Go依赖管理工具

Go dependency management tool

环境要求

  • Golang >= 1.9
  • Dep

目前版本:

  1. dep:
  2.  version     : devel
  3.  build date  : 
  4.  git hash    : 
  5.  go version  : go1.10
  6.  go compiler : gc
  7.  platform    : linux/amd64

Latest releasev0.4.1

安装

  1. go get -u github.com/golang/dep/cmd/dep

$GOPATH/bin不在PATH下,则需要将生成的dep文件从$GOPATH/bin移动至$GOBIAN

验证

  1. $ dep
  2. Dep is a tool for managing dependencies for Go projects
  4. Usage: "dep [command]"
  6. Commands:
  8.   init     Set up a new Go project, or migrate an existing one
  9.   status   Report the status of the project's dependencies
  10.   ensure   Ensure a dependency is safely vendored in the project
  11.   prune    Pruning is now performed automatically by dep ensure.
  12.   version  Show the dep version information
  14. Examples:
  15.   dep init                               set up a new project
  16.   dep ensure                             install the project's dependencies
  17.   dep ensure -update                     update the locked versions of all dependencies
  18.   dep ensure -add github.com/pkg/errors  add a dependency to the project
  20. Use "dep help [command]" for more information about a command.

初始化

在项目根目录执行初始化命令,dep在初始化时会分析应用程序所需要的所有依赖包,得出依赖包清单

并生成vendor目录,Gopkg.tomlGopkg.lock文件

image

默认初始化

  1. $ dep init -v

直接从对应网络资源处下载

优先从$GOPATH初始化

  1. $ dep init -gopath -v

该命令会先从$GOPATH查找既有的依赖包,若不存在则从对应网络资源处下载

Gopkg.toml

该文件由dep init生成,包含管理dep行为的规则声明

  1. required = ["github.com/user/thing/cmd/thing"]
  3. ignored = [
  4.   "github.com/user/project/pkgX",
  5.   "bitbucket.org/user/project/pkgA/pkgY"
  6. ]
  8. [metadata]
  9. key1 = "value that convey data to other systems"
  10. system1-data = "value that is used by a system"
  11. system2-data = "value that is used by another system"
  13. [[constraint]]
  14.   # Required: the root import path of the project being constrained.
  15.   name = "github.com/user/project"
  16.   # Recommended: the version constraint to enforce for the project.
  17.   # Note that only one of "branch", "version" or "revision" can be specified.
  18.   version = "1.0.0"
  19.   branch = "master"
  20.   revision = "abc123"
  22.   # Optional: an alternate location (URL or import path) for the project's source.
  23.   source = "https://github.com/myfork/package.git"
  25.   # Optional: metadata about the constraint or override that could be used by other independent systems
  26.   [metadata]
  27.   key1 = "value that convey data to other systems"
  28.   system1-data = "value that is used by a system"
  29.   system2-data = "value that is used by another system"

Gopkg.lock

该文件由dep ensuredep init生成,包含一个项目依赖关系图的传递完整快照,表示为一系列[[project]]

  1. # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
  3. [[projects]]
  4.   branch = "master"
  5.   name = "github.com/golang/protobuf"
  6.   packages = [
  7.     "jsonpb",
  8.     "proto",
  9.     "protoc-gen-go/descriptor",
  10.     "ptypes",
  11.     "ptypes/any",
  12.     "ptypes/duration",
  13.     "ptypes/struct",
  14.     "ptypes/timestamp"
  15.   ]
  16.   revision = "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175"

常用命令

dep ensure

从项目中的Gopkg.tomlGopkg.lock中分析关系图,并获取所需的依赖包

用于确保本地的关系图、锁、依赖包清单完全一致

dep ensure -add

  1. # 引入该依赖包的最新版本
  2. dep ensure -add github.com/pkg/foo
  4. # 引入具有特定约束(指定版本)的依赖包
  5. dep ensure -add github.com/pkg/foo@^1.0.1

dep ensure -update

Gopkg.lock中的约定依赖项更新为Gopkg.toml允许的最新版本

最后

目前dep还在官方试验阶段,但已表示生产可安全使用

如果出现什么问题,大家可以一起留个言讨论讨论