Vendoring & Versioning with Go

4 November 2016

Chris Roche

Software Engineer, Lyft

Go's Vendoring History

In the beginning, there was the mono-repo

Go 1.0 - 1.4 : WYSIWYG

Path to ./vendor

Go 1.5 (Aug 2015)
- Enabled use of the ./vendor directory
- Disabled by default
- Enable: GO15VENDOREXPERIMENT=1

Go 1.6 (Feb 2016)
- Enabled by default
- Disable: GO15VENDOREXPERIMENT=0

Go 1.7 (Aug 2017)
- Cannot disable

How does it work?

First: ./vendor
- From: "github.com/foo/bar"
- To: "github.com/fizz/buzz/vendor/github.com/foo/bar"
- Never import vendor (compilation will fail or behave strangely)
- Commit or not to commit? (up to preference)

Second: $GOPATH/src
- This is how subpackages of a project are loaded
- Useful for testing/debugging libraries in dependent's context

Finally: $GOROOT/src
- Standard Library exclusively
- Never ever ever touch/add to these

Sidebar: Versioning Go with Gimme

brew install gimme # other ways (it's just a shell script)
gimme 1.7.3
go version
go version go1.7.3 darwin/amd64

Configure in your bash/zsh profile:

source $HOME/.gimme/envs/latest.env

Configure in IntelliJ (per project):

Vendoring/Versioning Tools

Glide

Features

Ecosystem: $HOME/.glide

Ecosystem: ./glide.yaml

package: github.com/example/pkg

import:
- package: github.com/external/dep
  version: unstable-branch
- package: github.com/example/other-pkg
  version: ^1.2.3
  repo:    git@github.com:example/other-pkg

testImport:
- package: github.com/stretchr/testify
  subpackages:
  - assert

Ecosystem: ./glide.lock

hash: d8dc02f36d3bd58163dfc37dfd022a8539e31258d8f2c2ad417ef8f3d6d76d2a
updated: 2016-10-06T17:33:31.683461401-04:00
imports:
- name: github.com/external/dep
  version: 74a703abb31ea9faf7622930e5daba1559b01b37

glide init: Starting a New Project

glide init
[INFO]  Generating a YAML configuration file and guessing the dependencies
[INFO]  Attempting to import from other package managers (use --skip-import to skip)
[INFO]  Scanning code to look for dependencies
[INFO]  --> Found reference to github.com/fizz/buzz
[INFO]  --> Found reference to github.com/foo/bar
[INFO]  Writing configuration file (glide.yaml)

glide update: Update All Deps and Lock

glide update
[INFO]  Downloading dependencies. Please wait...
[INFO]  --> Fetching updates for github.com/fizz/buzz.
[INFO]  --> Fetching github.com/foo/bar.
[INFO]  Resolving imports
[INFO]  --> Fetching github.com/baz/dep-of-bar.
[INFO]  Downloading dependencies. Please wait...
[INFO]  Setting references for remaining imports
[INFO]  Exporting resolved dependencies...
[INFO]  --> Exporting github.com/fizz/buzz
[INFO]  --> Exporting github.com/foo/bar
[INFO]  --> Exporting github.com/baz/dep-of-bar
[INFO]  Replacing existing vendor dependencies
[INFO]  Project relies on 3 dependencies.

glide install: Dependencies from Lock

glide install
[INFO]  Downloading dependencies. Please wait...
[INFO]  --> Found desired version locally github.com/fizz/buzz 77ed1c8a01217656d2080ad51981f6e99adaa177!
[INFO]  --> Found desired version locally github.com/foo/bar d15fa2e2a63dd52104bc96d8ea7dc47ce8027de8!
[INFO]  --> Found desired version locally github.com/baz/dep-of-bar 9fa8f10901c17b49ed52a824cf9226006580a06d!
[INFO]  Setting references.
[INFO]  --> Setting version for github.com/fizz/buzz to 77ed1c8a01217656d2080ad51981f6e99adaa177.
[INFO]  --> Setting version for github.com/foo/bar to d15fa2e2a63dd52104bc96d8ea7dc47ce8027de8.
[INFO]  --> Setting version for github.com/baz/dep-of-bar to 9fa8f10901c17b49ed52a824cf9226006580a06d.
[INFO]  Exporting resolved dependencies...
[INFO]  --> Exporting github.com/fizz/buzz
[INFO]  --> Exporting github.com/foo/bar
[INFO]  --> Exporting github.com/baz/dep-of-bar
[INFO]  Replacing existing vendor dependencies

glide get: Add a dependency

glide get github.com/foo/bar github.com/fizz/buzz

Misconceptions

Using `master` does what you expect

Updates are predictable

Troubleshooting

[WARN] Lock file may be out of date. Hash check of YAML failed. You may need to run 'update'

CAUSE

SOLUTION

glide update

[WARN] Version not set for package github.com/example/pkg

CAUSE

SOLUTION

That package should not be installing

Failed to update/download/"set version" on github.com/foo/bar

When in doubt?

Working with Local Dependencies

Links

Glide Docs
glide.readthedocs.io/en/latest

Package Management Official Proposal
docs.google.com/document/d/18tNd8r5DV0yluCR7tPvkMTsWD_lYcRO7NhpNSDymRr8

Thank you

Chris Roche

Software Engineer, Lyft

Use the left and right arrow keys or click the left and right edges of the page to navigate between slides.
(Press 'H' or navigate to hide this message.)