Split pkg/server from pkg/api #616
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
API clients using pkg/api.NewClient , like github.com/sigstore/cosign, currently end up depending on all the implementation details of the servers, unnecessarily increasing their binary size and supply-chain attack surface. Instead, move the server code to a new pkg/server (assuming there are no external users of that functionality), and leave pkg/api as a package only providing a client (as it is used in practice, and documented in various places in this repo). The move includes pkg/api/version.go, because it is only useful with a Go build that specifies the various values at build time, which is unlikely to be the case for any third-party importer of that package. Signed-off-by: Miloslav Trmač <[email protected]>
dlorenc
approved these changes
May 26, 2022
|
LGTM, also worth noting that we'll be recommending the use of the V2 API, and we'll be deprecating the legacy client. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Miloslav Trmač [email protected]
Summary
Split pkg/server from pkg/api
Ticket Link
N/A
Release Note
API clients using
pkg/api.NewClient, likegithub.aaakk.us.kg/sigstore/cosign, currently end up depending on all the implementation details of the servers, unnecessarily increasing their binary size and supply-chain attack surface.Instead, move the server code to a new pkg/server (assuming there are no external users of that functionality), and leave pkg/api as a package only providing a client (as it is used in practice, and documented in various places in this repo).
The move includes
pkg/api/version.go, because it is only useful with a Go build that specifies the various values at build time, which is unlikely to be the case for any third-party importer of that package.This shaves over 500 kB from a simple user of
pkg/api.NewClient.