Merge pull request #698 from zryfish/add_denpendency_update_script

Add denpendency update script

Makefile

@@ -39,7 +39,7 @@ define ALL_HELP_INFO
 #           debugging tools like delve.
 endef
 .PHONY: all
-all: test ks-apiserver ks-apigateway ks-iam controller-manager clientset
+all: test ks-apiserver ks-apigateway ks-iam controller-manager 
 
 # Build ks-apiserver binary
 ks-apiserver: test

hack/lib/golang.sh

+#!/usr/bin/env bash
+
+# This is a modified version of Kubernetes
+
+
+# Ensure the go tool exists and is a viable version.
+kube::golang::verify_go_version() {
+  if [[ -z "$(command -v go)" ]]; then
+    kube::log::usage_from_stdin <<EOF
+Can't find 'go' in PATH, please fix and retry.
+See http://golang.org/doc/install for installation instructions.
+EOF
+    return 2
+  fi
+
+  local go_version
+  IFS=" " read -ra go_version <<< "$(go version)"
+  local minimum_go_version
+  minimum_go_version=go1.12.1
+  if [[ "${minimum_go_version}" != $(echo -e "${minimum_go_version}\n${go_version[2]}" | sort -s -t. -k 1,1 -k 2,2n -k 3,3n | head -n1) && "${go_version[2]}" != "devel" ]]; then
+    kube::log::usage_from_stdin <<EOF
+Detected go version: ${go_version[*]}.
+Kubernetes requires ${minimum_go_version} or greater.
+Please install ${minimum_go_version} or later.
+EOF
+    return 2
+  fi
+}

hack/lib/init.sh

+#!/usr/bin/env bash
+
+# This script is modified version of Kubernetes script
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+export GO111MODULE=auto
+
+# The root of the build/dist directory
+KUBE_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)"
+
+KUBE_OUTPUT_SUBPATH="${KUBE_OUTPUT_SUBPATH:-_output/local}"
+KUBE_OUTPUT="${KUBE_ROOT}/${KUBE_OUTPUT_SUBPATH}"
+KUBE_OUTPUT_BINPATH="${KUBE_OUTPUT}/bin"
+
+export THIS_PLATFORM_BIN="${KUBE_ROOT}/_output/bin"
+
+source "${KUBE_ROOT}/hack/lib/util.sh"
+source "${KUBE_ROOT}/hack/lib/logging.sh"
+
+kube::log::install_errexit
+
+source "${KUBE_ROOT}/hack/lib/golang.sh"
+
+KUBE_OUTPUT_HOSTBIN="${KUBE_OUTPUT_BINPATH}/$(kube::util::host_platform)"
+export KUBE_OUTPUT_HOSTBIN
+
+
+# This emulates "readlink -f" which is not available on MacOS X.
+# Test:
+# T=/tmp/$$.$RANDOM
+# mkdir $T
+# touch $T/file
+# mkdir $T/dir
+# ln -s $T/file $T/linkfile
+# ln -s $T/dir $T/linkdir
+# function testone() {
+#   X=$(readlink -f $1 2>&1)
+#   Y=$(kube::readlinkdashf $1 2>&1)
+#   if [ "$X" != "$Y" ]; then
+#     echo readlinkdashf $1: expected "$X", got "$Y"
+#   fi
+# }
+# testone /
+# testone /tmp
+# testone $T
+# testone $T/file
+# testone $T/dir
+# testone $T/linkfile
+# testone $T/linkdir
+# testone $T/nonexistant
+# testone $T/linkdir/file
+# testone $T/linkdir/dir
+# testone $T/linkdir/linkfile
+# testone $T/linkdir/linkdir
+function kube::readlinkdashf {
+  # run in a subshell for simpler 'cd'
+  (
+    if [[ -d "${1}" ]]; then # This also catch symlinks to dirs.
+      cd "${1}"
+      pwd -P
+    else
+      cd "$(dirname "${1}")"
+      local f
+      f=$(basename "${1}")
+      if [[ -L "${f}" ]]; then
+        readlink "${f}"
+      else
+        echo "$(pwd -P)/${f}"
+      fi
+    fi
+  )
+}
+
+# This emulates "realpath" which is not available on MacOS X
+# Test:
+# T=/tmp/$$.$RANDOM
+# mkdir $T
+# touch $T/file
+# mkdir $T/dir
+# ln -s $T/file $T/linkfile
+# ln -s $T/dir $T/linkdir
+# function testone() {
+#   X=$(realpath $1 2>&1)
+#   Y=$(kube::realpath $1 2>&1)
+#   if [ "$X" != "$Y" ]; then
+#     echo realpath $1: expected "$X", got "$Y"
+#   fi
+# }
+# testone /
+# testone /tmp
+# testone $T
+# testone $T/file
+# testone $T/dir
+# testone $T/linkfile
+# testone $T/linkdir
+# testone $T/nonexistant
+# testone $T/linkdir/file
+# testone $T/linkdir/dir
+# testone $T/linkdir/linkfile
+# testone $T/linkdir/linkdir
+kube::realpath() {
+  if [[ ! -e "${1}" ]]; then
+    echo "${1}: No such file or directory" >&2
+    return 1
+  fi
+  kube::readlinkdashf "${1}"
+}
\ No newline at end of file

