-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong version of go dependency being built into the binary #1977
Comments
Could you try to make a reproducer? If that's too difficult, could you perhaps try Gazelle commits between 0.39.0 and 0.40.0 so that we get a better understanding of what's happening here? |
@fmeum sure. what's the best way to use an untagged version (a version between 0.39.0 and 0.40.0) with bzlmod? |
You can check out the Gazelle repo locally and use a |
|
Actually fsnotify is also used by gazelle and that's the commit bumped it to 1.8.0: bf8c993#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R11 I wonder if that's the issue. |
Here's a minimal reproducer:
with gazelle at 0.39.0 or other versions before bf8c993, we got one sha256 of the binary:
with 0.40.0 or versions after bf8c993, we got a different sha256 of the binary (and also a debug warning):
|
Thanks for providing the reproducer. This does look like it's working as intended: Gazelle performs minimum version selection among all Bazel modules that declare Go deps and happens to be one of those. It does even show you a warning that you can optionally turn into an error with If you need a specific version, you can try using a replace directive in |
gazelle is not in the dependency tree of the go project (it's used by the build system), so I'm not sure why mixing gazelle's dependency to go project's dependency is working as intended. This at least makes |
I can understand that this is somewhat unexpected, but Gazelle needs to be in the same dep tree so that you can safely build language plugins for it. We try to keep Gazelle's deps minimal and can also forego updating them in the future unless required for new functionality. You can almost have |
hmm go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
go_deps.from_file(go_mod = "//:go.mod")
go_deps.config(check_direct_dependencies = "error")
go_deps.gazelle_default_attributes(
directives = [
"gazelle:proto disable",
],
)
use_repo(
go_deps,
...
) |
or maybe that only works for direct dependencies, and won't work for indirect dependencies? (in minimal reproducer it's direct dependency, for the bigger project it's an indirect one) |
After changing the minimal reproducer to make fsnotify an indirect dependency, confirmed that |
The check only triggers for direct dependencies. The underlying idea is that if you care about the version of a particular dep, then it should be a direct dep (or I have a PR out that downgrades Go deps and disables the automatic update for future releases. I will cut a patch release. |
I was hoping to rely on But the downgrade in gazelle itself can certainly help mitigate this issue to some level 👍 |
**What type of PR is this?** Bug fix **What package or component does this PR mostly affect?** `go_deps` **What does this PR do? Why is it needed?** With Bzlmod now being the primary way Gazelle is used, we should no longer update the Go dependencies with each release as this just reduces the amount of flexibility afforded to dependent projects. Thanks to MVS, they can easily force newer versions. Also test with Bazel 8.0.0rc2 in BCR presubmit. **Which issues(s) does this PR fix?** Work towards #1977 **Other notes for review**
What version of gazelle are you using?
0.40.0
What version of rules_go are you using?
0.50.1
What version of Bazel are you using?
7.4.1
Does this issue reproduce with the latest releases of all the above?
Those are latest releases.
What operating system and processor architecture are you using?
linux/amd64
What did you do?
fsnotify v1.8.0 has a bug that would cause panic (fsnotify/fsnotify#652)
We are seeing this bug in our system after we upgraded gazelle from 0.39.0 to 0.40.0:
Despite that we actually should be using v1.7.0 (which does not have this bug):
We know it's fsnotify v1.8.0 being built into the binary because the line number (
backend_inotify.go:368
) in the call stack only makes sense in v1.8.0:https://github.com/fsnotify/fsnotify/blob/v1.8.0/backend_inotify.go#L368
in v1.7.0 that line is a comment:
https://github.com/fsnotify/fsnotify/blob/v1.7.0/backend_inotify.go#L368
Reverting gazelle back to 0.39.0 fixed the issue (we are no longer seeing the panics).
What did you expect to see?
What did you see instead?
The text was updated successfully, but these errors were encountered: