Could gomodguard be made to enforce 'go mod tidy' ?
edwarnicke opened this issue · 4 comments
It is often helpful to insure that your go.mod and go.sum have been 'tidied' prior to commit upstream, is that something
gomodguard could be made to do?
I... wasn't suggesting it do the go tidying (I agree... sneaky tools mucking with what you pushed in your PR is no good).
I was thinking about checking to make sure the go.mod was tidy (ie, matched what you would have if you ran go mod tidy.
As to approach... I have an existing shell based job here:
https://github.com/edwarnicke/exechelper/blob/master/.github/workflows/ci.yaml#L41
that does roughly what I'm describing.
If you still don't think it fits in gomodguard, that's cool :) But being able to check that you go.mod and go.sum are tidy does sort of feel like the kind of thing you'd want to guard in your go.mod ;)
I'm not sure how this would work with -mod=readonly mode set which all CI should enable as good practice.
Gave this request a bit of thought. This won't work due to how this linter works. It uses the go.mod file and checks if source files are importing blocked modules. It's not possible to bubble the results of a go mod tidy here on the same way especially since go mod tidy may change for indirect dependencies which we do not lint.