hack/lib/logging.sh

+#!/usr/bin/env bash
+
+# Copyright 2014 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Controls verbosity of the script output and logging.
+KUBE_VERBOSE="${KUBE_VERBOSE:-5}"
+
+# Handler for when we exit automatically on an error.
+# Borrowed from https://gist.github.com/ahendrix/7030300
+kube::log::errexit() {
+  local err="${PIPESTATUS[*]}"
+
+  # If the shell we are in doesn't have errexit set (common in subshells) then
+  # don't dump stacks.
+  set +o | grep -qe "-o errexit" || return
+
+  set +o xtrace
+  local code="${1:-1}"
+  # Print out the stack trace described by $function_stack
+  if [ ${#FUNCNAME[@]} -gt 2 ]
+  then
+    kube::log::error "Call tree:"
+    for ((i=1;i<${#FUNCNAME[@]}-1;i++))
+    do
+      kube::log::error " ${i}: ${BASH_SOURCE[${i}+1]}:${BASH_LINENO[${i}]} ${FUNCNAME[${i}]}(...)"
+    done
+  fi
+  kube::log::error_exit "Error in ${BASH_SOURCE[1]}:${BASH_LINENO[0]}. '${BASH_COMMAND}' exited with status ${err}" "${1:-1}" 1
+}
+
+kube::log::install_errexit() {
+  # trap ERR to provide an error handler whenever a command exits nonzero  this
+  # is a more verbose version of set -o errexit
+  trap 'kube::log::errexit' ERR
+
+  # setting errtrace allows our ERR trap handler to be propagated to functions,
+  # expansions and subshells
+  set -o errtrace
+}
+
+# Print out the stack trace
+#
+# Args:
+#   $1 The number of stack frames to skip when printing.
+kube::log::stack() {
+  local stack_skip=${1:-0}
+  stack_skip=$((stack_skip + 1))
+  if [[ ${#FUNCNAME[@]} -gt ${stack_skip} ]]; then
+    echo "Call stack:" >&2
+    local i
+    for ((i=1 ; i <= ${#FUNCNAME[@]} - stack_skip ; i++))
+    do
+      local frame_no=$((i - 1 + stack_skip))
+      local source_file=${BASH_SOURCE[${frame_no}]}
+      local source_lineno=${BASH_LINENO[$((frame_no - 1))]}
+      local funcname=${FUNCNAME[${frame_no}]}
+      echo "  ${i}: ${source_file}:${source_lineno} ${funcname}(...)" >&2
+    done
+  fi
+}
+
+# Log an error and exit.
+# Args:
+#   $1 Message to log with the error
+#   $2 The error code to return
+#   $3 The number of stack frames to skip when printing.
+kube::log::error_exit() {
+  local message="${1:-}"
+  local code="${2:-1}"
+  local stack_skip="${3:-0}"
+  stack_skip=$((stack_skip + 1))
+
+  if [[ ${KUBE_VERBOSE} -ge 4 ]]; then
+    local source_file=${BASH_SOURCE[${stack_skip}]}
+    local source_line=${BASH_LINENO[$((stack_skip - 1))]}
+    echo "!!! Error in ${source_file}:${source_line}" >&2
+    [[ -z ${1-} ]] || {
+      echo "  ${1}" >&2
+    }
+
+    kube::log::stack ${stack_skip}
+
+    echo "Exiting with status ${code}" >&2
+  fi
+
+  exit "${code}"
+}
+
+# Log an error but keep going.  Don't dump the stack or exit.
+kube::log::error() {
+  timestamp=$(date +"[%m%d %H:%M:%S]")
+  echo "!!! ${timestamp} ${1-}" >&2
+  shift
+  for message; do
+    echo "    ${message}" >&2
+  done
+}
+
+# Print an usage message to stderr.  The arguments are printed directly.
+kube::log::usage() {
+  echo >&2
+  local message
+  for message; do
+    echo "${message}" >&2
+  done
+  echo >&2
+}
+
+kube::log::usage_from_stdin() {
+  local messages=()
+  while read -r line; do
+    messages+=("${line}")
+  done
+
+  kube::log::usage "${messages[@]}"
+}
+
+# Print out some info that isn't a top level status line
+kube::log::info() {
+  local V="${V:-0}"
+  if [[ ${KUBE_VERBOSE} < ${V} ]]; then
+    return
+  fi
+
+  for message; do
+    echo "${message}"
+  done
+}
+
+# Just like kube::log::info, but no \n, so you can make a progress bar
+kube::log::progress() {
+  for message; do
+    echo -e -n "${message}"
+  done
+}
+
+kube::log::info_from_stdin() {
+  local messages=()
+  while read -r line; do
+    messages+=("${line}")
+  done
+
+  kube::log::info "${messages[@]}"
+}
+
+# Print a status line.  Formatted to show up in a stream of output.
+kube::log::status() {
+  local V="${V:-0}"
+  if [[ ${KUBE_VERBOSE} < ${V} ]]; then
+    return
+  fi
+
+  timestamp=$(date +"[%m%d %H:%M:%S]")
+  echo "+++ ${timestamp} ${1}"
+  shift
+  for message; do
+    echo "    ${message}"
+  done
+}

hack/pin-dependency.sh

+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+source "${KUBE_ROOT}/hack/lib/init.sh"
+
+# Usage:
+#   hack/pin-dependency.sh $MODULE $SHA-OR-TAG
+#
+# Example:
+#   hack/pin-dependency.sh github.com/docker/docker 501cb131a7b7
+
+# Explicitly opt into go modules, even though we're inside a GOPATH directory
+export GO111MODULE=on
+# Explicitly clear GOFLAGS, since GOFLAGS=-mod=vendor breaks dependency resolution while rebuilding vendor
+export GOFLAGS=
+# Detect problematic GOPROXY settings that prevent lookup of dependencies
+if [[ "${GOPROXY:-}" == "off" ]]; then
+  kube::log::error "Cannot run with \$GOPROXY=off"
+  exit 1
+fi
+
+kube::golang::verify_go_version
+kube::util::require-jq
+
+dep="${1:-}"
+sha="${2:-}"
+if [[ -z "${dep}" || -z "${sha}" ]]; then
+  echo "Usage:"
+  echo "  hack/pin-dependency.sh \$MODULE \$SHA-OR-TAG"
+  echo ""
+  echo "Example:"
+  echo "  hack/pin-dependency.sh github.com/docker/docker 501cb131a7b7"
+  echo ""
+  exit 1
+fi
+
+_tmp="${KUBE_ROOT}/_tmp"
+cleanup() {
+  rm -rf "${_tmp}"
+}
+trap "cleanup" EXIT SIGINT
+cleanup
+mkdir -p "${_tmp}"
+
+# Add the require directive
+echo "Running: go get ${dep}@${sha}"
+go get -m -d "${dep}@${sha}"
+
+# Find the resolved version
+rev=$(go mod edit -json | jq -r ".Require[] | select(.Path == \"${dep}\") | .Version")
+
+# No entry in go.mod, we must be using the natural version indirectly
+if [[ -z "${rev}" ]]; then
+  # backup the go.mod file, since go list modifies it
+  cp go.mod "${_tmp}/go.mod.bak"
+  # find the revision
+  rev=$(go list -m -json "${dep}" | jq -r .Version)
+  # restore the go.mod file
+  mv "${_tmp}/go.mod.bak" go.mod
+fi
+
+# No entry found
+if [[ -z "${rev}" ]]; then
+  echo "Could not resolve ${sha}"
+  exit 1
+fi
+
+echo "Resolved to ${dep}@${rev}"
+
+# Add the replace directive
+echo "Running: go mod edit -replace ${dep}=${dep}@${rev}"
+go mod edit -replace "${dep}=${dep}@${rev}"
+
+echo ""
+echo "Run hack/update-vendor.sh to rebuild the vendor directory"

