-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GoMod: Improve detecting the VCS info of packages #5555
Labels
analyzer
About the analyzer tool
Comments
fviernau
added a commit
that referenced
this issue
Feb 21, 2023
Previously, ORT's GoMod integration had a rudimentary (re-)implementation of the Go toolings' logic for resolving the VCS infos for the dependencies, covering only the more common use cases. For example, the implementation is VCS host specific and cannot handle mono repository setup at all, without an ugly workaround in the downloader, see [1]. Furthermore, I expect many not yet known issues in the more uncommon use cases. Avoid all these issue by just relying on the VCS info resolution of the Go tooling. Note that as of Go 1.19, the `.info` files under '$GOPATH/pkg/mod' are guaranteed to contain the VCS info of the modules in case no Go proxy is used [2]. For now that information is only accessible by parsing the files directly, but there are plans to make this information available via the command line tools like `go list -json`. Fixes: #5555. [1]: https://github.com/oss-review-toolkit/ort/blob/1dc5c54de3630f0f1249a7ec56ce0a3ba87ac5f1/downloader/src/main/kotlin/VersionControlSystem.kt#L361-L366 [2]: golang/go#44742 (comment) [3]: golang/go#18387 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this issue
Feb 21, 2023
Previously, ORT's GoMod integration had a rudimentary (re-)implementation of the Go toolings' logic for resolving the VCS infos for the dependencies, covering only the more common use cases. For example, the implementation is VCS host specific and cannot handle mono repository setup at all, without an ugly workaround in the downloader, see [1]. Furthermore, I expect many not yet known issues in the more uncommon use cases. Avoid all these issue by just relying on the VCS info resolution of the Go tooling. Note that as of Go 1.19, the `.info` files under '$GOPATH/pkg/mod' are guaranteed to contain the VCS info of the modules in case no Go proxy is used [2]. For now that information is only accessible by parsing the files directly, but there are plans to make this information available via the command line tools like `go list -json`. Fixes: #5555. [1]: https://github.com/oss-review-toolkit/ort/blob/1dc5c54de3630f0f1249a7ec56ce0a3ba87ac5f1/downloader/src/main/kotlin/VersionControlSystem.kt#L361-L366 [2]: golang/go#44742 (comment) [3]: golang/go#18387 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this issue
Feb 21, 2023
Previously, ORT's GoMod integration had a rudimentary (re-)implementation of the Go toolings' logic for resolving the VCS infos for the dependencies, covering only the more common use cases. For example, the implementation is VCS host specific and cannot handle mono repository setups at all, without an ugly workaround in the downloader, see [1]. Furthermore, I expect many not yet known issues in the more uncommon use cases. Avoid all these issues by just relying on the VCS info resolution of the Go tooling. Note that as of Go 1.19, the `.info` files under '$GOPATH/pkg/mod' are guaranteed to contain the VCS info of the modules in case no Go proxy is used [2]. For now that information is only accessible by parsing the files directly, but there are plans to make this information available via the command line tools like `go list -json` [3]. Fixes: #5555. [1]: https://github.com/oss-review-toolkit/ort/blob/1dc5c54de3630f0f1249a7ec56ce0a3ba87ac5f1/downloader/src/main/kotlin/VersionControlSystem.kt#L361-L366 [2]: golang/go#44742 (comment) [3]: golang/go#18387 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this issue
Feb 22, 2023
Previously, ORT's GoMod integration had a rudimentary (re-)implementation of the Go toolings' logic for resolving the VCS infos for the dependencies, covering only the more common use cases. For example, the implementation is VCS host specific and cannot handle mono repository setups at all, without an ugly workaround in the downloader, see [1]. Furthermore, I expect many not yet known issues in the more uncommon use cases. Avoid all these issues by just relying on the VCS info resolution of the Go tooling. Note that as of Go 1.19, the `.info` files under '$GOPATH/pkg/mod' are guaranteed to contain the VCS info of the modules in case no Go proxy is used [2]. For now that information is only accessible by parsing the files directly, but there are plans to make this information available via the command line tools like `go list -json` [3]. Fixes: #5555. [1]: https://github.com/oss-review-toolkit/ort/blob/1dc5c54de3630f0f1249a7ec56ce0a3ba87ac5f1/downloader/src/main/kotlin/VersionControlSystem.kt#L361-L366 [2]: golang/go#44742 (comment) [3]: golang/go#18387 Signed-off-by: Frank Viernau <[email protected]>
This does seem to be true anymore as your #6529 proposes a fix while golang/go#18387 is still unresolved, right? |
fviernau
added a commit
that referenced
this issue
Feb 22, 2023
Previously, ORT's GoMod integration had a rudimentary (re-)implementation of the Go toolings' logic for resolving the VCS infos for the dependencies, covering only the more common use cases. For example, the implementation is VCS host specific and cannot handle mono repository setups at all, without an ugly workaround in the downloader, see [1]. Furthermore, I expect many not yet known issues in the more uncommon use cases. Avoid all these issues by just relying on the VCS info resolution of the Go tooling. Note that as of Go 1.19, the `.info` files under '$GOPATH/pkg/mod' are guaranteed to contain the VCS info of the modules in case no Go proxy is used [2]. For now that information is only accessible by parsing the files directly, but there are plans to make this information available via the command line tools like `go list -json` [3]. Fixes: #5555. [1]: https://github.com/oss-review-toolkit/ort/blob/1dc5c54de3630f0f1249a7ec56ce0a3ba87ac5f1/downloader/src/main/kotlin/VersionControlSystem.kt#L361-L366 [2]: golang/go#44742 (comment) [3]: golang/go#18387 Signed-off-by: Frank Viernau <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
BLOCKED BY BELOW TICKETS
ORT's logic for determining VCS info currently works only for GitHub. It does not re-use the (non-trivial) logic from the tooling.
As soon as the following tickets are completed / released, we can use the Go tooling to get the VCS info.
That would make VCS detection finally work and setting the source artifact URL can be dropped.
The text was updated successfully, but these errors were encountered: