remove pinning of versions #84

drewwells · 2021-03-02T19:49:48Z

Code that templates out applications with no migration path should
not pin versions. It invariably leads to code that stagnates on
outdated versions of tools.

Removed the masking of makefile output. It provides little value
and makes it harder to debug what make is doing.

kd7lxl · 2021-03-03T22:53:05Z

atlas/templates/Makefile.common.gotmpl


 .PHONY test: test-atlas
 test-atlas: fmt-atlas
 	$(GO_RUNNER) go test $(GO_TEST_FLAGS) $(GO_PACKAGES)

 docker-atlas:
-	@docker build -f $(SERVER_DOCKERFILE) -t $(SERVER_IMAGE):$(IMAGE_VERSION) .
-	@docker image prune -f --filter label=stage=server-intermediate
+	docker build --pull -f $(SERVER_DOCKERFILE) -t $(SERVER_IMAGE):$(IMAGE_VERSION) .


kd7lxl · 2021-03-03T22:55:28Z

atlas/templates/Makefile.common.gotmpl

-	@go mod download
+	go mod tidy
+	go mod vendor
+	go mod download


I don't think there's any value to go mod download after go mod tidy/vendor. It will already have downloaded all the modules.

kd7lxl · 2021-03-03T22:56:38Z

atlas/templates/docker/Dockerfile.gotmpl

@@ -1,5 +1,5 @@
 # build the server binary
-FROM golang:1.15.7 AS builder
+FROM golang:latest AS builder


This doesn't lead to reproducible builds.

An alternative approach that would keep versions from going stale but also support reproducible builds would be to add a .github/dependabot.yml to the templates. Edit: implemented in #90

We should always be fixing bugs on the latest versions of dependencies. Dependabot PR would just fail/get ignored and continue the current process of creating apps on old versions of tools.

Since go has been maintaining backwards compatibility for a decade, the only errors I expect to get here are with go test linting rules. Those find bad code so the risk here is quite low while the upsides are high.

the problem with removing the version is that it becomes ambiguous as to which version we are using. Tracing it back to a build would be a PITA. Perhaps we can write a build rule that would check what the latest release is and fail to build unless the user updates it. In any case, let's remove this change and deal with it in a separate PR.

Code that templates out applications with no migration path should not pin versions. It invariably leads to code that stagnates on outdated versions of tools. Removed the masking of makefile output. It provides little value and makes it harder to debug what make is doing.

kd7lxl reviewed Mar 3, 2021

View reviewed changes

drewwells force-pushed the removeVersionPinning branch from 7b0047f to 0668378 Compare March 4, 2021 14:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

remove pinning of versions #84

remove pinning of versions #84

drewwells commented Mar 2, 2021

kd7lxl Mar 3, 2021

kd7lxl Mar 3, 2021

kd7lxl Mar 3, 2021 •

edited

Loading

drewwells Mar 4, 2021

drewwells Mar 4, 2021

daniel-garcia Mar 5, 2021

remove pinning of versions #84

Are you sure you want to change the base?

remove pinning of versions #84

Conversation

drewwells commented Mar 2, 2021

kd7lxl Mar 3, 2021

Choose a reason for hiding this comment

kd7lxl Mar 3, 2021

Choose a reason for hiding this comment

kd7lxl Mar 3, 2021 • edited Loading

Choose a reason for hiding this comment

drewwells Mar 4, 2021

Choose a reason for hiding this comment

drewwells Mar 4, 2021

Choose a reason for hiding this comment

daniel-garcia Mar 5, 2021

Choose a reason for hiding this comment

kd7lxl Mar 3, 2021 •

edited

Loading