hack/update-vendor-licenses.sh

+#!/usr/bin/env bash
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Update the Godeps/LICENSES document.
+# Generates a table of Godep dependencies and their license.
+#
+# Usage:
+#    $0 [--create-missing] [/path/to/licenses]
+#
+#    --create-missing will write the files that only exist upstream, locally.
+#    This option is mostly used for testing as we cannot check-in any of the
+#    additionally created files into the vendor auto-generated tree.
+#
+#    Run every time a license file is added/modified within /vendor to
+#    update /Godeps/LICENSES
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+export LANG=C
+export LC_ALL=C
+
+###############################################################################
+# Process package content
+#
+# @param package  The incoming package name
+# @param type     The type of content (LICENSE, COPYRIGHT or COPYING)
+#
+process_content () {
+  local package=$1
+  local type=$2
+
+  local package_root
+  local ensure_pattern
+  local dir_root
+  local find_maxdepth
+  local find_names
+  local -a local_files=()
+
+  # Necessary to expand {}
+  case ${type} in
+      LICENSE) find_names=(-iname 'licen[sc]e*')
+               find_maxdepth=1
+               # Sadly inconsistent in the wild, but mostly license files
+               # containing copyrights, but no readme/notice files containing
+               # licenses (except to "see license file")
+               ensure_pattern="license|copyright"
+               ;;
+    # We search READMEs for copyrights and this includes notice files as well
+    # Look in as many places as we find files matching
+    COPYRIGHT) find_names=(-iname 'notice*' -o -iname 'readme*')
+               find_maxdepth=3
+               ensure_pattern="copyright"
+               ;;
+      COPYING) find_names=(-iname 'copying*')
+               find_maxdepth=1
+               ensure_pattern="license|copyright"
+               ;;
+  esac
+
+  # Start search at package root
+  case ${package} in
+    github.com/*|golang.org/*|bitbucket.org/*|gonum.org/*)
+     package_root=$(echo "${package}" |awk -F/ '{ print $1"/"$2"/"$3 }')
+     ;;
+    go4.org/*)
+     package_root=$(echo "${package}" |awk -F/ '{ print $1 }')
+     ;;
+    gopkg.in/*)
+     # Root of gopkg.in package always ends with '.v(number)' and my contain
+     # more than two path elements. For example:
+     # - gopkg.in/yaml.v2
+     # - gopkg.in/inf.v0
+     # - gopkg.in/square/go-jose.v2
+     package_root=$(echo "${package}" |grep -oh '.*\.v[0-9]')
+     ;;
+    */*)
+     package_root=$(echo "${package}" |awk -F/ '{ print $1"/"$2 }')
+     ;;
+    *)
+     package_root="${package}"
+     ;;
+  esac
+
+  # Find files - only root and package level
+  local_files=()
+  IFS=" " read -r -a local_files <<< "$(
+    for dir_root in ${package} ${package_root}; do
+      [[ -d ${DEPS_DIR}/${dir_root} ]] || continue
+
+      # One (set) of these is fine
+      find "${DEPS_DIR}/${dir_root}" \
+          -xdev -follow -maxdepth ${find_maxdepth} \
+          -type f "${find_names[@]}"
+    done | sort -u)"
+
+  local index
+  local f
+  index="${package}-${type}"
+  if [[ -z "${CONTENT[${index}]-}" ]]; then
+    for f in "${local_files[@]-}"; do
+      if [[ -z "$f" ]]; then
+        # Set the default value and then check it to prevent
+        # accessing potentially empty array
+        continue
+      fi
+      # Find some copyright info in any file and break
+      if grep -E -i -wq "${ensure_pattern}" "${f}"; then
+        CONTENT[${index}]="${f}"
+        break
+      fi
+    done
+  fi
+}
+
+
+#############################################################################
+# MAIN
+#############################################################################
+KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+source "${KUBE_ROOT}/hack/lib/init.sh"
+
+export GO111MODULE=on
+
+# Check bash version
+if (( BASH_VERSINFO[0] < 4 )); then
+  echo
+  echo "ERROR: Bash v4+ required."
+  # Extra help for OSX
+  if [[ "$(uname -s)" == "Darwin" ]]; then
+    echo
+    echo "Ensure you are up to date on the following packages:"
+    echo "$ brew install md5sha1sum bash jq"
+  fi
+  echo
+  exit 9
+fi
+
+# This variable can be injected, as in the verify script.
+LICENSE_ROOT="${LICENSE_ROOT:-${KUBE_ROOT}}"
+cd "${LICENSE_ROOT}"
+
+VENDOR_LICENSE_FILE="Godeps/LICENSES"
+TMP_LICENSE_FILE="/tmp/Godeps.LICENSES.$$"
+DEPS_DIR="vendor"
+declare -Ag CONTENT
+
+# Put the K8S LICENSE on top
+(
+echo "================================================================================"
+echo "= Kubernetes licensed under: ="
+echo
+cat "${LICENSE_ROOT}/LICENSE"
+echo
+echo "= LICENSE $(kube::util::md5 "${LICENSE_ROOT}/LICENSE")"
+echo "================================================================================"
+) > ${TMP_LICENSE_FILE}
+
+# Loop through every vendored package
+for PACKAGE in $(go list -m -json all | jq -r .Path | sort -f); do
+  if [[ -e "staging/src/${PACKAGE}" ]]; then
+    echo "$PACKAGE is a staging package, skipping" > /dev/stderr
+    continue
+  fi
+  if [[ ! -e "${DEPS_DIR}/${PACKAGE}" ]]; then
+    echo "$PACKAGE doesn't exist in vendor, skipping" > /dev/stderr
+    continue
+  fi
+
+  process_content "${PACKAGE}" LICENSE
+  process_content "${PACKAGE}" COPYRIGHT
+  process_content "${PACKAGE}" COPYING
+
+  # display content
+  echo
+  echo "================================================================================"
+  echo "= ${DEPS_DIR}/${PACKAGE} licensed under: ="
+  echo
+
+  file=""
+  if [[ -n "${CONTENT[${PACKAGE}-LICENSE]-}" ]]; then
+      file="${CONTENT[${PACKAGE}-LICENSE]-}"
+  elif [[ -n "${CONTENT[${PACKAGE}-COPYRIGHT]-}" ]]; then
+      file="${CONTENT[${PACKAGE}-COPYRIGHT]-}"
+  elif [[ -n "${CONTENT[${PACKAGE}-COPYING]-}" ]]; then
+      file="${CONTENT[${PACKAGE}-COPYING]-}"
+  fi
+  if [[ -z "${file}" ]]; then
+      cat > /dev/stderr << __EOF__
+No license could be found for ${PACKAGE} - aborting.
+
+Options:
+1. Check if the upstream repository has a newer version with LICENSE, COPYRIGHT and/or
+   COPYING files.
+2. Contact the author of the package to ensure there is a LICENSE, COPYRIGHT and/or
+   COPYING file present.
+3. Do not use this package in Kubernetes.
+__EOF__
+      exit 9
+  fi
+  cat "${file}"
+
+  echo
+  echo "= ${file} $(kube::util::md5 "${file}")"
+  echo "================================================================================"
+  echo
+done >> ${TMP_LICENSE_FILE}
+
+cat ${TMP_LICENSE_FILE} > ${VENDOR_LICENSE_FILE}

