Build Fails Due to Dependency Version Mismatch #174
Description
Description
While reproducing the project, we found that the build process fails due to mismatched or unresolved dependencies.
The following error log was produced during the build process:
......
go: github.com/goadesign/gorma imports
github.com/goadesign/goa/design: module github.com/goadesign/goa@latest found (v2.2.5+incompatible), but does not contain package github.com/goadesign/goa/design
go: github.com/goadesign/gorma imports
github.com/goadesign/goa/dslengine: module github.com/goadesign/goa@latest found (v2.2.5+incompatible), but does not contain package github.com/goadesign/goa/dslengine
go: github.com/goadesign/gorma imports
github.com/goadesign/goa/goagen/codegen: module github.com/goadesign/goa@latest found (v2.2.5+incompatible), but does not contain package github.com/goadesign/goa/goagen/codegen
go: github.com/goadesign/gorma imports
github.com/goadesign/goa/goagen/utils: module github.com/goadesign/goa@latest found (v2.2.5+incompatible), but does not contain package github.com/goadesign/goa/goagen/utils
go: github.com/goadesign/gorma/dsl tested by
github.com/goadesign/gorma/dsl.test imports
github.com/goadesign/goa/design/apidsl: module github.com/goadesign/goa@latest found (v2.2.5+incompatible), but does not contain package github.com/goadesign/goa/design/apidsl
Result
The build fails with errors related to missing or mismatched dependencies.
The error dependency is github.com/goadesign/goa.
The build process automatically pulls the latest dependency versions by default. However, the required package github.com/goadesign/goa/design、github.com/goadesign/goa/dslengine、github.com/goadesign/goa/goagen/codegen、github.com/goadesign/goa/goagen/utils、github.com/goadesign/goa/design/apidsl is not included in version v2.2.5+incompatible.
Reason
This issue appears to be caused by the absence of precise version tracking in GOPATH, which leads to inconsistency in dependency resolution.
Proposed Solution
To resolve this issue, we analyzed the project and identified the correct versions of the required dependencies.
The analysis shows that the correct version for the dependency github.com/goadesign/goa is v1.3.1.
Consider adopting this suggested version to prevent other developers from encountering build failures when constructing the project.
This information can be documented in the README.md file or another relevant location.
Additional Suggestions
To ensure reproducible builds and align with the evolving trends of the Go programming language, it is recommended that the current project be migrated to the Go module mechanism.
Updating to the go module mechanism allows for managing third-party dependency versions through the go.mod file, which provides a centralized and consistent way to specify dependency constraints.
We have generated a go.mod file with the correct versions of the third-party dependencies needed for this project.
The suggested go.mod file is as follows:
module github.com/goadesign/gorma
go 1.23
require (
bitbucket.org/pkg/inflect v0.0.0-20130829110746-8961c3750a47
github.com/goadesign/goa v1.3.1
github.com/jinzhu/inflection v1.0.0
github.com/kr/pretty v0.3.1
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.36.2
)
require (
github.com/dimfeld/httppath v0.0.0-20170720192232-ee938bf73598 // indirect
github.com/fsnotify/fsnotify v1.4.9 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gxui v0.0.0-20151028112939-f85e0a97b3a4 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/manveru/faker v0.0.0-20171103152722-9fbc68a78c4d // indirect
github.com/manveru/gobdd v0.0.0-20131210092515-f1a17fdd710b // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/rogpeppe/go-internal v1.9.0 // indirect
github.com/satori/go.uuid v1.2.0 // indirect
github.com/smartystreets/goconvey v1.8.1 // indirect
github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea // indirect
golang.org/x/net v0.35.0 // indirect
golang.org/x/sys v0.30.0 // indirect
golang.org/x/text v0.22.0 // indirect
golang.org/x/tools v0.30.0 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Here the +incompatible suffix in go.mod indicates that the module does not follow Go Modules' semantic versioning (SemVer) rules correctly. But Go can still build and run the project normally despite the +incompatible tag.
Additional Information:
This issue was identified as part of our research project focused on automating the analysis of GOPATH projects to provide accurate dependency versions for seamless migration to Go Modules. We value your feedback and would appreciate any comments or suggestions regarding this approach.