x/build/coordinator: make oauth2 build green, support GitHub / non-Go dependencies #14594
Comments
|
Before answering your question, I wonder whether we should vendor the external packages in the oauth2 package. I think we should have never contributed provider-specific bits with external dependencies to the oauth2 package. They could have lived under a google package elsewhere. But since we have these bits and cannot break the existing users, it is too late to move the google package somewhere else. Vendoring will solve the broken build, right? |
|
Yes, option 5 is vendoring the dependencies! The only dependencies this repo has outside the standard library are: We should (and need) not vendor |
|
That would break some people's rule that vendoring should only be done by binaries, and not libraries. I need to solve this for grpc-go too, since I want to run their tests on our infrastructure. I'm thinking a manifest file of deps for the builder, similar to the |
|
Could Alternatively it is possible to remove the dependency completely by copying a few functions (metadata.OnGCE, metadata.Get) that are needed from these external packages to oauth2 repo. |
|
@kostya-sh, that's just as bad as vendoring them, or a bit worse. I'd rather fix our test infrastructure rather than mirror that code all over the place. |
|
Fixing the infra SGTM. |
|
@bradfitz, I suggested copying because:
|
|
I think option 1 is the best course of action, and we can probably get by for quite a while with a simple list of additional packages to fetch for a given subrepo. That will keep any addition "external" dependencies from quietly slipping in, and it's going to be rare to add/remove these "external" dependencies. For oauth2, it just needs to run |
Rather than running I know @bradfitz has thoughts on how to address this issue more generally. |
bradfitz
changed the title
|
Now that we have modules (and that https://github.com/gomods/athens exists), this got almost trivial. @bcmills is adding a go.mod file to oauth2 in https://go-review.googlesource.com/c/oauth2/+/157137 and then I'll run an Athens in Kubernetes: And then just set GOPROXY when we run go test commands. Super trivial. |
|
Change https://golang.org/cl/157438 mentions this issue: |
|
Change https://golang.org/cl/157439 mentions this issue: |
As part of getting the x/build tests passing (trybots + post-submit), ignore the symlinks that are in the x/build repo for now. We can add support when we actually need them for something. But I imagine any test that needs them can & does just create them as needed. Updates golang/go#14594 Change-Id: I6a0584d35c8d0fc91b3cdc8114b473df7f0268c3 Reviewed-on: https://go-review.googlesource.com/c/157439 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Only the "oauth2" and "build" repos for now, as a test. We'll lock down policy more later and decide when to do this automatically. Also, this currently only runs buildlets which run in our GCP project, because we're not yet proxying the a localhost:3000 port from the reverse buildlets to an authenticated TLS connection back to our module proxy service on GKE. Updates golang/go#14594 Fixes golang/go#29637 Change-Id: I6f05da2186b38dc8056081252563a82c50f0ce05 Reviewed-on: https://go-review.googlesource.com/c/157438 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Bryan C. Mills <bcmills@google.com> Reviewed-by: Andrew Bonventre <andybons@golang.org>
|
Change https://golang.org/cl/165779 mentions this issue: |
So builders outside of GCE (Macs, etc) can use a module proxy. It will be exposed to them via an unauthenticated localhost:3000 server that adds the necessary authentication to this server. This is a follow-up of work started in CL 157438. Updates golang/go#14594 Change-Id: Id824b0ad3a0274048023cc72f8adad23d5f0ea29 Reviewed-on: https://go-review.googlesource.com/c/build/+/165779 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
Change https://golang.org/cl/165780 mentions this issue: |
Buildlets have regular builder tokens, not "user-" prefixed ones. So don't use the auth helper function. Just inline what we need in the proxy handler. Fix from testing CL 165779. Updates golang/go#14594 Change-Id: Ie2d8d7a21f5660d24e929c932571b8df61895374 Reviewed-on: https://go-review.googlesource.com/c/build/+/165780 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
Change https://golang.org/cl/165782 mentions this issue: |
Now that farmer.golang.org is an authenticated GOPROXY server (CL 165779), this adds the unauthenticated localhost server on the buildlet that adds the auth headers to farmer.golang.org. The buildlet only does this if the build includes env GO_BUILDER_SET_GOPROXY=coordinator, in which case it listens on an emphemeral localhost port per exec and sets GOPROXY to an HTTP server running on that port. This way we don't need to deal with any port management or conflicts. Updates golang/go#14594 Change-Id: Iae6d2deda9d5e88ab659d94aaccc43e01fcf4a7c Reviewed-on: https://go-review.googlesource.com/c/build/+/165782 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
Change https://golang.org/cl/166218 mentions this issue: |
…dinator This removes a bunch of TODOs about scattered policy and moves it all into builders.go. While here, * add a bunch of tests * unexport some things * rename some things * document some things * adjust FreeBSD policy as function of branch (per Go 1.12 being last to support FreeBSD 10.x, and to unblock CL 165801) * set GO_BUILDER_SET_GOPROXY=coordinator for reverse buildlets, which is necessary to remove the oauth2 & build special cases in the config * change Elias Naur's mobile builder to how I think he wants it (he was fighting the old system) * add $HOME on the Solaris smartos builder, which was missing & causing tests to fail lately * make the (currently failing) longtest builder have GOPROXY set * remove an allocation in version.ParseReleaseBranch Fixes golang/go#9603 Updates golang/go#14594 Change-Id: I50a23ad7cdf478c95b14bee9b3931ba361baacfa Reviewed-on: https://go-review.googlesource.com/c/build/+/166218 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
This has been done for a number of months. |
The
oauth2repo is currently broken on the build dashboard because the coordinator doesn't know how to fetch dependencies external to the Go sub-repos.Options:
// +build !gobuildfarmin their source files.golang.org/x/repo in the first place. Maybe it doesn't belong on the build dashboard.My instinct points to options 3 or 2.
cc @bradfitz @rakyll
The text was updated successfully, but these errors were encountered: