fix(setup): warn when instrumentation hooks bump consumer versions#502
Conversation
gyanranjanpanda
force-pushed
the
fix/silent-version-bump-489
branch
2 times, most recently
from
2293928 to
d9495bd
Compare
syncDeps was silently raising the consumer go directive and OTel dep versions via go mod tidy. Snapshot the go.mod before mutation and diff after tidy to surface what changed and which hooks caused it. Fixes open-telemetry#489
gyanranjanpanda
force-pushed
the
fix/silent-version-bump-489
branch
from
d9495bd to
889e511
Compare
|
could @txabman42 review this |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #502 +/- ##
=========================================
+ Coverage 0 63.00% +63.00%
=========================================
Files 0 62 +62
Lines 0 4790 +4790
=========================================
+ Hits 0 3018 +3018
- Misses 0 1527 +1527
- Partials 0 245 +245
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR adds warning logs during setup when instrumentation hook dependency synchronization raises a consumer module’s Go directive or direct dependency versions after go mod tidy.
Changes:
- Adds version snapshotting before
go mod tidy. - Adds post-tidy comparison and warning logs for raised Go/dependency versions.
- Adds unit tests for snapshotting and warning behavior.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
tool/internal/setup/sync.go |
Adds snapshot/compare logic and emits warnings after dependency sync. |
tool/internal/setup/sync_test.go |
Adds tests for snapshot capture and warning scenarios. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
i adressed all issue @y1yang0 u mention could u verify this if any thing i can change i am willing to do |
|
i adressd the latest @y1yang0 issue could u review this |
|
Thanks, fixed. I removed the repeated standalone Go language-version test and folded it into Verified with: go test ./tool/internal/setup
could @amazingakai verify now |
Problem
The
syncDepsfunction silently bumps the consumer'sgodirective and OTel dependency versions during setup. Becausego.modis restored by cleanup after a successful build, the user never notices these version changes happened.Solution
This implements Part B of the proposed fix from #489: before running
go mod tidy, we snapshot the consumer'sgodirective and direct dependency versions. After tidy, we compare and emitWarn-level log messages for every version that was raised.Example output
Changes
tool/internal/setup/sync.goversionSnapshotgoVersionanddeps map[string]stringsnapshotVersions()modfile.FilewarnVersionBumps()Design decisions:
1.25.0) whilesemver.Compareneeds avprefix -- we prependvbefore comparisonwarnVersionBumpsis non-fatal: parse errors are logged as warnings, not returned as errorssemver.IsValidguards to skip malformed versions gracefullytool/internal/setup/sync_test.go6 new tests covering:
TestSnapshotVersions-- direct deps captured, indirect excludedTestSnapshotVersions_MinimalGoMod-- empty deps, go version capturedTestWarnVersionBumps_GoVersionRaised-- go directive bump produces warningTestWarnVersionBumps_DepVersionRaised-- OTel dep bump produces warningTestWarnVersionBumps_NoChange-- no warnings when versions matchTestWarnVersionBumps_MissingFile-- graceful handling of missing go.modWhat's NOT in this PR
Part A (lowering hook module floors from
go 1.25.0/otel v1.43.0to true minimums) is a separate effort requiring CI matrix testing across Go versions.Fixes #489