go-licenses/2.0.0 package update

[octo-sts]

[octo-sts]

🩹 Build Failed: Patch Application Failed

Failed to run command "/bin/sh -c 'set -e \n[ -d '''/home/build''' ] || mkdir -p '''/home/build''\ncd '''/home/build''\nseries='''\nif [ -z $series ]; then\n\tif [ -n '''go-git.patch''' ]; then\n\t\tseries=$(mktemp)\n\t\techo '''go-git.patch''' | awk '''{ for(i = 1; i <= NF; i++) { print $i; } }''' >$series\n\telse\n\t\techo "ERROR: Neither patches or series was set."\n\t\texit 1\n\tfi\nfi\ngrep -v -E '''^(#|$)''' $series | (while read patchfile; do\n\tpatch '''-p1''' --fuzz=2 --verbose <$patchfile\ndone)\n\nexit 0'": Process exited with status 1

Build Details

Category	Details
Build System	melange
Failure Point	patch step - applying go-git.patch

Root Cause Analysis 🔍

Multiple patch hunks failed to apply to the target files (go.mod, go.sum, licenses/git.go, licenses/git_test.go). The patch appears to be incompatible with the current version of the source code, indicating that the patch was created for a different version of the codebase than what was checked out (tag v2.0.0).

---

🔍 Build failure fix suggestions

Found similar build failures that have been fixed in the past and analyzed them to suggest a fix:

Similar PRs with fixes

• ruby3.4-rubyzip/3.0.1 package update #62073

Suggested Changes

File: go-licenses.yaml

• removal at line 13-15 (pipeline section)
  Original:

  - uses: patch
    with:
      patches: go-git.patch

Content:

Remove the patch step entirely since the patch is incompatible with v2.0.0

File: go-licenses/go-git.patch

• file_deletion (entire file)
  Content:

Delete the patch file as it's no longer compatible with v2.0.0

Click to expand fix analysis

Analysis

The similar fixes show a clear pattern: when patch application fails due to patches being already applied, outdated, or incompatible with the new version, the solution is to either update the patch content to match the new codebase or remove the patch entirely if it's no longer needed. In Fix Examples #0 and #1, the patches were updated to match newer versions of the source code with different line contexts. In Fix Example #2, the patch was completely removed because the issue it addressed was already fixed upstream in the newer version. All fixes also updated the version and expected-commit to point to the correct source version.

Click to expand fix explanation

Explanation

The current build failure occurs because the go-git.patch was created for an older version of the go-licenses codebase and is incompatible with v2.0.0. The patch is failing to apply to multiple files (go.mod, go.sum, licenses/git.go, licenses/git_test.go), indicating significant changes in the upstream codebase. Based on the upstream changelog, v2.0.0 includes major changes like adding '/v2 to module and imports', dependency upgrades, and performance improvements that likely resolve the issues the original patch was meant to address. Following the pattern from Fix Example #2, where a patch was removed because the upstream version already included the fix, the best approach is to remove the patch entirely and rely on the upstream v2.0.0 release. The go/bump step that follows will handle any additional dependency updates needed.

Click to expand alternative approaches

Alternative Approaches

• Update the patch file to match the v2.0.0 codebase structure, but this would require analyzing what the original patch was trying to fix and recreating it for the new version
• Downgrade to an older version where the patch applies, but this goes against Wolfi's principle of using the latest upstream versions
• Investigate if the patch functionality is still needed by examining the specific changes it makes and implementing them differently

---

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

[octo-sts]

superseded by #65557