Open cobbr2 opened 4 years ago
We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.
The labels on this github issue will be updated when the story is started.
It's definitely about the go.mod
version statement; changing it to 1.23
makes it work. OTOH: a better error message would be very nice. And so would some strategy for dealing with multiple go
versions.
Could you give us a sample repo to reproduce the bug.
Thanks
Sure thing! https://github.com/ConsultingMD/license_finder_repro_repo . Thanks! I've stripped enough stuff out that it now tries to run both detectors, but they both fail the same way:
rcobb@rcobb-t480: (master) ~/license_finder_repro_repo$ go version
go version go1.13.9 linux/amd64
rcobb@rcobb-t480: (master) ~/license_finder_repro_repo$ dlf "go version"
go version go1.14.3 linux/amd64
rcobb@rcobb-t480: (master) ~/license_finder_repro_repo$ license_finder -p | head -5
LicenseFinder::GoModules: is active
LicenseFinder::Go15VendorExperiment: is active
Dependencies that need approval:
cloud.google.com/go, v0.38.0, "Apache 2.0"
rcobb@rcobb-t480: (master) ~/license_finder_repro_repo$ dlf "license_finder -p | head -5"
LicenseFinder::GoModules: is active
LicenseFinder::Go15VendorExperiment: is active
No dependencies recognized!
And maybe this is a clue:
rcobb@rcobb-t480: (master) ~/license_finder_repro_repo$ go list | head -2
github.com/ConsultingMD/protean-operator
rcobb@rcobb-t480: (master) ~/license_finder_repro_repo$ dlf "go list | head -2"
go: errors parsing go.mod:
/scan/go.mod:3: usage: go 1.23
+1 I am facing the same.
@cobbr2
We made a quick change to have more sensible error in go_module_error
branch. Let us know if it looks alright to you.
As for compatibility with multiple go version, we will bring it up to our team. We will let you know with further updates.
I'm scanning a go repository with a top-level
go.mod
file that looks like:(all those ·⁖ just represent a tab)
I do:
This is with version 6.6.2, with a locally customized Dockerfile to handle our system libraries. I have successfully built the module on the docker host, but the LF docker image does not build it, perhaps because it's running
go
1.14, not 1.13:If this is indeed the case, is there a way we can get a more sensible error message than just "No dependencies recognized!"? And what would you recommend as a workaround? This is only one of many
go
repos we need to scan; AFAIK, any repo could have chosen to use any version ofgo
(we're fans ofasdf
here).