kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5825 from dims/add-guidance-on-SHA-vs-tags-in-dependencies 

Add guidance on SHA vs tags in dependencies
This commit is contained in:
Kubernetes Prow Robot 2021-06-16 09:20:00 -07:00 committed by GitHub
parent 519dd788be 1445c6177a
commit 1cc043a0b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
contributors/devel/sig-architecture/vendor.md
View File

@ -34,6 +34,16 @@ The `go.mod` file in the root of `k8s.io/kubernetes` describes dependencies usin
* `require` directives list the preferred version of dependencies (this is auto-updated by go tooling to the maximum preferred version of the module)
* `replace` directives pin to specific tags or commits
## Dependency versions
As a project we prefer that all entries in `go.mod` should be tagged in their
respective repositories. There may be exceptions that will be up to the
dependency approvers to approve. If there are issues with go mod tooling itself
then there has to be an explicit comment (trailing `// comment`) with details on
exact tag/release that this SHA corresponds to. Also please ensure tracking
issues are open to ensure these SHA(s) are cleaned up over time and switched
over to tags.
## Adding or updating a dependency
The most common things people need to do with deps are add and update them.