search

phase2 / rig

Outrigger command line tool
MIT License
11 stars 8 forks source link

dep ensure --update to pick up a new gospinner and other things #173

Closed dnmurray closed 6 years ago

dnmurray commented 6 years ago

gospinner has a new release tag, to address https://github.com/phase2/rig/issues/160. Did a dep ensure --update and picked up that and a few other changes. This should be part of the next RC so we can get some testing done.

febbraro commented 6 years ago

I see a lock file was updated, but what about the Gopkg.toml file?

dnmurray commented 6 years ago

dep ensure --update didn't make any changes, and I didn't make any changes. I didn't delve real deep in how semantic version matches are happening, but it did pick up the update to gospinner and the other packages, without me changing the .toml file. On current master:

rig$ dep ensure -update
Warning: the following project(s) have [[constraint]] stanzas in Gopkg.toml:

  ✗  github.com/mattn/go-isatty

However, these projects are not direct dependencies of the current project:
they are not imported in any .go files, nor are they in the 'required' list in
Gopkg.toml. Dep only applies [[constraint]] rules to direct dependencies, so
these rules will have no effect.

Either import/require packages from these projects so that they become direct
dependencies, or convert each [[constraint]] to an [[override]] to enforce rules
on these projects, if they happen to be transitive dependencies,

rig$ git status
On branch master
Your branch is up to date with 'origin/master'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git checkout -- <file>..." to discard changes in working directory)

        modified:   Gopkg.lock

no changes added to commit (use "git add" and/or "git commit -a")
febbraro commented 6 years ago

What about if you delete the vendor directory and do a dep ensure does it capture the correct version? I'm guessing a clean install may not, so we would need to update the .toml file too

dnmurray commented 6 years ago

Verified that we needed to update the .toml file (I created a fresh install to test, and dep ensure just brought down the pinned packages). yaml.v2 got updated in the original dep ensure but since the .toml file specifies a branch and not a version, I didn't change that.