I have used godep and vendored all my dependencies in vendor/ directory. Go build is working fine as well. However how can I be sure that all my dependencies are vendored?
Is there any command that can make sure of that?
My CI service (Travis is the one I use) lets me know. Because my test build will fail if the deps aren't available.
You should be using a CI service anyway, and then you get that benefit for free.
I use govendor to manage the dependencies, which has a status option. Here's some of the commands with govendor:
init Create the "vendor" folder and the "vendor.json" file.
list List and filter existing dependencies and packages.
add Add packages from $GOPATH.
update Update packages from $GOPATH.
remove Remove packages from the vendor folder.
status Lists any packages missing, out-of-date, or modified locally.
fetch Add new or update vendor folder packages from remote repository.
sync Pull packages into vendor folder from remote repository with revisions
from vendor.json file.
migrate Move packages from a legacy tool to the vendor folder with metadata.
Specifically, you'd do govendor status to check if there are missing packages.
If you decide to use govendor, you can get started by doing:
go get github.com/kardianos/govendor
govendor migrate (which will migrate from godeps to govendor)
Also, you mentioned in a comment that your deploying to Heroky, here's some documentation from them on govendor
Related
What is the golang command that is equivalent to npm install
npm install downloads all the dependencies listed in the package.json file.
Having said that, what is the command that downloads all the dependencies in the go.mod file?
If you have only a go.mod and you have Go 1.16 or later:
If you just want to run your code, use go build or go run . - your dependencies will be downloaded and built automatically
If you want to save a copy of your dependencies locally, use go mod vendor
Both the above will create a go.sum file (this is maintained by the Go Tools - you can ignore it)
The vendor command will create a vendor folder with a copy of all the source code from your dependencies. Note: If you do use the vendor approach, you will need to run go mod vendor if there is a change in your dependencies, so that a copy is downloaded to the vendor folder. The advantage is your code will build without an internet connection. The disadvantage is you need to keep it up to date.
That should get you started for every day use.
If you'd like to know all about modules, this is a good source.
I'm using go 1.11 with module support. I understand that the go tool now installs dependencies automatically on build/install. I also understand the reasoning.
I'm using docker to build my binaries. In many other ecosystems its common to copy over your dependency manifest (package.json, requirements.txt, etc) and install dependencies as a separate stage from build. This takes advantage of docker's layer caching, and makes rebuilds much faster since generally code changes vastly outnumber dependency changes.
I was wondering if vgo has any way to do this?
It was an issue #26610, which is fixed now.
So now you can just use:
go mod download
For this to work you need just the go.mod / go.sum files.
For example, here's how to have a cached multistage Docker build: (source)
FROM golang:1.17-alpine as builder
RUN apk --no-cache add ca-certificates git
WORKDIR /build
# Fetch dependencies
COPY go.mod go.sum ./
RUN go mod download
# Build
COPY . ./
RUN CGO_ENABLED=0 go build
# Create final image
FROM alpine
WORKDIR /
COPY --from=builder /build/myapp .
EXPOSE 8080
CMD ["./myapp"]
Also see the article Containerize Your Go Developer Environment – Part 2, which describes how to leverage the Go compiler cache to speed up builds even further.
You may use the go mod vendor command which will create a vendor folder in the main module's root folder, and copy all dependencies into it. After this you may pass the -mod=vendor param to the go tool, and then dependencies from the vendor folder will be used to build / compile / test your app.
So what you may do to speed up your builds:
Run the go mod vendor command to have an actual version of your dependencies.
Save / cache this vendor folder.
During builds, restore this vendor folder, and build / install your app by passing the -mod=vendor argument to the go tool, so no dependencies will be downloaded, but the content of the vendor folder will be used.
Quoting from go help mod:
Modules and vendoring
When using modules, the go command completely ignores vendor directories.
By default, the go command satisfies dependencies by downloading modules
from their sources and using those downloaded copies (after verification,
as described in the previous section). To allow interoperation with older
versions of Go, or to ensure that all files used for a build are stored
together in a single file tree, 'go mod vendor' creates a directory named
vendor in the root directory of the main module and stores there all the
packages from dependency modules that are needed to support builds and
tests of packages in the main module.
