#!/usr/bin/env bash # Copyright 2019 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This script checks version dependencies of modules. It checks whether all # pinned versions of checked dependencies match their preferred version or not. # Usage: `hack/lint-dependencies.sh`. set -o errexit set -o nounset set -o pipefail KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. source "${KUBE_ROOT}/hack/lib/init.sh" # Detect problematic GOPROXY settings that prevent lookup of dependencies if [[ "${GOPROXY:-}" == "off" ]]; then kube::log::error "Cannot run with \$GOPROXY=off" exit 1 fi kube::golang::setup_env kube::util::require-jq # Set the Go environment, otherwise we get "can't compute 'all' using the # vendor directory". export GOWORK=off export GOFLAGS=-mod=mod # let us log all errors before we exit rc=0 # List of dependencies we need to avoid dragging back into kubernetes/kubernetes # Check if unwanted dependencies are removed # The array and map in `unwanted-dependencies.json` are in alphabetical order. go run k8s.io/kubernetes/cmd/dependencyverifier "${KUBE_ROOT}/hack/unwanted-dependencies.json" outdated=$(go list -m -json all | jq -r " select(.Replace.Version != null) | select(.Version != .Replace.Version) | select(.Path) | \"\(.Path) pinned: \(.Replace.Version) preferred: \(.Version) hack/pin-dependency.sh \(.Path) \(.Version)\" ") if [[ -n "${outdated}" ]]; then echo "These modules are pinned to versions different than the minimal preferred version." echo "That means that without replace directives, a different version would be selected," echo "which breaks consumers of our published modules." echo "1. Use hack/pin-dependency.sh to switch to the preferred version for each module" echo "2. Run hack/update-vendor.sh to rebuild the vendor directory" echo "3. Run hack/lint-dependencies.sh to verify no additional changes are required" echo "" echo "${outdated}" fi noncanonical=$(go list -m -json all | jq -r " select(.Replace.Version != null) | select(.Path != .Replace.Path) | select(.Path) | \" \(.Path) is replaced with \(.Replace.Path)\" ") if [[ -n "${noncanonical}" ]]; then echo "" echo "These modules are pinned to non-canonical repos." echo "Revert to using the canonical repo for these modules before merge" echo "" echo "${noncanonical}" fi unused=$(comm -23 \ <(go mod edit -json | jq -r '.Replace[] | select(.New.Version != null) | .Old.Path' | sort) \ <(go list -m -json all | jq -r .Path | sort)) if [[ -n "${unused}" ]]; then echo "" echo "Use the given commands to remove pinned module versions that aren't actually used:" echo "${unused}" | xargs -L 1 echo 'go mod edit -dropreplace' fi if [[ -n "${unused}${outdated}${noncanonical}" ]]; then rc=1 else echo "All pinned versions of checked dependencies match their preferred version." fi exit $rc