-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce a Go workspace #18409
Comments
High level I support this. I raised this about 3 years ago #13478, but go workspace wasn't widely used at that time. It should good timing now. |
This was discussed during the community meeting. I'll draft a document to discuss options for implementing this change. |
I'm sorry it took me a very long time to draft the previously mentioned document. Here's the draft: https://docs.google.com/document/d/1Vpb0SosYT05YsBsgfJFzOAbSgitd1BcFOQzjEARaQyM. @ahrtr, PTAL and let me know your thoughts. |
Based on the discussion in our yesterday's community meeting, we can create a separate branch (i.e
|
I have some etcd meeting videos to edit and upload from last couple weeks, will watch recording then comment but at face value it seems reasonable provided everyone is on board. |
I'll start by breaking this up into smaller tasks. After that, I'll try to recruit some people to help. Then, we'll be able to proceed with the branch and pause dependabot. |
What would you like to be added?
After discussing this in last week's community meeting and based on feedback from the Go team (golang/go#68254) due to the vulnerability (GHSA-5x4g-q5rc-36jp / golang/vulndb#2952), there are several benefits to introducing a Go workspace in the project, and one of the biggest motivations is to simplify the test scripts.
I have a branch with the
go.workspace
(diff). It requires changes in the build scripts and the test libraries. It still doesn't work, but there's some progress.I mostly based it on how kubernetes/kubernetes defines the Go workspace. However, from golang/go#68254 and the motivation to have
govulncheck
spot vulnerabilities within our modules, their suggestion is to removereplaces
pointing to local code ingo.mod
s, but k/k still has these replaces.I wanted to open up the discussion to get feedback and/or implementation ideas.
Why is this needed?
To improve the code quality and to spot vulnerabilities in our code firsthand.
The text was updated successfully, but these errors were encountered: