feat(gnomod): forbid require and find dependencies without it

[n0izn0iz]

A step towards the importer package (#2932) and future of gno.mod (#2904)

• BREAKING CHANGE: remove require statement support from gno.mod
• use .gno files import statements to find dependencies
• extract package download routines in gnovm/pkg/gnopkgfetch
• add a GNO_PKG_HOSTS env variable that takes domain=rpcURL coma-separated pairs to override pkg fetching behavior
• add and use a mocked rpc client that "fetch" packages from the examples dir
• extract imports gathering utils in gnovm/pkg/gnoimports

I decided to do this first to avoid having multiple ways to resolve dependencies lying around in the codebase and causing confusion in subsequent steps

Contributors' checklist...

• Added new tests, or not needed, or not feasible
• Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory
• Updated the official documentation or not needed
• No breaking changes were made, or a BREAKING CHANGE: xxx message was included in the description
• Added references to related issues and PRs
• Provided any useful hints for running manual tests

[zivkovicmilos]

Left some comments, that you for the require removal 🙏

If this is the route we wanna go with, the PR I think accomplishes what it needs to accomplish.
Please check some comments for testing code, it's the only thing I believe we need to modify

[zivkovicmilos]

Shouldn't this go before the PackageImports call?

[n0izn0iz]

since we sort, it doesn't matter

[zivkovicmilos]

Why don't we do error handling here?

gnoimports.PackageImports does the same ReadDir, but we swallow errors from both calls?

[thehowl]

Better proposal: let's use fs.WalkDir instead of a recursive fn

[zivkovicmilos]

There's no cleanup if this fails, this is why I suggest you break up this mega func

[n0izn0iz]

As was the case with the previous implementation

I agree with you, we also miss a filelock to avoid conflict between multiple gno command instances. I intend to improve all this in the subsequent PRs towards the unified package loader but I feel it's out of scope of this one

[zivkovicmilos]

As was the case with the previous implementation

💀

[zivkovicmilos]

This is not a test file, so it's compiled into the binary. Please change it 🙏

[n0izn0iz]

I'm not sure how to do it any other way, pls see #3123 (comment)

[zivkovicmilos]

Can't you drop it now, after this fix you mentioned?

[zivkovicmilos]

Can we clean up this mock a bit? 🙏

[zivkovicmilos]

It's very hard to read

[n0izn0iz]

I'll clean up if you validate the new way it's injected :) otherwise I'll probably have to scrap it

[zivkovicmilos]

I think the changes are good for now. Thank you for applying the fixes 🙏

Please see my leftover comments, so we can avoid having gnopkgfetch_testing compiled 🙏

When we fix this, I think we can move forward with the PR

Pinging @thehowl for a second screen

[thehowl]

Some re-organizations, a bunch of nits; but requesting changes as I want to have another look before merging.

[thehowl]

I don't know if it should go here or elsewhere, but gno mod tidy should be capable of removing require blocks. This way gno mod tidy can automatically fix other repos

[n0izn0iz]

Why add this extra complexity and maintenance burden when we can just recommended a well crafted sed one-liner?

[thehowl]

Definitely shouldn't be called gnoimports; and thinking that this should possibly be together with the package loader logic eventually. Can we use packages for now (inspired by x/tools/go/packages), with the following godoc?

// Package packages provides utility functions to statically analyze Gno MemPackages.

[n0izn0iz]

The go x/tools/go/packages is a wrapper around go list command invocations.

As stated in it's doc, it's responsibility is: loads Go packages for inspection and analysis.
I dived deep into the "loads Go packages" part code and it involves a lot more things than utility functions to statically analyze packages.
It has to pass by the filesystem since it's also responsible for downloading missing packages so in our case it couldn't operate on only MemPackages.

I think we should keep the gnoimports name with this doc:

// Package gnoimports provides utility functions to get the list of imports from a gno file or package

Added the doc file in d90f89a

[thehowl]

With the previous proposal, I'd say to call this function Imports instead (usage: packages.Imports), and to accept a MemPackage rather than a path to the filesystem.

[n0izn0iz]

No call site have a MemPackage handy, I could refacto things but it seems out of scope and not really an improvement

[thehowl]

This should process a filename + body rather than a filename.

Can you change pkg/test.LoadImports to use this function?

[n0izn0iz]

246bfbc

I'm not sure it's better this way though

[thehowl]

Use strconv.Unquote

[n0izn0iz]

af0cf96

[thehowl]

Should be a way to force download (ie. -u)

[n0izn0iz]

Seems out of scope, I can do it in this if you really want

[thehowl]

I'd propose to have this package with a simpler API: Download(pkgPath, dst string). The code that walks the directory and loads the imports, and detects whether they're downloaded should go in cmd/gno; so we also restrict the output from happening within there.

This can then be called pkgdownload; likely this should eventually sit as a subpackage of the modules loader (maybe add this as a note comment in the package-level godoc, which you should also write ;) )

[thehowl]

Important: please remove this dependency

(I'm tempted to think that eventually, we could have gnoweb serve a tarball of the package for downloaded; and avoid any tm2 client here; but this is for another time.)

[n0izn0iz]

35efc26

[thehowl]

Still unclear how this works and whether it is a good idea.

[thehowl]

There should be a comment on the fact that this is transitional as well

[n0izn0iz]

It's only direct imports actually