kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add guidance on SHA vs tags in dependencies 

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This commit is contained in:
Davanum Srinivas 2021-06-10 14:37:33 -04:00
parent 843976701c
commit c7d7335957
No known key found for this signature in database
GPG Key ID: 80D83A796103BF59
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
contributors/devel/sig-architecture/vendor.md
View File

@ -34,6 +34,16 @@ The `go.mod` file in the root of `k8s.io/kubernetes` describes dependencies usin
* `require` directives list the preferred version of dependencies (this is auto-updated by go tooling to the maximum preferred version of the module)
* `replace` directives pin to specific tags or commits
## Dependency versions
As a project we prefer that all entries in `go.mod` should be tags in their
respective repositories. There may be exceptions that will be up to the
dependency approvers to approve. If there are issues with go mod tooling itself
then there has to be explicit comment (trailing `// comment`) with details on
exact tag/release that this SHA corresponds to. Also please ensure tracking
isssues are open to ensure these SHA(s) are cleaned up over time and switched
over to tags.
## Adding or updating a dependency
The most common things people need to do with deps are add and update them.