Skip to content

Fix the golang package updater #997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
eyalk007 wants to merge 1 commit into
base: v3_er
Choose a base branch
from
Open

Fix the golang package updater #997

eyalk007 wants to merge 1 commit into from

Conversation

@eyalk007
Copy link
Collaborator

@eyalk007 eyalk007 commented Dec 15, 2025

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.
  • Update documentation about new features / new supported technologies

eyalk007
eyalk007 commented Dec 15, 2025
View reviewed changes
orto17
orto17 reviewed Dec 17, 2025
View reviewed changes
packagehandlers/gopackagehandler.go Outdated

func (golang *GoPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error {
// Configure resolution from an Artifactory server if needed
if golang.depsRepo != "" {
Copy link
Contributor

@orto17 orto17 Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we want to stop support depsRepo, so those lines can be removed

Copy link
Collaborator Author

@eyalk007 eyalk007 Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i say comment this needs to be back by q1 in my eyes

orto17
orto17 reviewed Dec 17, 2025
View reviewed changes
packagehandlers/gopackagehandler.go Outdated
)

type GoPackageHandler struct {
CommonPackageHandler
Copy link
Contributor

@orto17 orto17 Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so we dont need and want the CommonPackageHandler right?

Copy link
Collaborator Author

@eyalk007 eyalk007 Dec 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i believe it should not exist
maybe in the future in a diff way with the parsing, but for now we should delete implementation package by package manager

orto17
orto17 reviewed Dec 17, 2025
View reviewed changes
packagehandlers/gopackageupdater.go
}

func (golang *GoPackageHandler) allowLockfileManipulation() []string {
return append(os.Environ(), "GOFLAGS=-mod=mod")
Copy link
Contributor

@orto17 orto17 Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we have "GOFLAGS=-mod=mod" in a const in the beginning so it will be more clear which flags are being used for each package handler?

Copy link
Collaborator Author

@eyalk007 eyalk007 Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

feels like overkill

orto17
orto17 reviewed Dec 17, 2025
View reviewed changes
packagehandlers/gopackagehandler.go Outdated
"github.com/jfrog/jfrog-client-go/utils/log"
)

type GoPackageHandler struct {
Copy link
Contributor

@orto17 orto17 Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you think ti change the PackageHandler name to something more clear? for example "GolangFixPrCreator

Copy link
Collaborator Author

@eyalk007 eyalk007 Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GolangPackageFixer

orto17
orto17 reviewed Dec 17, 2025
View reviewed changes
@eyalk007 eyalk007 force-pushed the fix-go-package-handler branch from 79d4322 to 5cd924b Compare December 17, 2025 08:41
@eyalk007 eyalk007 requested a review from orto17 December 17, 2025 15:29
@eyalk007 eyalk007 changed the title better fix for golang fix the golang package updater Dec 18, 2025
@eyalk007 eyalk007 self-assigned this Dec 18, 2025
@eyalk007 eyalk007 added the improvement Automatically generated release notes label Dec 18, 2025
@eyalk007 eyalk007 changed the title fix the golang package updater Fix the golang package updater Dec 21, 2025
@eyalk007 eyalk007 force-pushed the fix-go-package-handler branch from 7baec21 to 1df000e Compare December 22, 2025 11:36
orto17
orto17 reviewed Dec 31, 2025
View reviewed changes
@eyalk007
refactor: Replace gopackagehandler with gopackageupdater
31ed7b2 
- Delete old gopackagehandler.go
- Add new gopackageupdater.go with improved Go module handling
- Add v prefix support for Go modules
- Add vendor directory support
- Update commonpackagehandler.go with shared utilities
@eyalk007 eyalk007 force-pushed the fix-go-package-handler branch from b5eabf9 to 31ed7b2 Compare January 11, 2026 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@orto17 orto17 orto17 approved these changes

Assignees

@eyalk007 eyalk007

Labels

improvement Automatically generated release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eyalk007 @orto17