Reviewable Reviews Repositories
merged
diffs r1
unreviewed 2
unresolved 0
to comment,
Sign in
Optimizing layout
Pull request merged

release-24.1: mirror: fix non-determinism in case two packages have the same path

cockroachdb/cockroach #143227

Backport 1/1 commits from #143169.

/cc @cockroachdb/release

Release justification: Non-production code changes

This code previously assumed that go mod download -json would not produce two different versions of the same dependency with the same path. This is typically a sensible assumption but no longer holds in some niche scenarios. We use replace in go.mod to effectively import two different versions of the same dependency with the same path. This results in non-determinism in the mirroring code with respect to which version of the dependency we select.

We now disambiguate with a path/version pair, which will be unique. We also add some additional validation to check assumptions so if these assumptions are ever broken in the future, the tool will fail loudly instead of proceeding silently and performing a potentially harmful operation.

Fixes #143168
Epic: CRDB-17171

Release note: None

see less
1 commit in 0 revisions (+1 provisional) rickystewart/cockroach:backport24.1-143169 cockroachdb/cockroach:release-24.1 
File matrix
2 files2 files
r1
Commits
r1
pkg/cmd/mirror/go/pkg/cmd/mirror/go/
mirror.go
r1
+21
+21
adjust what's shown in the file matrix here.
Participants
waiting on
participant
status
role
contributor
last active
drafts
discussions
all usernames
Diffs
  Reviewing the latest revision (r1) against its ⊥ base revision.

Next diffs to review (file selection:

)

Show other diffs: All changes

Preferences
Top level discussions
Review discussion
1 week ago
New comments
blathers-crl[bot]

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Backports should only be created for serious
    issues     or test-only changes.
  • Backports should not break backwards-compatibility.
  • Backports should change as little code as possible.
  • Backports should not change on-disk formats or node communication protocols.
  • Backports should not add new functionality (except as defined
    here).
  • Backports must not add, edit, or otherwise modify cluster versions; or add version gates.
  • All backports must be reviewed by the owning areas TL. For more information as to how that review should be conducted, please consult the backport
    policy    .
If your backport adds new functionality, please ensure that the following additional criteria are satisfied:
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters. State changes must be further protected such that nodes running old binaries will not be negatively impacted by the new state (with a mixed version test added).
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.
  • Your backport must be accompanied by a post to the appropriate Slack
    channel (#db-backports-point-releases or #db-backports-XX-X-release) for awareness and discussion.

Also, please add a brief release justification to the body of your PR to justify this
backport.

1 week ago
blathers-crl[bot]

It looks like your PR touches production code but doesn't add or edit any test code. Did you consider adding tests to your PR?

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.

r1
+21
Revision mapping:
Compact 1 revision Click and hold to arm, release to activate.
r1
Use of Reviewable is subject to the terms of useprivacy policy.