When approaching the code for the first time, I think option 2 will be the most consistent and have less friction since it won't be a one-off. +1 from me.
Kind Regards, Brandon On Fri, May 2, 2025 at 5:47 AM Mick Semb Wever <m...@apache.org> wrote: > > > > This can be done now using the following command (instead of `ant check`): > > .build/docker/check-code.sh > > > See readme under `.build/` > > But layering in the ability to do it with docker is opposed to requiring the > use of docker. i.e. I don't think we should make docker mandatory inside > `ant check`. > > > There are two possible paths forward > option 1) remove the auto-install, and just print the command the user needs > to run to do the install, and/or how to skip that target. > option 2) build on Maxim's contribution to rewrite it to > python+virtualenv+jinja > > > With option (2) i feel it would be a shame that the original work in > https://github.com/apache/cassandra-website/tree/trunk/cqlprotodoc from our > newly joined gocql community would be redone. I can only hope they > understand and appreciate this *is* their work being carried forward, and our > legitimate reasons for the golang to python rewrite (i.e. there's nothing > against golang in the community). (I've cc'd them.) > > Otherwise, I'm entirely on the fence – all ears. Slightly leaning towards > option (1). > > > > On Wed, 30 Apr 2025 at 16:20, Joseph Lynch <joe.e.ly...@gmail.com> wrote: >> >> I also feel like this is what docker is for? It should be relatively >> straightforward to start from a golang Dockerfile, add the files you need, >> generate the docs and copy the result back out? >> >> -Joey >> >> On Wed, Apr 30, 2025 at 10:14 AM Chris Lohfink <clohfin...@gmail.com> wrote: >>> >>> Cassandra's rube goldberg build system is so incredibly painful to >>> integrate inside corporate CI environments already... maybe docker >>> containers so you dont actually install random tools on the host computer >>> it might not have privileges to do? >>> >>> On Wed, Apr 30, 2025 at 6:13 AM Josh McKenzie <jmcken...@apache.org> wrote: >>>> >>>> So while it would be nice to keep things such that someone just runs ant >>>> and gets everything built, given this does not seem to be a standard >>>> method of dealing with a go install in build scripts, I would suggest we >>>> stop doing it. It looks to be very simple to install Go, so maybe switch >>>> to telling someone how to install it if it is not found, as well as giving >>>> them the setting to disable that artifact. >>>> >>>> +1 to Jeremiah's thoughts here. >>>> >>>> Passing thought - maybe introduce an "ant install-deps" target that'll >>>> install deps if not found? >>>> >>>> On Tue, Apr 29, 2025, at 7:30 AM, Maxim Muzafarov wrote: >>>> >>>> Hey, >>>> >>>> I've prepared a python script that generates the same docs (no go >>>> dependency). I use the jinja2 dependency, not sure if it's optimal >>>> because I had to google how to use it though (also not sure if it has >>>> to be run in docker). >>>> I haven't tested the generated files with the website, but I've >>>> compared the results with the same files in the trunk, and they look >>>> similar (almost). >>>> >>>> https://github.com/apache/cassandra/compare/trunk...Mmuzaf:cassandra:generate-cqlprotodocs-python >>>> >>>> On Tue, 29 Apr 2025 at 10:10, Benedict <bened...@apache.org> wrote: >>>> > >>>> > We should never download and install software via adhoc scripts without >>>> > user consent. Was this ever discussed on this mailing list? If not, it’s >>>> > a clear breach of policy (introducing a new dependency) and a severe one >>>> > in my opinion, as it seems to introduce a new supply chain attack vector >>>> > for all developers of Cassandra. >>>> > >>>> > >>>> > >>>> > On 29 Apr 2025, at 08:17, Mick Semb Wever <m...@apache.org> wrote: >>>> > >>>> > >>>> > >>>> > . >>>> > >>>> > >>>> >> >>>> >> But that doesn’t seem to be the case here, the script checks for arm vs >>>> >> amd64, Linux vs Mac, and then fetches and untars the go distro into >>>> >> tmp. There is no verification of the download. The only check is if >>>> >> curl returned non 0. >>>> > >>>> > >>>> > >>>> > Thanks for catching this, the sha256 check should always have been in >>>> > place. Adding this is just a one-liner, so that alone shouldn't force >>>> > the decision. >>>> > >>>> > >>>> > >>>> >> It looks to be very simple to install Go >>>> > >>>> > >>>> > >>>> > It takes a bit to ensure all build and CI systems are updated, and we >>>> > never catch everything (esp what's downstream). >>>> > >>>> > >>>> > While it's "simple", multiplied by everyone (and every system) it adds >>>> > up to be a significant time demand. >>>> > >>>> > Again, this too shouldn't be forcing the decision either way on what we >>>> > want to do. >>>> > >>>> > >>>> > >>>> >>>>
