GOTOOLCHAIN=local) #52

Open thediveo opened 5 months ago

thediveo commented 5 months ago

Ah, the Go "toolchain" gift that keeps up giving. Consider a dependency for k8s.io/api@v0.26.2 which has a go 1.21 in its go.mod, whereas k8s.io/api@v0.30.0 throws a spanner into the works by using go 1.22.0. Now, any attempt at go-mod-upgrade crashes and burns with

Error running go command to discover modules: exit status 1 stderr=go: loading module retractions for k8s.io/api@v0.26.2: module k8s.io/api@v0.30.0 requires go >= 1.22.0 (running go 1.21.7; GOTOOLCHAIN=local)

Is there a way around this so that go-mod-upgrade tries to use the latest upgrade that doesn't trigger the toolchain problems?

oligot commented 4 months ago

As explained in the toolchain doc, your go.mod should specify a go version greater than or equal to version 1.22.0, if one of your dependencies has a version 1.22.0 in it's go.mod file.

This can be done by running the command: go get go@1.22 which will update the go version in go.mod, as well as downloading go version 1.22 if you are using a go version less than 1.22

thediveo commented 4 months ago

I'm afraid we're not yet on the same page of the book. What if I can't upgrade my module yet to 1.22 minimum, because of a N and N-1 version support? Also downloading a toolchain inside a CI/CD pipeline looks like the opposite of reproducible builds, when you're amidstream module and not a leaf application module...

I would like to still being able to upgrade dependencies that don't require upgrading the toolchain. At the moment, it seems that go-mod-upgrade can't handle this situations, because it errors out completely. Do you see a way to support in the future dependeny upgrades up to the ceiling of a toolchain upgrade?

oligot commented 4 months ago

AFAIK, the go command used to find dependencies updates (which is used internally by go-mod-upgrade) doesn’t expose what’s needed for your use case. If that’s true, the only option you have right now is create an issue in the golang repo and hope the go team implements what’s needed for this to work. Then we could incorporate this in go-mod-upgrade.

thediveo commented 4 months ago

I've created a new post Upgrading to latest version of dependency without upgrading toolchain? in the golang-nuts forum. Let's see if this turns up something useful.

thediveo commented 4 months ago

forum was deaf, but there's a fresh issue https://github.com/golang/go/issues/67574 now for the go repo that looks as if would fix this.