Update some mailgun deps to remove dependency on mgo #223
Conversation
|
@ldez does that continue to be a problem with go1.17+ graph pruning? https://go.dev/doc/go1.17#graph-pruning |
|
Yes, the problems are still here. The Holster has too many unrelated dependencies. |
|
Holster was put together with the hope that one day graph pruning would be implemented in go. Since it now supports this, I don't see an issue with including it in the code base. The dependencies introduced with this PR only includes what is needed by the code. |
|
@ldez Please compare the go.mod file in this pr to the go.mod file of holster. AFAICT go 1.17+ graph pruning solves the problem as long as the packages you are using from that module don't also pull in those deps, which afaict the ones I've started using do not. |
|
PS: Until moving to go 1.18 you'll have to run |
|
Maybe I was not clear: the Holster has too many unrelated dependencies, it's not a graph problem but a transitivity problem. For example: |
|
@ldez We are talking about the same thing here. I too am talking about transitive dependencies. Where are they in the transitive package graph of this pr? For example: $ go mod why go.opentelemetry.io/otel/...
go: downloading go.opentelemetry.io/otel/exporters/jaeger v1.4.1
go: downloading github.com/go-logr/logr v1.2.2
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading github.com/stretchr/objx v0.1.0
# go.opentelemetry.io/otel
(main module does not need package go.opentelemetry.io/otel)
# go.opentelemetry.io/otel/attribute
(main module does not need package go.opentelemetry.io/otel/attribute)
# go.opentelemetry.io/otel/baggage
(main module does not need package go.opentelemetry.io/otel/baggage)
# go.opentelemetry.io/otel/codes
(main module does not need package go.opentelemetry.io/otel/codes)
# go.opentelemetry.io/otel/internal
(main module does not need package go.opentelemetry.io/otel/internal)
# go.opentelemetry.io/otel/internal/baggage
(main module does not need package go.opentelemetry.io/otel/internal/baggage)
# go.opentelemetry.io/otel/internal/global
(main module does not need package go.opentelemetry.io/otel/internal/global)
# go.opentelemetry.io/otel/internal/internaltest
(main module does not need package go.opentelemetry.io/otel/internal/internaltest)
# go.opentelemetry.io/otel/internal/matchers
(main module does not need package go.opentelemetry.io/otel/internal/matchers)
# go.opentelemetry.io/otel/internal/trace/noop
(main module does not need package go.opentelemetry.io/otel/internal/trace/noop)
# go.opentelemetry.io/otel/propagation
(main module does not need package go.opentelemetry.io/otel/propagation)
# go.opentelemetry.io/otel/semconv/v1.4.0
(main module does not need package go.opentelemetry.io/otel/semconv/v1.4.0)
# go.opentelemetry.io/otel/semconv/v1.5.0
(main module does not need package go.opentelemetry.io/otel/semconv/v1.5.0)
# go.opentelemetry.io/otel/semconv/v1.6.1
(main module does not need package go.opentelemetry.io/otel/semconv/v1.6.1)
# go.opentelemetry.io/otel/semconv/v1.7.0
(main module does not need package go.opentelemetry.io/otel/semconv/v1.7.0)
# go.opentelemetry.io/otel/exporters/jaeger
(main module does not need package go.opentelemetry.io/otel/exporters/jaeger)
# go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/agent
(main module does not need package go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/agent)
# go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/agent/agent-remote
(main module does not need package go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/agent/agent-remote)
# go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/jaeger
(main module does not need package go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/jaeger)
# go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/jaeger/collector-remote
(main module does not need package go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/jaeger/collector-remote)
# go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/zipkincore
(main module does not need package go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/zipkincore)
# go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/zipkincore/zipkin_collector-remote
(main module does not need package go.opentelemetry.io/otel/exporters/jaeger/internal/gen-go/zipkincore/zipkin_collector-remote)
# go.opentelemetry.io/otel/exporters/jaeger/internal/third_party/thrift/lib/go/thrift
(main module does not need package go.opentelemetry.io/otel/exporters/jaeger/internal/third_party/thrift/lib/go/thrift)
# go.opentelemetry.io/otel/sdk/instrumentation
(main module does not need package go.opentelemetry.io/otel/sdk/instrumentation)
# go.opentelemetry.io/otel/sdk/internal
(main module does not need package go.opentelemetry.io/otel/sdk/internal)
# go.opentelemetry.io/otel/sdk/internal/env
(main module does not need package go.opentelemetry.io/otel/sdk/internal/env)
# go.opentelemetry.io/otel/sdk/resource
(main module does not need package go.opentelemetry.io/otel/sdk/resource)
