As I cannot edit the title anymore: it's about upgrading to the last version that can be used without toolchain change, which is not necessarily the "latest" version of a dependency.
On Monday, May 6, 2024 at 10:42:17 AM UTC+2 TheDiveO wrote: > FYI, go-mod-upgrade runs the following command under its hood: > > go list -u -mod=readonly -f '{{if (and (not (or .Main .Indirect)) > .Update)}}{{.Path}}: {{.Version}} -> {{.Update.Version}}{{end}}' -m all > > On Monday, May 6, 2024 at 10:36:08 AM UTC+2 TheDiveO wrote: > >> Up front, I have to admit that I'm struggling with the newly introduced >> download-your-go-toolchain-on-the-fly when it comes to: >> >> 1. having reproducible builds in a CI/CD pipeline without getting >> downloaded a different toolchain as installed at the stage start, >> 2. being a module maintained as opposed to being a "leaf" app >> maintainer without downstream users, while maintaining the N,N-1 go >> (minor) >> version guarantee. >> >> Over the years, I've found https://github.com/oligot/go-mod-upgrade to >> be very useful to me in maintaining my (intermediate) module dependencies. >> Unfortunately, this tool now breaks down and the author of go-mod-upgrade >> at this time considers the situation to be a go toolchain upstream problem ( >> https://github.com/oligot/go-mod-upgrade/issues/52#issuecomment-2093537300 >> ). >> >> What happens is when I'm on a go 1.21.x toolchain in order to ensure the >> N,N-1 guarantee, a go-mod-upgrade on a module with a k8s.io/api >> "crashes" with the following error, caused by the go command used from >> go-mod-upgrade under its hood: >> >> >> *Error running go command to discover modules: exit status 1 stderr=go: >> loading module retractions for k8s.io/a...@v0.26.2 >> <http://k8s.io/api@v0.26.2>: module k8s.io/a...@v0.30.0 >> <http://k8s.io/api@v0.30.0> requires go >= 1.22.0 (running go 1.21.7; >> GOTOOLCHAIN=local)* >> >> Is there a way in the go command to upgrade to the "latest" dependency >> that doesn't trigger this error? Manually >> <https://pkg.go.dev/k8s.io/api?tab=versions>, I can see that there is a >> 0.29.4 available. Unfortunately, even a single dependency like this causes >> go-mod-upgrade to fail completely, so it's back for me to maintaining each >> and ever of my many deps individually ... which absolutely sucks from the >> UX perspective as I'm sure you can follow along with. Remember, I simply >> cannot switch toolchains on a whim, not least due to CI/CD policies. >> >> How to deal with this situation? Is there a way to use the go tool so >> that it would return only upgrades without toolchain changes? How might the >> go-mod-upgrade tool work around this situation? >> >> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/07810048-2b9d-47f2-8694-5cc741e09884n%40googlegroups.com.