The .travis.yml config currently tests the following Go versions:
go:
- 1.8
- 1.9
- "1.10"
- 1.11
- tip
This list is out-of-date, as it doesn't include recent stable releases (1.12, 1.13, 1.14) and it includes very old releases that are no longer supported or maintained by the Go team.
Each major Go release is supported until there are two newer major releases. For example, Go 1.5 was supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8 release. We fix critical problems, including critical security problems, in supported releases as needed by issuing minor revisions (for example, Go 1.6.1, Go 1.6.2, and so on).
Thus, all releases up to and including 1.12 are technically no longer supported by the Go team, since there are 2 major releases (1.13, 1.14) since then.
I would like to propose updating the list of versions to use Go 1.11 as the oldest version, as that is the first version that supports the now-standard go mod versioning system, which would be great to use to be able to pin all dependencies to known-working versions and maintain consistency between builds.
With proper use of go modules via go mod, it will automatically pull versioned dependencies, which will ensure that the builds are always stable and reproducible.
Here's the sequence of steps that I think needs to be done to fix this:
[x] update the .travis.yml to add newer Go versions and remove versions below 1.12
[x] add an initial go.mod file to the repo with versioned dependencies
[x] remove the manual installation steps from .travis.yml as they are no longer needed
I'm happy to make these changes and will propose a PR shortly.
Update: during the development of the PR, I noticed that one of the indirect dependencies has Go 1.12 as the lowest version that it supports, so I dropped Go 1.11 from the list of supported versions as well.
The
.travis.ymlconfig currently tests the following Go versions:This list is out-of-date, as it doesn't include recent stable releases (1.12, 1.13, 1.14) and it includes very old releases that are no longer supported or maintained by the Go team.
According to the Go release policy:
Thus, all releases up to and including 1.12 are technically no longer supported by the Go team, since there are 2 major releases (1.13, 1.14) since then.
I would like to propose updating the list of versions to use Go 1.11 as the oldest version, as that is the first version that supports the now-standard
go modversioning system, which would be great to use to be able to pin all dependencies to known-working versions and maintain consistency between builds.This is very useful as the most recent build on the
masterbranch failed due to an error in one of the dependencies, since thego getcommands in theinstallsection of.travis.ymlget all dependencies from themasterbranch, which don't always work, and will change between invocations, making them non-reproducible.With proper use of go modules via
go mod, it will automatically pull versioned dependencies, which will ensure that the builds are always stable and reproducible.Here's the sequence of steps that I think needs to be done to fix this:
.travis.ymlto add newer Go versions and remove versions below 1.12go.modfile to the repo with versioned dependencies.travis.ymlas they are no longer neededI'm happy to make these changes and will propose a PR shortly.
Update: during the development of the PR, I noticed that one of the indirect dependencies has Go 1.12 as the lowest version that it supports, so I dropped Go 1.11 from the list of supported versions as well.