hack/update-vendor.sh

+#!/usr/bin/env bash
+
+# This script is a modified version of Kubernetes
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+source "${KUBE_ROOT}/hack/lib/init.sh"
+
+# Explicitly opt into go modules, even though we're inside a GOPATH directory
+export GO111MODULE=on
+# Explicitly clear GOFLAGS, since GOFLAGS=-mod=vendor breaks dependency resolution while rebuilding vendor
+export GOFLAGS=
+# Ensure sort order doesn't depend on locale
+export LANG=C
+export LC_ALL=C
+# Detect problematic GOPROXY settings that prevent lookup of dependencies
+if [[ "${GOPROXY:-}" == "off" ]]; then
+  kube::log::error "Cannot run hack/update-vendor.sh with \$GOPROXY=off"
+  exit 1
+fi
+
+kube::golang::verify_go_version
+kube::util::require-jq
+
+TMP_DIR="${TMP_DIR:-$(mktemp -d /tmp/update-vendor.XXXX)}"
+LOG_FILE="${LOG_FILE:-${TMP_DIR}/update-vendor.log}"
+kube::log::status "logfile at ${LOG_FILE}"
+
+if [ -z "${BASH_XTRACEFD:-}" ]; then
+  exec 19> "${LOG_FILE}"
+  export BASH_XTRACEFD="19"
+  set -x
+fi
+
+# ensure_require_replace_directives_for_all_dependencies:
+# - ensures all existing 'require' directives have an associated 'replace' directive pinning a version
+# - adds explicit 'require' directives for all transitive dependencies
+# - adds explicit 'replace' directives for all require directives (existing 'replace' directives take precedence)
+function ensure_require_replace_directives_for_all_dependencies() {
+  local local_tmp_dir
+  local_tmp_dir=$(mktemp -d "${TMP_DIR}/pin_replace.XXXX")
+
+  # collect 'require' directives that actually specify a version
+  local require_filter='(.Version != null) and (.Version != "v0.0.0") and (.Version != "v0.0.0-00010101000000-000000000000")'
+  # collect 'replace' directives that unconditionally pin versions (old=new@version)
+  local replace_filter='(.Old.Version == null) and (.New.Version != null)'
+
+  # Capture local require/replace directives before running any go commands that can modify the go.mod file
+  local require_json="${local_tmp_dir}/require.json"
+  local replace_json="${local_tmp_dir}/replace.json"
+  go mod edit -json | jq -r ".Require // [] | sort | .[] | select(${require_filter})" > "${require_json}"
+  go mod edit -json | jq -r ".Replace // [] | sort | .[] | select(${replace_filter})" > "${replace_json}"
+
+  # 1a. Ensure replace directives have an explicit require directive
+  jq -r '"-require \(.Old.Path)@\(.New.Version)"' < "${replace_json}" | xargs -L 100 go mod edit -fmt
+  # 1b. Ensure require directives have a corresponding replace directive pinning a version
+  jq -r '"-replace \(.Path)=\(.Path)@\(.Version)"' < "${require_json}" | xargs -L 100 go mod edit -fmt
+  jq -r '"-replace \(.Old.Path)=\(.New.Path)@\(.New.Version)"' < "${replace_json}" | xargs -L 100 go mod edit -fmt
+
+  # 3. Add explicit require directives for indirect dependencies
+  go list -m -json all | jq -r 'select(.Main != true) | select(.Indirect == true) | "-require \(.Path)@\(.Version)"'          | xargs -L 100 go mod edit -fmt
+
+  # 4. Add explicit replace directives pinning dependencies that aren't pinned yet
+  go list -m -json all | jq -r 'select(.Main != true) | select(.Replace == null)  | "-replace \(.Path)=\(.Path)@\(.Version)"' | xargs -L 100 go mod edit -fmt
+}
+
+function group_replace_directives() {
+  local local_tmp_dir
+  local_tmp_dir=$(mktemp -d "${TMP_DIR}/group_replace.XXXX")
+  local go_mod_replace="${local_tmp_dir}/go.mod.replace.tmp"
+  local go_mod_noreplace="${local_tmp_dir}/go.mod.noreplace.tmp"
+  # separate replace and non-replace directives
+  awk "
+     # print lines between 'replace (' ... ')' lines
+     /^replace [(]/      { inreplace=1; next                   }
+     inreplace && /^[)]/ { inreplace=0; next                   }
+     inreplace           { print > \"${go_mod_replace}\"; next }
+
+     # print ungrouped replace directives with the replace directive trimmed
+     /^replace [^(]/ { sub(/^replace /,\"\"); print > \"${go_mod_replace}\"; next }
+
+     # otherwise print to the noreplace file
+     { print > \"${go_mod_noreplace}\" }
+  " < go.mod
+  {
+    cat "${go_mod_noreplace}";
+    echo "replace (";
+    cat "${go_mod_replace}";
+    echo ")";
+  } > go.mod
+
+  go mod edit -fmt
+}
+
+function add_generated_comments() {
+  local local_tmp_dir
+  local_tmp_dir=$(mktemp -d "${TMP_DIR}/add_generated_comments.XXXX")
+  local go_mod_nocomments="${local_tmp_dir}/go.mod.nocomments.tmp"
+
+  # drop comments before the module directive
+  awk "
+     BEGIN           { dropcomments=1 }
+     /^module /      { dropcomments=0 }
+     dropcomments && /^\/\// { next }
+     { print }
+  " < go.mod > "${go_mod_nocomments}"
+
+  # Add the specified comments
+  local comments="${1}"
+  {
+    echo "${comments}"
+    echo ""
+    cat "${go_mod_nocomments}"
+   } > go.mod
+
+  # Format
+  go mod edit -fmt
+}
+
+
+# Phase 1: ensure go.mod files for staging modules and main module
+if [[ ! -f go.mod ]]; then
+  kube::log::status "go.mod: initialize kubesphere.io/kubesphere"
+  go mod init "kubesphere.io/kubesphere"
+  rm -f Godeps/Godeps.json # remove after initializing
+fi
+
+# Phase 2: ensure staging repo require/replace directives
+
+kube::log::status "go.mod: update references"
+# Prune
+go mod edit -json | jq -r '.Require[]? | select(.Version == "v0.0.0")                 | "-droprequire \(.Path)"'     | xargs -L 100 go mod edit -fmt
+go mod edit -json | jq -r '.Replace[]? | select(.New.Path | startswith("./staging/")) | "-dropreplace \(.Old.Path)"' | xargs -L 100 go mod edit -fmt
+
+# Phase 3: capture required (minimum) versions from all modules, and replaced (pinned) versions from the root module
+
+# pin referenced versions
+ensure_require_replace_directives_for_all_dependencies
+# resolves/expands references in the root go.mod (if needed)
+go mod tidy >>"${LOG_FILE}" 2>&1
+# pin expanded versions
+ensure_require_replace_directives_for_all_dependencies
+# group replace directives
+group_replace_directives
+
+kube::log::status "go.mod: tidying"
+echo "=== tidying root" >> "${LOG_FILE}"
+go mod tidy >>"${LOG_FILE}" 2>&1
+
+
+# Phase 6: add generated comments to go.mod files
+kube::log::status "go.mod: adding generated comments"
+add_generated_comments "
+// This is a generated file. Do not edit directly.
+// Run hack/pin-dependency.sh to change pinned dependency versions.
+// Run hack/update-vendor.sh to update go.mod files and the vendor directory.
+"
+
+# Phase 7: rebuild vendor directory
+
+kube::log::status "vendor: running 'go mod vendor'"
+go mod vendor >>"${LOG_FILE}" 2>&1
+
+# sort recorded packages for a given vendored dependency in modules.txt.
+# `go mod vendor` outputs in imported order, which means slight go changes (or different platforms) can result in a differently ordered modules.txt.
+# scan                 | prefix comment lines with the module name       | sort field 1  | strip leading text on comment lines
+awk '{if($1=="#") print $2 " " $0; else print}' < vendor/modules.txt | sort -k1,1 -s | sed 's/.*#/#/' > "${TMP_DIR}/modules.txt.tmp"
+mv "${TMP_DIR}/modules.txt.tmp" vendor/modules.txt
+
+#kube::log::status "vendor: updating LICENSES file"
+#hack/update-vendor-licenses.sh >>"${LOG_FILE}" 2>&1

