go.mod: cut circular dependency on github.com/containerd/containerd

This forces vendoring to only take dependencies of this repository to be taken into account, effectively cutting the circular dependency (for the vendored code), and to prevent depending on transitive dependencies coming from older versions of containerd. go mod does not allow using the main module as a local "replace" rule using a path; see golang/go#45492 and golang/go#34417, so instead, an empty module is used. One change observed is that older versions containerd depended on an older version of imgcrypt that had an "indirect" dependency on more current versions of gopkg.in/yaml.v2 and prometheus/procfs. For those, a temporary "indirect" dependency was added, until prometheus/client_golang and kubernetes are updated. from go mod graph (before): github.com/containerd/[email protected] gopkg.in/[email protected] github.com/containerd/[email protected] github.com/prometheus/[email protected] For some reason, some older versions of containerd are still taken into account, causing satori/go.uuid to be added as "indirect" dependency, likely because some modules have this dependency in their go.sum. This should likely disappear once those plugins are updated to contain a current version of containerd. git grep 'github.com/satori/go.uuid' vendor/github.com/Microsoft/hcsshim/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= vendor/github.com/containerd/aufs/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= vendor/github.com/containerd/imgcrypt/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= vendor/github.com/containerd/nri/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= vendor/github.com/containerd/zfs/go.sum:github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= Signed-off-by: Sebastiaan van Stijn <[email protected]>
zhuangqh · May 1, 2021 · e26fc84 · e26fc84
1 parent 15e0bd5
commit e26fc84
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 199 deletions.
diff --git a/.empty-mod/go.mod b/.empty-mod/go.mod
@@ -0,0 +1,11 @@
+// module empty-mod is an empty module that's used to help with containerd
+// having a circular dependency on itself through plugin modules.
+//
+// We use this module as a "replace" rule in containerd's go.mod, to prevent
+// relying on transitive dependencies (coming from older versions of containerd
+// defined on plugin go.mod).
+//
+// The replace rule forces go modules to consider the "current" version of
+// containerd to be the source of truth, helping us catch missing go.mod rules,
+// or version changes early.
+module empty-mod
diff --git a/go.mod b/go.mod
@@ -46,6 +46,8 @@ require (
 	github.com/pelletier/go-toml v1.8.1
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.7.1
+	github.com/prometheus/procfs v0.6.0 // indirect; temporarily force v0.6.0, which was previously defined in imgcrypt as explicit version
+	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.7.0
 	github.com/stretchr/testify v1.6.1
 	github.com/tchap/go-patricia v2.2.6+incompatible
@@ -68,6 +70,9 @@ require (
 
 // When updating replace rules, make sure to also update the rules in integration/client/go.mod
 replace (
+	// prevent transitional dependencies due to containerd having a circular
+	// dependency on itself through plugins. see .empty-mod/go.mod for details
+	github.com/containerd/containerd => ./.empty-mod/
 	github.com/gogo/googleapis => github.com/gogo/googleapis v1.3.2
 	github.com/golang/protobuf => github.com/golang/protobuf v1.3.5
 	// urfave/cli must be <= v1.22.1 due to a regression: https://github.com/urfave/cli/issues/1092