“ I can only hope they understand and appreciate this *is* their work being carried forward, and our legitimate reasons for the golang to python rewrite (i.e. there's nothing against golang in the community). “
+1 Also, I would love to explore Maxim’s suggestion more. Option 1 still leads to people installing more things and it may have negative effect if people start opting out of running those checks Thanks for looking into this, Maxim On Fri, 2 May 2025 at 7:24, Brandon Williams <dri...@gmail.com> wrote: > When approaching the code for the first time, I think option 2 will be > the most consistent and have less friction since it won't be a > one-off. +1 from me. > > Kind Regards, > Brandon > > > On Fri, May 2, 2025 at 5:47 AM Mick Semb Wever <m...@apache.org> wrote: > > > > > > > > This can be done now using the following command (instead of `ant > check`): > > > > .build/docker/check-code.sh > > > > > > See readme under `.build/` > > > > But layering in the ability to do it with docker is opposed to requiring > the use of docker. i.e. I don't think we should make docker mandatory > inside `ant check`. > > > > > > There are two possible paths forward > > option 1) remove the auto-install, and just print the command the user > needs to run to do the install, and/or how to skip that target. > > option 2) build on Maxim's contribution to rewrite it to > python+virtualenv+jinja > > > > > > With option (2) i feel it would be a shame that the original work in > https://github.com/apache/cassandra-website/tree/trunk/cqlprotodoc from > our newly joined gocql community would be redone. I can only hope they > understand and appreciate this *is* their work being carried forward, and > our legitimate reasons for the golang to python rewrite (i.e. there's > nothing against golang in the community). (I've cc'd them.) > > > > Otherwise, I'm entirely on the fence – all ears. Slightly leaning > towards option (1). > > > > > > > > On Wed, 30 Apr 2025 at 16:20, Joseph Lynch <joe.e.ly...@gmail.com> > wrote: > >> > >> I also feel like this is what docker is for? It should be relatively > straightforward to start from a golang Dockerfile, add the files you need, > generate the docs and copy the result back out? > >> > >> -Joey > >> > >> On Wed, Apr 30, 2025 at 10:14 AM Chris Lohfink <clohfin...@gmail.com> > wrote: > >>> > >>> Cassandra's rube goldberg build system is so incredibly painful to > integrate inside corporate CI environments already... maybe docker > containers so you dont actually install random tools on the host computer > it might not have privileges to do? > >>> > >>> On Wed, Apr 30, 2025 at 6:13 AM Josh McKenzie <jmcken...@apache.org> > wrote: > >>>> > >>>> So while it would be nice to keep things such that someone just runs > ant and gets everything built, given this does not seem to be a standard > method of dealing with a go install in build scripts, I would suggest we > stop doing it. It looks to be very simple to install Go, so maybe switch > to telling someone how to install it if it is not found, as well as giving > them the setting to disable that artifact. > >>>> > >>>> +1 to Jeremiah's thoughts here. > >>>> > >>>> Passing thought - maybe introduce an "ant install-deps" target > that'll install deps if not found? > >>>> > >>>> On Tue, Apr 29, 2025, at 7:30 AM, Maxim Muzafarov wrote: > >>>> > >>>> Hey, > >>>> > >>>> I've prepared a python script that generates the same docs (no go > >>>> dependency). I use the jinja2 dependency, not sure if it's optimal > >>>> because I had to google how to use it though (also not sure if it has > >>>> to be run in docker). > >>>> I haven't tested the generated files with the website, but I've > >>>> compared the results with the same files in the trunk, and they look > >>>> similar (almost). > >>>> > >>>> > https://github.com/apache/cassandra/compare/trunk...Mmuzaf:cassandra:generate-cqlprotodocs-python > >>>> > >>>> On Tue, 29 Apr 2025 at 10:10, Benedict <bened...@apache.org> wrote: > >>>> > > >>>> > We should never download and install software via adhoc scripts > without user consent. Was this ever discussed on this mailing list? If not, > it’s a clear breach of policy (introducing a new dependency) and a severe > one in my opinion, as it seems to introduce a new supply chain attack > vector for all developers of Cassandra. > >>>> > > >>>> > > >>>> > > >>>> > On 29 Apr 2025, at 08:17, Mick Semb Wever <m...@apache.org> wrote: > >>>> > > >>>> > > >>>> > > >>>> > . > >>>> > > >>>> > > >>>> >> > >>>> >> But that doesn’t seem to be the case here, the script checks for > arm vs amd64, Linux vs Mac, and then fetches and untars the go distro into > tmp. There is no verification of the download. The only check is if curl > returned non 0. > >>>> > > >>>> > > >>>> > > >>>> > Thanks for catching this, the sha256 check should always have been > in place. Adding this is just a one-liner, so that alone shouldn't force > the decision. > >>>> > > >>>> > > >>>> > > >>>> >> It looks to be very simple to install Go > >>>> > > >>>> > > >>>> > > >>>> > It takes a bit to ensure all build and CI systems are updated, and > we never catch everything (esp what's downstream). > >>>> > > >>>> > > >>>> > While it's "simple", multiplied by everyone (and every system) it > adds up to be a significant time demand. > >>>> > > >>>> > Again, this too shouldn't be forcing the decision either way on > what we want to do. > >>>> > > >>>> > > >>>> > > >>>> > >>>> >