pkg/apis/network/v1alpha1/zz_generated.deepcopy.go

@@ -16,16 +16,16 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// autogenerated by controller-gen object, do not modify manually
+// Code generated by deepcopy-gen. DO NOT EDIT.
 
 package v1alpha1
 
 import (
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
-	"kubesphere.io/kubesphere/pkg/apis/network/v1alpha1/numorstring"
+	numorstring "kubesphere.io/kubesphere/pkg/apis/network/v1alpha1/numorstring"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -56,6 +56,7 @@ func (in *EntityRule) DeepCopyInto(out *EntityRule) {
 		*out = new(ServiceAccountMatch)
 		(*in).DeepCopyInto(*out)
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntityRule.
@@ -81,6 +82,7 @@ func (in *HTTPMatch) DeepCopyInto(out *HTTPMatch) {
 		*out = make([]HTTPPath, len(*in))
 		copy(*out, *in)
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatch.
@@ -96,6 +98,7 @@ func (in *HTTPMatch) DeepCopy() *HTTPMatch {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HTTPPath) DeepCopyInto(out *HTTPPath) {
 	*out = *in
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPath.
@@ -121,6 +124,7 @@ func (in *ICMPFields) DeepCopyInto(out *ICMPFields) {
 		*out = new(int)
 		**out = **in
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ICMPFields.
@@ -139,6 +143,7 @@ func (in *NamespaceNetworkPolicy) DeepCopyInto(out *NamespaceNetworkPolicy) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceNetworkPolicy.
@@ -171,6 +176,7 @@ func (in *NamespaceNetworkPolicyList) DeepCopyInto(out *NamespaceNetworkPolicyLi
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceNetworkPolicyList.
@@ -218,6 +224,7 @@ func (in *NamespaceNetworkPolicySpec) DeepCopyInto(out *NamespaceNetworkPolicySp
 		*out = make([]PolicyType, len(*in))
 		copy(*out, *in)
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceNetworkPolicySpec.
@@ -265,6 +272,7 @@ func (in *Rule) DeepCopyInto(out *Rule) {
 		*out = new(HTTPMatch)
 		(*in).DeepCopyInto(*out)
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
@@ -285,6 +293,7 @@ func (in *ServiceAccountMatch) DeepCopyInto(out *ServiceAccountMatch) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountMatch.
@@ -304,6 +313,7 @@ func (in *WorkspaceNetworkPolicy) DeepCopyInto(out *WorkspaceNetworkPolicy) {
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
 	out.Status = in.Status
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicy.
@@ -341,6 +351,7 @@ func (in *WorkspaceNetworkPolicyEgressRule) DeepCopyInto(out *WorkspaceNetworkPo
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyEgressRule.
@@ -370,6 +381,7 @@ func (in *WorkspaceNetworkPolicyIngressRule) DeepCopyInto(out *WorkspaceNetworkP
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyIngressRule.
@@ -394,6 +406,7 @@ func (in *WorkspaceNetworkPolicyList) DeepCopyInto(out *WorkspaceNetworkPolicyLi
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyList.
@@ -423,6 +436,7 @@ func (in *WorkspaceNetworkPolicyPeer) DeepCopyInto(out *WorkspaceNetworkPolicyPe
 		*out = new(metav1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyPeer.
@@ -457,6 +471,7 @@ func (in *WorkspaceNetworkPolicySpec) DeepCopyInto(out *WorkspaceNetworkPolicySp
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicySpec.
@@ -472,6 +487,7 @@ func (in *WorkspaceNetworkPolicySpec) DeepCopy() *WorkspaceNetworkPolicySpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkspaceNetworkPolicyStatus) DeepCopyInto(out *WorkspaceNetworkPolicyStatus) {
 	*out = *in
+	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyStatus.

vendor/github.com/Sirupsen/logrus/terminal_check_bsd.go

-// +build darwin dragonfly freebsd netbsd openbsd
-
-package logrus
-
-import "golang.org/x/sys/unix"
-
-const ioctlReadTermios = unix.TIOCGETA
-
-func isTerminal(fd int) bool {
-	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
-	return err == nil
-}
-

vendor/github.com/Sirupsen/logrus/terminal_check_unix.go

-// +build linux aix
-
-package logrus
-
-import "golang.org/x/sys/unix"
-
-const ioctlReadTermios = unix.TCGETS
-
-func isTerminal(fd int) bool {
-	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
-	return err == nil
-}
-

vendor/github.com/docker/distribution/Dockerfile

 FROM golang:1.11-alpine AS build
 
 ENV DISTRIBUTION_DIR /go/src/github.com/docker/distribution
-ENV DOCKER_BUILDTAGS include_oss include_gcs
+ENV BUILDTAGS include_oss include_gcs
 
 ARG GOOS=linux
 ARG GOARCH=amd64

vendor/github.com/docker/distribution/manifest/schema2/manifest.go

@@ -106,7 +106,7 @@ func FromStruct(m Manifest) (*DeserializedManifest, error) {
 
 // UnmarshalJSON populates a new Manifest struct from JSON data.
 func (m *DeserializedManifest) UnmarshalJSON(b []byte) error {
-	m.canonical = make([]byte, len(b))
+	m.canonical = make([]byte, len(b), len(b))
 	// store manifest in canonical
 	copy(m.canonical, b)
 

vendor/github.com/docker/distribution/manifests.go

@@ -87,7 +87,7 @@ func ManifestMediaTypes() (mediaTypes []string) {
 // UnmarshalFunc implements manifest unmarshalling a given MediaType
 type UnmarshalFunc func([]byte) (Manifest, Descriptor, error)
 
