-
-
Notifications
You must be signed in to change notification settings - Fork 12
Manage versioning of Task tool dependency #962
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@ ## main #962 +/- ## ======================================= Coverage 83.33% 83.33% ======================================= Files 1 1 Lines 180 180 ======================================= Hits 150 150 Misses 19 19 Partials 11 11
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
The "yq" tool dependency is managed via the Go modules system. It must be invoked via `go tool` in order for the managed version to be used.
The "Task" task runner tool is used to perform all common development and maintenance operations for the project. Previously, the version of Task was not well managed. The GitHub Actions workflows used the latest version of Task, only constrained by major version. This meant that the GitHub Actions workflows could break at any time through a new release of Task that contained regressions or breaking changes. The contributors used whichever version of Task happened to be installed on their machine. This meant that they might get different results from that produced by the environment of the GitHub Actions workflows. The better solution is to take the same approach for managing the Task dependency as is done for the project's other dependencies: * Install a specific version of Task according to a single source of versioning data. * Use the Dependabot service to get automated update pull requests. Since Task is a Go module-based project, this can be accomplished by using the Go modules system, which has explicit support for tool dependencies as of the Go 1.24 release.
2d1e3e5 to
fa98bca
Compare
Use the Dependabot service to get automated update pull requests.
I discovered that I was mistaken about this effect. Although Dependabot does provide update PRs when tool dependencies are managed via the alternative provisional "tools.go" approach, unfortunately it does not for tools managed via the newer tools directive: dependabot/dependabot-core#12050
Uh oh!
There was an error while loading. Please reload this page.
The "Task" task runner tool is used to perform all common development and maintenance operations for the project.
Previously, the version of Task was not well managed.
The GitHub Actions workflows used the latest version of Task, only constrained by major version. This meant that the GitHub Actions workflows could break at any time through a new release of Task that contained regressions or breaking changes.
The contributors used whichever version of Task happened to be installed on their machine. This meant that they might get different results from that produced by the environment of the GitHub Actions workflows.
The better solution is to take the same approach for managing the Task dependency as is done for the project's other dependencies:
Since Task is a Go module-based project, this can be accomplished by using the Go modules system, which has explicit support for tool dependencies as of the Go 1.24 release. The "yq" tool dependency is managed via the Go modules system. It must be invoked via
go toolin order for the managedversion to be used.