- .github
-
CHANGELOG
- CHANGELOG-1.10.md
- CHANGELOG-1.11.md
- CHANGELOG-1.12.md
- CHANGELOG-1.13.md
- CHANGELOG-1.14.md
- CHANGELOG-1.15.md
- CHANGELOG-1.16.md
- CHANGELOG-1.17.md
- CHANGELOG-1.18.md
- CHANGELOG-1.19.md
- CHANGELOG-1.2.md
- CHANGELOG-1.20.md
- CHANGELOG-1.21.md
- CHANGELOG-1.22.md
- CHANGELOG-1.23.md
- CHANGELOG-1.24.md
- CHANGELOG-1.25.md
- CHANGELOG-1.26.md
- CHANGELOG-1.27.md
- CHANGELOG-1.28.md
- CHANGELOG-1.29.md
- CHANGELOG-1.3.md
- CHANGELOG-1.30.md
- CHANGELOG-1.31.md
- CHANGELOG-1.4.md
- CHANGELOG-1.5.md
- CHANGELOG-1.6.md
- CHANGELOG-1.7.md
- CHANGELOG-1.8.md
- CHANGELOG-1.9.md
- OWNERS
- README.md
- LICENSES
- api
- build
- cluster
-
cmd
-
clicheck
-
cloud-controller-manager
-
dependencycheck
-
dependencyverifier
-
fieldnamedocscheck
-
gendocs
-
genkubedocs
-
genman
-
genswaggertypedocs
-
genutils
-
genyaml
-
gotemplate
-
import-boss
-
importverifier
-
kube-apiserver
-
kube-controller-manager
-
kube-proxy
-
kube-scheduler
-
kubeadm
-
kubectl
-
kubectl-convert
-
kubelet
-
kubemark
-
preferredimports
-
prune-junit-xml
-
yamlfmt
- OWNERS
-
clicheck
- docs
-
hack
-
boilerplate
-
conformance
-
e2e-internal
-
gen-swagger-doc
-
jenkins
-
lib
-
make-rules
-
testdata
-
tools
-
verify-flags
- .descriptions_failures
- .import-aliases
- .spelling_failures
- OWNERS
- README.md
- _update-generated-proto-bindings-dockerized.sh
- _update-generated-protobuf-dockerized.sh
- apidiff.sh
- benchmark-go.sh
- build-cross.sh
- build-go.sh
- cherry_pick_pull.sh
- dev-build-and-push.sh
- dev-build-and-up.sh
- dev-push-conformance.sh
- e2e-node-test.sh
- generate-docs.sh
- get-build.sh
- ginkgo-e2e.sh
- golangci-hints.yaml
- golangci-strict.yaml
- golangci.yaml
- golangci.yaml.in
- grab-profiles.sh
- install-etcd.sh
- install-protoc.sh
- lint-dependencies.sh
- list-feature-tests.sh
- local-up-cluster.sh
- logcheck.conf
- module-graph.sh
- pin-dependency.sh
- print-workspace-status.sh
- run-prometheus-on-etcd-scrapes.sh
- serve-prom-scrapes.sh
- test-go.sh
- test-integration.sh
- unwanted-dependencies.json
- update-all.sh
- update-codegen.sh
- update-conformance-yaml.sh
- update-generated-api-compatibility-data.sh
- update-generated-docs.sh
- update-generated-stable-metrics.sh
- update-go-workspace.sh
- update-gofmt.sh
- update-golangci-lint-config.sh
- update-import-aliases.sh
- update-internal-modules.sh
- update-kustomize.sh
- update-mocks.sh
- update-netparse-cve.sh
- update-openapi-spec.sh
- update-translations.sh
- update-vanity-imports.sh
- update-vendor-licenses.sh
- update-vendor.sh
- update-yamlfmt.sh
- verify-all.sh
- verify-api-groups.sh
- verify-boilerplate.sh
- verify-cli-conventions.sh
- verify-codegen.sh
- verify-conformance-requirements.sh
- verify-conformance-yaml.sh
- verify-description.sh
- verify-e2e-suites.sh
- verify-e2e-test-ownership.sh
- verify-external-dependencies-version.sh
- verify-fieldname-docs.sh
- verify-file-sizes.sh
- verify-flags-underscore.py
- verify-generated-docs.sh
- verify-generated-stable-metrics.sh
- verify-go-workspace.sh
- verify-gofmt.sh
- verify-golangci-lint-config.sh
- verify-golangci-lint-pr-hints.sh
- verify-golangci-lint-pr.sh
- verify-golangci-lint.sh
- verify-govulncheck.sh
- verify-import-aliases.sh
- verify-import-boss.sh
- verify-imports.sh
- verify-internal-modules.sh
- verify-licenses.sh
- verify-mocks.sh
- verify-netparse-cve.sh
- verify-no-vendor-cycles.sh
- verify-non-mutating-validation.sh
- verify-openapi-docs-urls.sh
- verify-openapi-spec.sh
- verify-pkg-names.sh
- verify-prerelease-lifecycle-tags.sh
- verify-prometheus-imports.sh
- verify-publishing-bot.py
- verify-readonly-packages.sh
- verify-shellcheck.sh
- verify-spelling.sh
- verify-staging-meta-files.sh
- verify-test-code.sh
- verify-test-featuregates.sh
- verify-test-images.sh
- verify-testing-import.sh
