It’s time for the weekly
News and Such
The move to TOML for the manifest and lock files appears to have gone pretty smoothly - or at least, nobody’s been complaining about it in the issue queue. Which is lovely!
We’ve got consent from all of gps’ contributors, so we (read: the awesome @kris-nova) are going to begin the process of moving gps directly into dep this week. Note that if you’re watching the dep repo’s issues, this may blow up your feed, as migration will include moving over all of gps’ 40+ open issues.
Our big goal right now remains stabilizing the manifest and lock metadata files, so that people can safely begin really committing those files and using
dep in earnest. To that end, my
dep energy this week is going to be primarily focused on teasing out the manifest and lock-level needs for OS/arch/build tag parameterization, as it’s possible that proper handling could entail backwards-incompatible changes to the metadata files.
Community Attention Needed!
Here’s this week’s big three:
- We’re still DIRELY in need of folks to help with docs. There’s an issue, but not a lot of structure yet. You can also just ping me (@sdboyer) in #vendor on Slack!
- We decided two months ago to move away from using the CLI as the main UI for managing Gopkg.toml. I’ve made a bunch of progress on the new command spec that we’ve needed ever since the committee agreed to move towards hand-editing the Gopkg.toml file. Specifically,
dep ensureis now mostly specced out, in implementable detail. Feedback on the spec itself is welcome (of course!), but it’s probably worth beginning to iterate on it as-is, as it enables a killer feature - the ability to safely target just a subset of dependencies for updating at a time:
dep ensure -update github.com/foo/bar github.com/baz/qux.
- After some discussion on one of our more meta issues, @myitcv has been working on precisely formalizing the terms and set relationships that undergird dep. If there are folks out there who feel itchy without more precise definitions (and I know there are!), this could be a great place to join in. (But remember, that doc is very much a WIP!)
Stuff We’ve 🚢ed
- @y0ssar1an introduced staticcheck into the
- @tro3 added parallelism to
dep’s main integration testing harness, dropping test running time for that subset from >30s to around 5s.
- We merged in newer versions of gps, addressing data races that were causing some intermittent panics. We should now also gracefully handle the case of running
dep initwith unpushed commits on your GOPATH.
- We’ve now got WIP PRs up against our upstream semver library that will allow implicit carets in version constraints. This is an important part of our overall strategy to guard against unnecessarily narrow constraint declarations, which create both the risk of an overly-constricted ecosystem of constraints and exponential explosions in the solver.
There were a bunch of other PRs, too, but I’m trying to keep this brief 😄
Also, a big thank-you to @carolynvs for all the PR and issue reviews she’s done since I asked for help with last week’s update!