Use semantic versioning #259
Comments
|
I'd like to second this request. It would allows tools like Glide to find and use release versions. |
|
Just like on your other tool: spf13/viper#173 Many tools out there have this requirements, and go team and all those tools creators are looking into a way to handle vendoring properly. I highly advice the reading of the following posts. |
|
I don't like to pile on, but since the dep tool that is being developed relies on tagged releases, I would like there to be something official in terms of a |
|
This is a mandatory "feature" to allow version locking with dependency managers. Don't let this idea die! |
|
It seems like this is the correct place to continue the discussion from #519 on Not only should cobra tag a release to play nicely with clients using dep, but IMO it should also adopt dep itself. Effectively, this just means checking in a |
|
I also opt for not checking in the vendor folder.
The pros aren't really that great for cobra,
|
|
@bpicode The problem with not checking in vendor is that the install instructions say to use |
|
@mattfarina You're right, I see your point. Cobra is somewhat special since it is both a library as well as a client of itself. I was somewhat biased, prioritizing the library aspect. |
|
Of course, if you move to using |
|
Not really. dep still encourages go get for installing tools like cobra's cli. I'd love for a hypothetical go get <import path>
cd $GOPATH/src/<import path>
git checkout <latest release tag>
dep ensure
go installThe only option for a cli tool to yield a great install experience through
Only if you do both of those things will |
|
Also, dep definitely deletes the vendor directory out of dependency projects, so if cobra were to check in its vendor folder, downstream clients of the library using dep would not be affected by this (apart from slightly slower git clones). It's downstream clients who have not yet adopted dep that would potentially be affected if cobra were to check in a vendor folder at the root of its project. What would really be ideal is for a vendor folder to be checked in not at the root of the repository but inside the |
|
Please tag a release using semantic versioning. Even something as simple as assigning |
|
Request: any chance of bundling the latest master into a release before the 2.0.0 milestone? I'd like to move my project to |
|
Any chance of cutting a new release (0.0.2 perhaps)? I'd really like to incorporate |
|
While I would agree with you that it would make sense to get some more releases out - you can use either |
|
@alexejk Fair enough. I'll lock to a commit for now - thanks! |
|
When using it as a library, as most are, you need to lock to something instead of pulling from master. If you check in the dependency to your repo you are locking to version there (and should have that recorded somewhere). If you What versions get you is a point where it's marked as stable and semantic versions get you things marked as stable with different kinds of intent (patch fix, new features, api breaking change). Use of SemVer is really about communicating intent to those consuming it. That's why I ask you to do it. |
|
@mattfarina this does make sense as per my comment above, but it also is the fact that while it's not as convenient - you can lock to a specific commit which effectively gives you the same thing as locking to a version. Version releases quite often mean that this is a complete iteration (no matter what "level" of iteration) while commit will effectively give you a snapshot in time. If e.g current master is stable and good enough for you - take it's commit hash and lock to it while the author takes the time needed to feel comfortable with the next release. Instructions could be updated, and if you are using e.g So I would argue that the issue is mainly instructions / setup on some systems that blindly do The above doesn't change the point of me being all in favor of semver releases for this and all other projects we depend on, but it means that while it's not as convenient - even without semver you can get the same benefits of locking down (you do loose quick understanding which level of impact an update gives, as this is the biggest benefit of semver). P.S.: Maybe current state isn't "ready" to be even 0.0.2 as it's WIP ;-) |
|
Just to add on to what @alexejk said. Even without the Almost everyone who is thinking about locking to a specific commit in their manifest because they need something that isn't in a server tagged release should instead:
That's it. For most small projects, this is sufficient. If you have automated builds, then you could use the |
|
And just to zoom out on the broader discussion: we could largely bypass all of this needless specificity if spf13/cobra would simply tag releases on a regular cadence. It's totally bizarre to me that a project with so many users is so resistant to this... |
Make setup and predictable builds easier for contributors by locking to a set of dependencies. Some of the dependencies have been locked to specific commits on master in order to accomodate projects that do not ship releases often such as cobra and gomock (see spf13/cobra#259 for details). - Change mockgen commands to use a -source flag to explicitly point to the files in vendor for generating mocks. This, for some reason, fixes a bug in gomock whereby it uses the vendor path as the import path which breaks some dependencies. See golang/mock#28 for more details.
|
Could really do with another release that means I don't need to pin "master" just to get "--version" support. |
|
To the project owners; So many people are asking for tagging new versions/releases - why are you so reluctant to do that? Just tag v0.0.2 and everyone will be happy. What is stopping you? |
|
I think the problem is that nobody is really the project owner here. @spf13 can you nominate someone? |
|
Over a week has passed, so I'll take @eparis's silence as a 👍to proceed. 0.0.2 is tagged. If you want another tag in the future, reply here and/or @/DM me on Twitter: @broady. Also, I noticed that @BoGeM said "Normal semantic versioning will be introduced in 2.0.0." |
|
Please can we have another release @broady ? The last tagged version is 0.0.3 May 15, 2018 and that is what all go mod users will be picking up by default. Thanks |
|
Hi @broady, the last Cobra release dates back to a year ago. There has been a couple of fixes that have value. Specifically, #730 is particularly important as it fixes a collision between different cobra apps that perform custom completion. I'm working on adding custom completion to the Helm project (for the v3 release) but without #730 I cannot add it as it will likely break custom completion for I tried to simply use the latest Cobra commit, but transitive dependencies of other projects are locked to a tagged releases of Cobra. Would it be possible to make a 0.0.4 release to make the Cobra fixes of the last year available? Thank you for considering it. |
|
@eparis, are you up for tagging? Happy to do this when people message me to ask. Will tag 0.0.4 if I don't hear back in a few days. |
|
@broady, would you please consider merging #817 either before or just after tagging |
|
@broady ping :-) |
|
Sorry, I don't know the codebase well enough to do a proper review of that. Tagging 0.0.4 right now. |
|
Done. See all changes between 0.0.3 and 0.0.4: |
Please consider assigning version numbers and tagging releases. Tags/releases
are useful for downstream package maintainers (in Debian and other distributions) to export source tarballs, automatically track new releases and to declare dependencies between packages. Read more in the Debian Upstream Guide.
Versioning provides additional benefits to encourage vendoring of a particular (e.g. latest stable) release contrary to random unreleased snapshots.
Thank you.
See also
The text was updated successfully, but these errors were encountered: