chore(deps): retire docker/docker via gormx migration (Aikido)#35
Closed
dorothyyzh wants to merge 2 commits into
Closed
chore(deps): retire docker/docker via gormx migration (Aikido)#35dorothyyzh wants to merge 2 commits into
dorothyyzh wants to merge 2 commits into
Conversation
…Aikido) Retire `github.com/docker/docker` from this module by replacing `github.com/theplant/testenv` usage in four `_test.go` files with `qor5/x/v3/gormx.OpenContainer` + plain `gorm.Open`. `theplant/testenv@v0.2.1` (HEAD, unreleased ~10 months) directly imports `docker/docker/api/types/container` and was the last path bringing `docker/docker v28.5.2+incompatible` into this repo's go.mod. Why `gormx.OpenContainer` rather than `gormx.SetupDatabase`: SetupDatabase installs `OmitAssociationsPlugin` globally on the returned *gorm.DB, which omits GORM associations on every Create/Update/Delete. The gormrelay and gormfilter tests exercise associations, so this side effect would silently break them. The lighter OpenContainer + plain gorm.Open mirrors the prior testenv behavior 1:1. Verification: - `go build ./...` clean - `go vet ./...` clean - `go test ./...` pass (all 8 packages with tests, ~22s) - `go mod why github.com/docker/docker` -> not needed - `docker/docker` no longer in `go.mod` - `theplant/testenv` no longer in `go.mod` DRAFT — qor5/x/v3 is currently pinned to a pseudo-version from qor5/x#582 branch. Once qor5/x#582 merges + tags, this PR's go.mod will be re-pointed to that tag before being marked ready for review. Aikido group 25543337 (CVE-2026-33997 / CVE-2026-34040). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace the OpenContainer + gorm.Open hand-wiring with the new MustStartRawTestSuite helper (qor5/x f23cd74e). Equivalent behavior in fewer lines, with lifecycle-managed container teardown. Plain MustStartTestSuite was not an option here: it installs OmitAssociationsPlugin via SetupDatabase, which silently changes GORM Create/Update/Delete semantics — gormrelay/gormfilter tests exercise associations directly, so this would cause hard-to-debug failures. Verification: `go test ./...` pass (all 8 packages, ~20s), docker/docker still absent from go.mod. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace
github.com/theplant/testenvusage in four_test.gofiles withqor5/x/v3/gormx.OpenContainer+ plaingorm.Open. Bumpqor5/x/v3to the #582 branch pseudo-version.Why
docker/dockeris frozen atv28.5.2+incompatibleon the Go module proxy — moby moved Go-module publishing togithub.com/moby/moby/api. Aikido flagsdocker/dockerfor CVE-2026-33997 / 34040 (group 25543337).theplant/testenv@v0.2.1(HEAD, unreleased for ~10 months) directly importsdocker/docker/api/types/containerand was the last transitive path bringingdocker/dockerinto this module'sgo.mod.qor5/xalready migrated its equivalent helper (gormx.OpenContainer) offdocker/dockerontogithub.com/moby/moby/apiin qor5/x#581.theplant/relayis a foundational library used acrosstheplant/*services (includingqor5/admin), so retiringdocker/dockerhere unblocks downstream services.Changes
gormrelay/relay_test.go,protorelay/proto_test.go,filter/gormfilter/filter_test.go: replacetestenv.New().DBEnable(true).SetUp()withgormx.OpenContainer(ctx, nil)+gorm.Open(postgres.Open(container.DSN), …).filter/gormfilter/perf/perf_test.go: same swap, but only in theelsebranch (the--dsnflag branch was already using plaingorm.Open).go.mod: bumpqor5/x/v3to PR #582 pseudo-version, droptheplant/testenv, transitively bumptestcontainers-go0.38.0 → 0.42.0 (first moby-migrated release).Why
gormx.OpenContainerrather thangormx.SetupDatabaseSetupDatabaseinstallsOmitAssociationsPluginglobally on the returned*gorm.DB, which omits GORM associations on every Create/Update/Delete. Thegormrelayandgormfiltertests exercise associations (Country↔Company↔User chains), so this side effect would silently break them. The lighterOpenContainer+ plaingorm.Openmirrors the priortestenvbehavior 1:1.Verification
go build ./...cleango vet ./...cleango test ./...pass (all 8 packages with tests, ~22s —cursor,filter,filter/gormfilter,filter/gormfilter/perf,filter/protofilter,gormrelay,internal/hook,protorelay)go mod why github.com/docker/docker→(main module does not need package github.com/docker/docker)docker/dockerno longer in go.modtheplant/testenvno longer in go.modMerge plan
qor5/x/v3to the qor5/x release tagqor5/adminbumpsqor5/x+theplant/relayDeployment note
Skill opens this PR; it does not touch any
release-*branch.