Skip to content

Remove golang dependency from check-npm-dependencies workflow. #709

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cmaglie wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Remove golang dependency from check-npm-dependencies workflow. #709

cmaglie wants to merge 2 commits into from

Conversation

@cmaglie
Copy link
Member

@cmaglie cmaglie commented Jan 29, 2026

This is a proposal to remove the dependency on golang for this workflow.

I found it easier to integrate the workflow in repositories that do not have a go.mod, see arduino/arduino-ide#2841

Adding a go.mod to the main repo to only install Task may be a bit noisy, since Task already has a well-tested binary distribution system https://taskfile.dev/docs/installation.
@cmaglie
Do not install golang since it's not required.
9660b32 
This workflow may run on projects based exclusively on npm, so the root
repository may not use golang and may not have a go.mod at all.
The `go tool ...` facility works only with a go.mod and the tool listed
in it. In this case since we only need Task, we can install it using the
provided GH Action.
@cmaglie
Fixed link in workflow
a958314
@cmaglie cmaglie force-pushed the update-npm-dep-check branch from 2122c44 to a958314 Compare January 29, 2026 11:45
@cmaglie cmaglie requested a review from per1234 January 30, 2026 08:37
per1234
per1234 reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

@per1234 per1234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am opposed.

I would understand a concern about avoiding cluttering up a project file system when it is expected that beginners will be interacting with that file system and the goal is to make that project approachable to beginners. In fact, I created separate versions of some of the assets specifically for use in firmware projects. However, I don't see that we would ever use these assets in a beginner targeted project.

As for projects which aren't intended to be approachable by beginners, adding a couple extra small files to the project won't do any harm. And those files will be useful for managing all Go-based tools of the project, not exclusively for this specific infrastructure.

The goal is to move towards proper management of tool dependencies on a pre-project basis rather than letting them flap around in the breeze. The change you propose here moves us back to using an unpinned Task version, which means our infrastructure is only one bad Task release away from breakage. The alternative is having version numbers hardcoded into various files scattered through the repository, which effectively means we will always use outdated versions, and inefficiency on the rare occasions where we do get around to making an update.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@cmaglie @per1234