#907 Warn when an importer cannot preserve a constraint #1013
Conversation
* HashFromNode returns a deterministic cryptographic digest for a directory tree * VerifyDepTree verifies dep tree according to expected digests
* prevents many accidental hash collisions
* trying to figure out condition of the testdata_digest directory on the build box
* some more edge test cases added
Remove any CRLF sequences in buf, using `bytes.Index` because that takes advantage of machine opcodes that search for byte patterns on many architectures. This operation is done in two parts: find and record the CRLF sequence positions, then loop through and copy bytes to eliminate the CR bytes.
* Only works with directories; no longer with files. * Takes a single argument, that of the directory to hash. * Hashes existance and type of all file system nodes in the directory that it finds. * When hashing file system node names, it no longer includes the prefix matching the directory name parameter.
* In line with the original document describing hungarian notation, all file system path variable names have been prefixed with either `slash` or `os` to differentiate whether the variable holds a slash delimited pathname or a pathname delimited by an os-specific pathname delimiter. This is to make it much easier to visually see whether we are using the wrong pathname "type" than desired.
* device files, named pipes, sockets found in a vendor root tree are also reported, and will result in a status of `NotInLock`, because those node types are generally not in source control.
cmd/dep: fix vndr importpath validation
|
@djosephsen I just fixed the vndr check for an empty import path. Once you pull in the latest changes from master (either with a rebase or a merge, whatever you are comfortable with), that test should stop failing. |
|
awesome thanks! I'll rebase asap |
djosephsen
requested review from
darkowlzz,
ibrasho,
jmank88 and
sdboyer
as code owners
|
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored by someone other than the pull request submitter. We need to confirm that they're okay with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the |
Document generating graph visualizations
|
oh googlebot. you so silly. |
Add Unimplemented to unimplemented status flags
add testdata/{vndr,govend} in CODEOWNERS
|
@djosephsen Looks like your rebase didn't go quite right and the PR now has 70 commits. 😀 Once that's fixed, good ole googlebot should be happy again. |
|
Yes I'm currently exploring the nuances of this valuable learning opportunity. |
What does this do / why do we need it?
This is a first attempt at solving one third of #907
What should your reviewer look out for in this PR?
I'd like to make sure I understand the expected behavior of the importer when no valid constraints are found in the current project's vendor deps
Do you need help or clarification on anything?
Yah that ^^ up there ^^
Which issue(s) does this PR fix?
#907