-var mappings = make(map[string]UnmarshalFunc)
+var mappings = make(map[string]UnmarshalFunc, 0)
 
 // UnmarshalManifest looks up manifest unmarshal functions based on
 // MediaType

vendor/github.com/docker/distribution/reference/normalize.go

@@ -56,35 +56,6 @@ func ParseNormalizedNamed(s string) (Named, error) {
 	return named, nil
 }
 
-// ParseDockerRef normalizes the image reference following the docker convention. This is added
-// mainly for backward compatibility.
-// The reference returned can only be either tagged or digested. For reference contains both tag
-// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@
-// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as
-// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa.
-func ParseDockerRef(ref string) (Named, error) {
-	named, err := ParseNormalizedNamed(ref)
-	if err != nil {
-		return nil, err
-	}
-	if _, ok := named.(NamedTagged); ok {
-		if canonical, ok := named.(Canonical); ok {
-			// The reference is both tagged and digested, only
-			// return digested.
-			newNamed, err := WithName(canonical.Name())
-			if err != nil {
-				return nil, err
-			}
-			newCanonical, err := WithDigest(newNamed, canonical.Digest())
-			if err != nil {
-				return nil, err
-			}
-			return newCanonical, nil
-		}
-	}
-	return TagNameOnly(named), nil
-}
-
 // splitDockerDomain splits a repository name to domain and remotename string.
 // If no valid domain is found, the default domain is used. Repository name
 // needs to be already validated before.

vendor/github.com/docker/distribution/reference/reference.go

@@ -205,7 +205,7 @@ func Parse(s string) (Reference, error) {
 	var repo repository
 
 	nameMatch := anchoredNameRegexp.FindStringSubmatch(matches[1])
-	if len(nameMatch) == 3 {
+	if nameMatch != nil && len(nameMatch) == 3 {
 		repo.domain = nameMatch[1]
 		repo.path = nameMatch[2]
 	} else {

vendor/github.com/docker/distribution/registry/api/errcode/errors.go

+package errcode
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+// ErrorCoder is the base interface for ErrorCode and Error allowing
+// users of each to just call ErrorCode to get the real ID of each
+type ErrorCoder interface {
+	ErrorCode() ErrorCode
+}
+
+// ErrorCode represents the error type. The errors are serialized via strings
+// and the integer format may change and should *never* be exported.
+type ErrorCode int
+
+var _ error = ErrorCode(0)
+
+// ErrorCode just returns itself
+func (ec ErrorCode) ErrorCode() ErrorCode {
+	return ec
+}
+
+// Error returns the ID/Value
+func (ec ErrorCode) Error() string {
+	// NOTE(stevvooe): Cannot use message here since it may have unpopulated args.
+	return strings.ToLower(strings.Replace(ec.String(), "_", " ", -1))
+}
+
+// Descriptor returns the descriptor for the error code.
+func (ec ErrorCode) Descriptor() ErrorDescriptor {
+	d, ok := errorCodeToDescriptors[ec]
+
+	if !ok {
+		return ErrorCodeUnknown.Descriptor()
+	}
+
+	return d
+}
+
+// String returns the canonical identifier for this error code.
+func (ec ErrorCode) String() string {
+	return ec.Descriptor().Value
+}
+
+// Message returned the human-readable error message for this error code.
+func (ec ErrorCode) Message() string {
+	return ec.Descriptor().Message
+}
+
+// MarshalText encodes the receiver into UTF-8-encoded text and returns the
+// result.
+func (ec ErrorCode) MarshalText() (text []byte, err error) {
+	return []byte(ec.String()), nil
+}
+
+// UnmarshalText decodes the form generated by MarshalText.
+func (ec *ErrorCode) UnmarshalText(text []byte) error {
+	desc, ok := idToDescriptors[string(text)]
+
+	if !ok {
+		desc = ErrorCodeUnknown.Descriptor()
+	}
+
+	*ec = desc.Code
+
+	return nil
+}
+
+// WithMessage creates a new Error struct based on the passed-in info and
+// overrides the Message property.
+func (ec ErrorCode) WithMessage(message string) Error {
+	return Error{
+		Code:    ec,
+		Message: message,
+	}
+}
+
+// WithDetail creates a new Error struct based on the passed-in info and
+// set the Detail property appropriately
+func (ec ErrorCode) WithDetail(detail interface{}) Error {
+	return Error{
+		Code:    ec,
+		Message: ec.Message(),
+	}.WithDetail(detail)
+}
+
+// WithArgs creates a new Error struct and sets the Args slice
+func (ec ErrorCode) WithArgs(args ...interface{}) Error {
+	return Error{
+		Code:    ec,
+		Message: ec.Message(),
+	}.WithArgs(args...)
+}
+
+// Error provides a wrapper around ErrorCode with extra Details provided.
+type Error struct {
+	Code    ErrorCode   `json:"code"`
+	Message string      `json:"message"`
+	Detail  interface{} `json:"detail,omitempty"`
+
+	// TODO(duglin): See if we need an "args" property so we can do the
+	// variable substitution right before showing the message to the user
+}
+
+var _ error = Error{}
+
+// ErrorCode returns the ID/Value of this Error
+func (e Error) ErrorCode() ErrorCode {
+	return e.Code
+}
+
+// Error returns a human readable representation of the error.
+func (e Error) Error() string {
+	return fmt.Sprintf("%s: %s", e.Code.Error(), e.Message)
+}
+
+// WithDetail will return a new Error, based on the current one, but with
+// some Detail info added
+func (e Error) WithDetail(detail interface{}) Error {
+	return Error{
+		Code:    e.Code,
+		Message: e.Message,
+		Detail:  detail,
+	}
+}
+
+// WithArgs uses the passed-in list of interface{} as the substitution
+// variables in the Error's Message string, but returns a new Error
+func (e Error) WithArgs(args ...interface{}) Error {
+	return Error{
+		Code:    e.Code,
+		Message: fmt.Sprintf(e.Code.Message(), args...),
+		Detail:  e.Detail,
+	}
+}
+
+// ErrorDescriptor provides relevant information about a given error code.
+type ErrorDescriptor struct {
+	// Code is the error code that this descriptor describes.
+	Code ErrorCode
+
+	// Value provides a unique, string key, often captilized with
+	// underscores, to identify the error code. This value is used as the
+	// keyed value when serializing api errors.
+	Value string
+
+	// Message is a short, human readable decription of the error condition
+	// included in API responses.
+	Message string
+
+	// Description provides a complete account of the errors purpose, suitable
+	// for use in documentation.
+	Description string
+
+	// HTTPStatusCode provides the http status code that is associated with
+	// this error condition.
+	HTTPStatusCode int
+}
+
+// ParseErrorCode returns the value by the string error code.
+// `ErrorCodeUnknown` will be returned if the error is not known.
+func ParseErrorCode(value string) ErrorCode {
+	ed, ok := idToDescriptors[value]
+	if ok {
+		return ed.Code
+	}
+
+	return ErrorCodeUnknown
+}
+
+// Errors provides the envelope for multiple errors and a few sugar methods
+// for use within the application.
+type Errors []error
+
+var _ error = Errors{}
+
+func (errs Errors) Error() string {
+	switch len(errs) {
+	case 0:
+		return "<nil>"
+	case 1:
+		return errs[0].Error()
+	default:
+		msg := "errors:\n"
+		for _, err := range errs {
+			msg += err.Error() + "\n"
+		}
+		return msg
+	}
+}
+
+// Len returns the current number of errors.
+func (errs Errors) Len() int {
+	return len(errs)
+}
+
+// MarshalJSON converts slice of error, ErrorCode or Error into a
+// slice of Error - then serializes
+func (errs Errors) MarshalJSON() ([]byte, error) {
+	var tmpErrs struct {
+		Errors []Error `json:"errors,omitempty"`
+	}
+
+	for _, daErr := range errs {
+		var err Error
+
+		switch daErr.(type) {
+		case ErrorCode:
+			err = daErr.(ErrorCode).WithDetail(nil)
+		case Error:
+			err = daErr.(Error)
+		default:
+			err = ErrorCodeUnknown.WithDetail(daErr)
+
+		}
+
+		// If the Error struct was setup and they forgot to set the
+		// Message field (meaning its "") then grab it from the ErrCode
+		msg := err.Message
+		if msg == "" {
+			msg = err.Code.Message()
+		}
+
+		tmpErrs.Errors = append(tmpErrs.Errors, Error{
+			Code:    err.Code,
+			Message: msg,
+			Detail:  err.Detail,
+		})
+	}
+
+	return json.Marshal(tmpErrs)
+}
+
+// UnmarshalJSON deserializes []Error and then converts it into slice of
+// Error or ErrorCode
+func (errs *Errors) UnmarshalJSON(data []byte) error {
+	var tmpErrs struct {
+		Errors []Error
+	}
+
+	if err := json.Unmarshal(data, &tmpErrs); err != nil {
+		return err
+	}
+
+	var newErrs Errors
+	for _, daErr := range tmpErrs.Errors {
+		// If Message is empty or exactly matches the Code's message string
+		// then just use the Code, no need for a full Error struct
+		if daErr.Detail == nil && (daErr.Message == "" || daErr.Message == daErr.Code.Message()) {
+			// Error's w/o details get converted to ErrorCode
+			newErrs = append(newErrs, daErr.Code)
+		} else {
+			// Error's w/ details are untouched
+			newErrs = append(newErrs, Error{
+				Code:    daErr.Code,
+				Message: daErr.Message,
+				Detail:  daErr.Detail,
+			})
+		}
+	}
+
+	*errs = newErrs
+	return nil
+}