To build using the main module's top-level vendor directory to satisfy
dependencies (disabling use of the usual network sources and local
caches), use 'go build -mod=vendor'. Note that only the main module's
top-level vendor directory is used; vendor directories in other locations
are still ignored.
I wanted to re-download all the dependencies using go mod, this is what I did:
Go to your GOROOT
sudo rm -rf pkg/mod/
Go to the directory where the go.mod file exists
go mod download
You can use a package manager, There are many of them like dep, glide, and govendor. dep is newer and is going to be integrated into go toolchain as official dependency management tool.
We also make docker images for go applications and we use dind to make those images and we prepared a CI/CD image with all dependencies preinstalled to make the builds faster. Though, it took a little bit of scripting to glue everything together.
Moreover, layering up the dependencies could result in big size of docker images. I suggest try multi-stage builds which could help making images super lite.
My golang version is go1.10.2 linux/amd64. I can build and run my go project(under gopath/src) without any problem but I cannot see vendor directory under my project folder. I would like to know if the vendor folder is a hidden directory? What are the possible reasons the vendor folder is not generated?
Vendor directory is used as an alternative to GOPATH when resolving dependencies. A dependency is first looked up in /vendor then in GOPATH then in GOROOT.
If you go get all your dependencies they'll be in GOPATH/src instead of /vendor.
To start adding project specific dependencies to vendor dir you need to use a dependency manager such as glide or dep or manually copy everything to /vendor.
This SO answer goes into more detail on using vendor dir in Go - https://stackoverflow.com/a/37238226/1589165
When using govendor, what is the difference between go install, govendor install +local and govendor install +vendor,^program?
govendor install +vendor,^program says to build and install all my vendor packages. but what and where will it install to? Will it install my project and vendor's command executables to $GOPATH/bin and my project and vendor's package objects to $GOPATH/pkg?
govendor install +local says to build everything in your repository only. So what does it really mean? Will it create vendor/bin and vendor/pkg?
what about if I run go install in my project? What will this be different to the above two commands?
Go first came into the world with a brand new idea for dependency management and workspace folder structure. There was a strict hierarchy where projects would be located (in $gopath/src/site.com/user/project) and other projects would simply import the latest version of all other projects. The problem with this is that if some upstream project changes the API, then your project will break inexplicably. This is where vendor comes in.
Vendor is a subdirectory in your project that contains everything under $gopath/src that your project imports. The difference is that vendor isn't updated when upstream projects introduce new features and/or fixes. Therefore, you must update it yourself. When go looks for an import (as of the latest version), it will check vendor first and then look for the latest version in your $gopath, preventing builds from inexplicably breaking for no apparent reason.
go install updates your $gopath dependencies to the latest version; the version that all new projects and those without vendor will use.
govendor install +vendor,^program updates your specific project vendor dependencies. This should be done in a separate commit; you should go test; govendor; git commit; go test so that you can check whether updates break your project.
govendor install +local apparently just builds the project.
Also, you should IMHO use godep rather than govendor. It IHMO has better workflow; your $gopath has the latest versions and then you can update your project with godep update. It is also supposed to be standard in golang 1.10.
I keep running into the issue where I install dependencies locally, it works fine, I push to continuous integration server, and then it breaks because I forgot to godep save ./... the dependency.
How can I run the go command but require vendor imports?
Edit:
I'm using go1.6. I want the command to fail if a 3rd-party dependency does not resolve to vendor. In other words, is there a way to stop resolving dependencies in $GOPATH during tests?
I can't change the environment variable because then none of my project modules can be resolved. How can I force vendor dependencies?
There is no way to prevent builder to scan $GOPATH for packages. It seems, that you use not really good flow for manage dependencies. I recommend you to use glide for a vendoring.
Most recommended workflow:
Keep actual list of dependencies in glide.yaml.
Run glide up after any changes in glide.yaml. It will install all dependencies to vendor directory and generate glide.lock with fixed package versions. Commit glide.lock to VCS. Do not change manually glide.lock.
Do not commit vendor directory to VCS.
Run glide install on your CI or build server to install dependencies by glide.lock to vendor.
Build.
A migration from godep to glide may be done easily, because glide has a command to migrate Godeps.json to glide.yaml.