# go.opentelemetry.io/otel/sdk/trace
(main module does not need package go.opentelemetry.io/otel/sdk/trace)
# go.opentelemetry.io/otel/sdk/trace/tracetest
(main module does not need package go.opentelemetry.io/otel/sdk/trace/tracetest)
# go.opentelemetry.io/otel/trace
(main module does not need package go.opentelemetry.io/otel/trace) |
|
^ (a pruned transitive dependency) compared to... $ go mod why -m github.com/pkg/errors
# github.com/pkg/errors
github.com/vulcand/oxy/cbreaker
github.com/mailgun/holster/v4/clock
github.com/pkg/errors(an unpruned transitive dependency) |
|
I don't think we are talking about the same thing: you are talking about oxy-holster relations, I'm talking about project-oxy-holster relations. Offtopic: In all cases, I'm not able to merge a PR on oxy because the CI is broken, and nobody answer to my requests, take a look here #208 (comment) |
|
How does what I said not apply to the project-oxy-holster relations? |
|
@ldez Does Traefik have some reason not to upgrade to 1.7 or 1.8 to get the graph pruning benefit? This would only effect projects that include |
Yes, mainly because some tools like golangci-lint (because a problem with SSA, the Go team is working on) |
|
That is 1.18 specific. My bump was to a min version of 1.17, specifically to avoid stuff like that and to gain pruning. Given the state of things like you point out (PS: Thanks for your work on golangci-lint!). Holster is also go1.17 atm and I would expect a bump to go1.18 now there is also out of the question for the same reasons. See also: https://github.com/freeformz/oxy-deps-test/blob/main/go.mod for the transitive project dependencies. Also golangci-lint-1.45.2 has no problem running on my oxy branch with go1.17. |
|
FWIW: With go1.16 holster won't even vendor because that has been upgraded to 1.17 as the minimally supported version. |
|
@freeformz I will spend some time on your PR tomorrow (it's 11pm for me) FYI: I will fix the CI in a few minutes |
|
@ldez Thanks! (Get some sleep). I am happy to make modifications, let me know. |
|
Can you rebase your PR? |
|
@ldez done. Now I'm going back to bed myself. |
github.com/mailgun/timetools has a dependency on mgo's BSON package. mgo hasn't been updated in ~4+ years and is unsupported. Additionally github.com/mailgun/holster has replaced github.com/mailgun/timetools and github.com/mailgun/ttlmap. While here, bump minimally supported version of go to go 1.17.
|
Note: the changes of |
|
@ldez I can revert those. They are type aliases, so it's really the same type under the covers. I was getting kind of overly "complete" in doing that change. |
I replaced all clock.Durations with time.Durations and only exposed clock.Time's with time.Times. This was done so as to not change the external API. Note: Because of how go type aliases work I'm not convinced this actually changed the public interfaces. clock.Time and clock.Duration are type aliases to the normal time package equivalents.
|
I don't why but I was thinking that I just mixed |
|
Could you don't squash commits? |
|
Okay. I won't anymore. |
|
Just a tip: instead of https://git-scm.com/docs/git-push#Documentation/git-push.txt---force-with-leaseltrefnamegt You dropped my commit. |
|
The problem I expected occurs: when I update the dependency in Traefik, the module The module The holster uses this module in the package This is why I said that the Holster has too many unrelated dependencies and the problem is project-oxy-holster. |
|
Which dependencies of the Holster (as a library) are problems from my point of view:
Why they are problems: because oxy just needs a fake clock implementation. The influence on Prometheus, protobuf, consul, etcd, grpc, and opentelemetry dependencies is a problem because those dependencies are not related to oxy features. I'm not a huge fan of utils/helper libraries or packages, but for me, a utils/helper library must be lean and it must be focused on one topic to avoid unnecessary dependencies. I really want to drop deprecated dependencies, but I don't want to introduce side effects. Maybe the Holster must be a multi-module package or maybe we have to carry the code, for now, I don't know what is the best solution. |
|
I was surprised by this, but then realized that Traefik has a direct dependency on FWIW: If those dependencies are really that sensitive to Traefik then they should/could be Another workaround would be to create an Which course would you like me to pursue ? |
|
Let's go for an |
This is based on feedback from @idez here: vulcand#223 (comment) We're doing this to avoid having holster as a dependency. See the linked pull request for all the gory details.
|
@ldez done, let me know if anything else needs to be changed. |
https://github.com/mailgun/timetools has a dependency on mgo's BSON package.
mgo hasn't been updated in ~4+ years and is unsupported.
Additionally, https://github.com/mailgun/holster has replaced:
While here, bump the minimally supported version of Go to go1.17.
Closes #210