vendor/github.com/docker/distribution/registry/api/errcode/handler.go

+package errcode
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+// ServeJSON attempts to serve the errcode in a JSON envelope. It marshals err
+// and sets the content-type header to 'application/json'. It will handle
+// ErrorCoder and Errors, and if necessary will create an envelope.
+func ServeJSON(w http.ResponseWriter, err error) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	var sc int
+
+	switch errs := err.(type) {
+	case Errors:
+		if len(errs) < 1 {
+			break
+		}
+
+		if err, ok := errs[0].(ErrorCoder); ok {
+			sc = err.ErrorCode().Descriptor().HTTPStatusCode
+		}
+	case ErrorCoder:
+		sc = errs.ErrorCode().Descriptor().HTTPStatusCode
+		err = Errors{err} // create an envelope.
+	default:
+		// We just have an unhandled error type, so just place in an envelope
+		// and move along.
+		err = Errors{err}
+	}
+
+	if sc == 0 {
+		sc = http.StatusInternalServerError
+	}
+
+	w.WriteHeader(sc)
+
+	return json.NewEncoder(w).Encode(err)
+}

vendor/github.com/docker/distribution/registry/api/errcode/register.go

+package errcode
+
+import (
+	"fmt"
+	"net/http"
+	"sort"
+	"sync"
+)
+
+var (
+	errorCodeToDescriptors = map[ErrorCode]ErrorDescriptor{}
+	idToDescriptors        = map[string]ErrorDescriptor{}
+	groupToDescriptors     = map[string][]ErrorDescriptor{}
+)
+
+var (
+	// ErrorCodeUnknown is a generic error that can be used as a last
+	// resort if there is no situation-specific error message that can be used
+	ErrorCodeUnknown = Register("errcode", ErrorDescriptor{
+		Value:   "UNKNOWN",
+		Message: "unknown error",
+		Description: `Generic error returned when the error does not have an
+			                                            API classification.`,
+		HTTPStatusCode: http.StatusInternalServerError,
+	})
+
+	// ErrorCodeUnsupported is returned when an operation is not supported.
+	ErrorCodeUnsupported = Register("errcode", ErrorDescriptor{
+		Value:   "UNSUPPORTED",
+		Message: "The operation is unsupported.",
+		Description: `The operation was unsupported due to a missing
+		implementation or invalid set of parameters.`,
+		HTTPStatusCode: http.StatusMethodNotAllowed,
+	})
+
+	// ErrorCodeUnauthorized is returned if a request requires
+	// authentication.
+	ErrorCodeUnauthorized = Register("errcode", ErrorDescriptor{
+		Value:   "UNAUTHORIZED",
+		Message: "authentication required",
+		Description: `The access controller was unable to authenticate
+		the client. Often this will be accompanied by a
+		Www-Authenticate HTTP response header indicating how to
+		authenticate.`,
+		HTTPStatusCode: http.StatusUnauthorized,
+	})
+
+	// ErrorCodeDenied is returned if a client does not have sufficient
+	// permission to perform an action.
+	ErrorCodeDenied = Register("errcode", ErrorDescriptor{
+		Value:   "DENIED",
+		Message: "requested access to the resource is denied",
+		Description: `The access controller denied access for the
+		operation on a resource.`,
+		HTTPStatusCode: http.StatusForbidden,
+	})
+
+	// ErrorCodeUnavailable provides a common error to report unavailability
+	// of a service or endpoint.
+	ErrorCodeUnavailable = Register("errcode", ErrorDescriptor{
+		Value:          "UNAVAILABLE",
+		Message:        "service unavailable",
+		Description:    "Returned when a service is not available",
+		HTTPStatusCode: http.StatusServiceUnavailable,
+	})
+
+	// ErrorCodeTooManyRequests is returned if a client attempts too many
+	// times to contact a service endpoint.
+	ErrorCodeTooManyRequests = Register("errcode", ErrorDescriptor{
+		Value:   "TOOMANYREQUESTS",
+		Message: "too many requests",
+		Description: `Returned when a client attempts to contact a
+		service too many times`,
+		HTTPStatusCode: http.StatusTooManyRequests,
+	})
+)
+
+var nextCode = 1000
+var registerLock sync.Mutex
+
+// Register will make the passed-in error known to the environment and
+// return a new ErrorCode
+func Register(group string, descriptor ErrorDescriptor) ErrorCode {
+	registerLock.Lock()
+	defer registerLock.Unlock()
+
+	descriptor.Code = ErrorCode(nextCode)
+
+	if _, ok := idToDescriptors[descriptor.Value]; ok {
+		panic(fmt.Sprintf("ErrorValue %q is already registered", descriptor.Value))
+	}
+	if _, ok := errorCodeToDescriptors[descriptor.Code]; ok {
+		panic(fmt.Sprintf("ErrorCode %v is already registered", descriptor.Code))
+	}
+
+	groupToDescriptors[group] = append(groupToDescriptors[group], descriptor)
+	errorCodeToDescriptors[descriptor.Code] = descriptor
+	idToDescriptors[descriptor.Value] = descriptor
+
+	nextCode++
+	return descriptor.Code
+}
+
+type byValue []ErrorDescriptor
+
+func (a byValue) Len() int           { return len(a) }
+func (a byValue) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a byValue) Less(i, j int) bool { return a[i].Value < a[j].Value }
+
+// GetGroupNames returns the list of Error group names that are registered
+func GetGroupNames() []string {
+	keys := []string{}
+
+	for k := range groupToDescriptors {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	return keys
+}
+
+// GetErrorCodeGroup returns the named group of error descriptors
+func GetErrorCodeGroup(name string) []ErrorDescriptor {
+	desc := groupToDescriptors[name]
+	sort.Sort(byValue(desc))
+	return desc
+}
+
+// GetErrorAllDescriptors returns a slice of all ErrorDescriptors that are
+// registered, irrespective of what group they're in
+func GetErrorAllDescriptors() []ErrorDescriptor {
+	result := []ErrorDescriptor{}
+
+	for _, group := range GetGroupNames() {
+		result = append(result, GetErrorCodeGroup(group)...)
+	}
+	sort.Sort(byValue(result))
+	return result
+}

