Skip to content

Harden go dev tools#110

Merged
eapache-opslevel merged 2 commits intomainfrom
ehuus/harden-go-tools
May 5, 2026
Merged

Harden go dev tools#110
eapache-opslevel merged 2 commits intomainfrom
ehuus/harden-go-tools

Conversation

@eapache-opslevel
Copy link
Copy Markdown
Contributor

@eapache-opslevel eapache-opslevel commented May 5, 2026

@derek-etherton-opslevel
Copy link
Copy Markdown
Contributor

derek-etherton-opslevel commented May 5, 2026

not related to your change, but important gap: .github/workflows/tests.yml is incorrectly pointing to go.mod - we should point it at src/go.mod so tests actually run 😅

derek-etherton-opslevel
derek-etherton-opslevel reviewed May 5, 2026
View reviewed changes
Comment thread src/go.mod
@@ -14,50 +14,242 @@ require (
)

require (
Copy link
Copy Markdown
Contributor

@derek-etherton-opslevel derek-etherton-opslevel May 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I kind of like the idea in the article of keeping tool dependencies in a separate modfile from core dependencies to avoid bloating our "main" go.mod, and it doesn't sound like a big lift: https://www.alexedwards.net/blog/how-to-manage-tool-dependencies-in-go-1.24-plus#using-a-separate-modfile-for-tools

Not critical though, we could still ship this as-is (I know you're jumping thru a dozen different repos right now)

Copy link
Copy Markdown
Contributor Author

@eapache-opslevel eapache-opslevel May 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah unfortunately this is like the fourth golang repo I've done already and I don't feel like going back and plumbing that into all the other ones 😛

Copy link
Copy Markdown
Contributor

@derek-etherton-opslevel derek-etherton-opslevel May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah I figured - we can adjust case-by-case if it becomes annoying when changing deps in the future

@eapache-opslevel
Copy link
Copy Markdown
Contributor Author

eapache-opslevel commented May 5, 2026

not related to your change, but important gap: .github/workflows/tests.yml is incorrectly pointing to go.mod - we should point it at src/go.mod so tests actually run 😅

Wow nice catch.

@eapache-opslevel eapache-opslevel mentioned this pull request May 5, 2026
Merged
@derek-etherton-opslevel derek-etherton-opslevel self-requested a review May 5, 2026 19:28
derek-etherton-opslevel
derek-etherton-opslevel approved these changes May 5, 2026
View reviewed changes
Comment thread src/go.mod
@@ -14,50 +14,242 @@ require (
)

require (
Copy link
Copy Markdown
Contributor

@derek-etherton-opslevel derek-etherton-opslevel May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah I figured - we can adjust case-by-case if it becomes annoying when changing deps in the future

@eapache-opslevel eapache-opslevel merged commit aa49ac9 into main May 5, 2026
1 check passed
@eapache-opslevel eapache-opslevel deleted the ehuus/harden-go-tools branch May 5, 2026 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@derek-etherton-opslevel derek-etherton-opslevel derek-etherton-opslevel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eapache-opslevel @derek-etherton-opslevel