- verify-typecheck.sh
- verify-vendor-licenses.sh
- verify-vendor.sh
- verify-yamlfmt.sh
-
boilerplate
- logo
- pkg
- plugin
- staging
- test
- third_party
- vendor
- .generated_files
- .gitattributes
- .gitignore
- .go-version
- CHANGELOG.md
- CONTRIBUTING.md
- LICENSE
- Makefile
- OWNERS
- OWNERS_ALIASES
- README.md
- SECURITY_CONTACTS
- SUPPORT.md
- code-of-conduct.md
- go.mod
- go.sum
- go.work
- go.work.sum
Explanation
This code checks for unwanted dependencies in a Go project. It’s used within the Kubernetes repository to ensure that certain modules are not included as dependencies, even if indirectly referenced.
Here’s a breakdown of the code’s functionality:
1. Data Structures:
Unwanted
: Represents the configuration for unwanted dependencies.Spec
: Defines the list of modules that are considered unwanted, along with optional messages.Status
: Tracks the current state of unwanted dependencies:UnwantedReferences
: A map of unwanted modules to the modules referencing them.UnwantedVendored
: A list of unwanted modules that are vendored.module
: A simple struct representing a Go module, including its name and version.
2. Core Functionality:
main
: The entry point of the program.- Reads the dependency configuration from a JSON file (
dependencies.json
). - Executes
go mod graph
to gather the project’s dependency graph. - Converts the
go mod graph
output into a map of module references. - Iterates through the dependency graph, identifying references to unwanted modules.
- Updates the
Unwanted.Status
based on the discovered references. - Compares the expected status (from the JSON file) with the actual status.
- Reports discrepancies and potential actions.
3. Key Functions:
runCommand
: Executes a command and returns its output and any errors.convertToMap
: Parses thego mod graph
output into a map of module dependencies.difference
: Returns the elements present in one list but not in another.visit
: Performs a depth-first traversal of the dependency graph, executing a visitor function at each node.
4. Workflow:
- Read Configuration: The program starts by loading the
Unwanted
configuration from a JSON file. - Gather Dependency Graph: It runs
go mod graph
to get the project’s dependency relationships. - Analyze Dependencies: The program iterates through the dependency graph, checking for references to unwanted modules.
- Update Status: It updates the
Unwanted.Status
with the detected references and vendored modules. - Compare Expected and Actual Status: The program compares the expected status from the JSON file with the actual status derived from the analysis.
- Report Discrepancies: If discrepancies are found, the program reports them to the user, providing information on:
- Unwanted modules that are no longer referenced.
- Unwanted modules that are now being referenced.
- Unwanted modules that are newly vendored.
- Unwanted modules that are no longer vendored.
5. Purpose:
This program ensures that the Kubernetes project adheres to its policy of avoiding certain dependencies. It helps identify and prevent the introduction of unwanted modules into the project, contributing to code quality and security.
6. Improvements:
- Error Handling: The program could be improved by providing more specific error messages.
- Performance: The code could be optimized for performance, especially for large projects.
- Extensibility: The program could be extended to support additional checks and reporting options.
7. Summary:
This code provides a valuable tool for maintaining dependency hygiene in a Go project. It helps identify and prevent the use of unwanted modules, ensuring code quality and reducing potential risks.
Graph
The graph shows the usage of functions within the codebase.
Select a code symbol to view it's graph