vendor/github.com/docker/distribution/vendor.conf

@@ -7,7 +7,7 @@ github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
 github.com/bugsnag/bugsnag-go b1d153021fcd90ca3f080db36bec96dc690fb274
 github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
 github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
-github.com/denverdino/aliyungo a747050bb1baf06cdd65de7cddc281a2b1c2fde5
+github.com/denverdino/aliyungo afedced274aa9a7fcdd47ac97018f0f8db4e5de2
 github.com/dgrijalva/jwt-go a601269ab70c205d26370c16f7c81e9017c14e04
 github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab
 github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21

vendor/github.com/docker/docker/LICENSE

@@ -176,7 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright 2013-2016 Docker, Inc.
+   Copyright 2013-2018 Docker, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

vendor/github.com/docker/docker/NOTICE

 Docker
-Copyright 2012-2016 Docker, Inc.
+Copyright 2012-2017 Docker, Inc.
 
 This product includes software developed at Docker, Inc. (https://www.docker.com).
 

vendor/github.com/docker/docker/api/README.md

+# Working on the Engine API
+
+The Engine API is an HTTP API used by the command-line client to communicate with the daemon. It can also be used by third-party software to control the daemon.
+
+It consists of various components in this repository:
+
+- `api/swagger.yaml` A Swagger definition of the API.
+- `api/types/` Types shared by both the client and server, representing various objects, options, responses, etc. Most are written manually, but some are automatically generated from the Swagger definition. See [#27919](https://github.com/docker/docker/issues/27919) for progress on this.
+- `cli/` The command-line client.
+- `client/` The Go client used by the command-line client. It can also be used by third-party Go programs.
+- `daemon/` The daemon, which serves the API.
+
+## Swagger definition
+
+The API is defined by the [Swagger](http://swagger.io/specification/) definition in `api/swagger.yaml`. This definition can be used to:
+
+1. Automatically generate documentation.
+2. Automatically generate the Go server and client. (A work-in-progress.)
+3. Provide a machine readable version of the API for introspecting what it can do, automatically generating clients for other languages, etc.
+
+## Updating the API documentation
+
+The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, edit this file to represent the change in the documentation.
+
+The file is split into two main sections:
+
+- `definitions`, which defines re-usable objects used in requests and responses
+- `paths`, which defines the API endpoints (and some inline objects which don't need to be reusable)
+
+To make an edit, first look for the endpoint you want to edit under `paths`, then make the required edits. Endpoints may reference reusable objects with `$ref`, which can be found in the `definitions` section.
+
+There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919).
+
+`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful when making edits to ensure you are doing the right thing.
+
+## Viewing the API documentation
+
+When you make edits to `swagger.yaml`, you may want to check the generated API documentation to ensure it renders correctly.
+
+Run `make swagger-docs` and a preview will be running at `http://localhost`. Some of the styling may be incorrect, but you'll be able to ensure that it is generating the correct documentation.
+
+The production documentation is generated by vendoring `swagger.yaml` into [docker/docker.github.io](https://github.com/docker/docker.github.io).

vendor/github.com/docker/docker/api/common.go

+package api // import "github.com/docker/docker/api"
+
+// Common constants for daemon and client.
+const (
+	// DefaultVersion of Current REST API
+	DefaultVersion = "1.40"
+
+	// NoBaseImageSpecifier is the symbol used by the FROM
+	// command to specify that no base image is to be used.
+	NoBaseImageSpecifier = "scratch"
+)

vendor/github.com/docker/docker/api/common_unix.go

+// +build !windows
+
+package api // import "github.com/docker/docker/api"
+
+// MinVersion represents Minimum REST API version supported
+const MinVersion = "1.12"

vendor/github.com/docker/docker/api/common_windows.go

+package api // import "github.com/docker/docker/api"
+
+// MinVersion represents Minimum REST API version supported
+// Technically the first daemon API version released on Windows is v1.25 in
+// engine version 1.13. However, some clients are explicitly using downlevel
+// APIs (e.g. docker-compose v2.1 file format) and that is just too restrictive.
+// Hence also allowing 1.24 on Windows.
+const MinVersion string = "1.24"

vendor/github.com/docker/docker/api/swagger-gen.yaml

+
+layout:
+  models:
+    - name: definition
+      source: asset:model
+      target: "{{ joinFilePath .Target .ModelPackage }}"
+      file_name: "{{ (snakize (pascalize .Name)) }}.go"
+  operations:
+    - name: handler
+      source: asset:serverOperation
+      target: "{{ joinFilePath .Target .APIPackage .Package }}"
+      file_name: "{{ (snakize (pascalize .Name)) }}.go"