x/tools/gopls/internal/govulncheck: copy.sh needs update to produce buildable clone #54818
Assignees
Labels
FrozenDueToAge
gopls
Issues related to the Go language server, gopls.
Tools
This label describes issues relating to any tools in the x/tools repository.
vulncheck or vulndb
Issues for the x/vuln or x/vulndb repo
Milestone
Comments
gopherbot
added
Tools
|
cc @golang/vulndb |
|
Change https://go.dev/cl/427542 mentions this issue: |
|
Change https://go.dev/cl/427895 mentions this issue: |
gopherbot
pushed a commit
to golang/tools
that referenced
this issue
Sep 6, 2022
…b0186 VulnDB OSV schema was changed recently https://go-review.googlesource.com/c/vulndb/+/424895 to fix the misinterpretation of 'affected.package.name', and the database entries were repopulated with the new schema. We need to update the client library to pick up the change. We also need to update the fake vulndb entries used in tests. gopls/regtest/misc/testdata/vulndb was copied from golang.org/x/vuln/cmd/govulncheck/testdata/vulndb @ 62b0186 (the version updated in cl/424895) Also reverse golang.org/cl/425183 which includes the position information in the SummarizeCallStack result. Like in govulncheck -v, the position info is already available in the callstack, thus this is unnecessary for us. Since x/vuln is currently frozen until the preview release, revert it from gopls/internal/vulncheck. Ran go mod tidy -compat=1.16; otherwise, the transitive dependency on github.com/client9/misspell from golang.org/x/vuln breaks go1.16 build. Updated copy.sh script to copy x/vuln/internal/semver package (golang/go#54401) and add the build tags back to all go files. Gopls's builder builds&tests packages with old go versions, so we still need go1.18 build tag. Fixes golang/go#54818 Change-Id: I37770d698082378656a7988d3412a4ca2196ca7b Reviewed-on: https://go-review.googlesource.com/c/tools/+/427542 gopls-CI: kokoro <noreply+kokoro@google.com> Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com> (cherry picked from commit 012f7881f5cea6e901ecddd97577a44d9f2ed2b8) Reviewed-on: https://go-review.googlesource.com/c/tools/+/427895 Reviewed-by: Robert Findley <rfindley@google.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
As of bd8b20b
x/vuln/cmd/govulncheck/internal/govulncheck no longer can be copied using copy.sh.
it imports
golang.org/x/vuln/internal/semverwhich cannot be referenced from x/tools/gopls/internal/govulncheck.gopls still needs to be buildable by go 1.16+ so our builder tests with go1.16+. We need build tags to make our builders ignore the copied package. (note: we plan to remove this restriction and comply with the go project version support policy, but we are not there yet)
The text was updated successfully, but these errors were encountered: