Let me state here that what Baidu or Google sees is godep
not what I said in this blog post dep
, so what is the relationship between them? According to Peter Bourgon's blog post , they all have the same authors, but one is that dep is the official version and godep is a third-party tool.
I'm introducing dep today, and I've also introduced glide before. If you are interested, you can go to the Golang dependency management tool: glide from entry to proficient use . Now there is still a question why the official now supports dependency management? I personally think there are the following reasons (do not spray, if it is different or omitted, please leave a message to add):
- There are many third-party dependency management. Although it is very useful, it is rarely compatible, and the result is chaos;
- In order to increase the cohesion of the community and maintain the simple features of Go out of the box, the official package management does not require you to install various third-party tools, and the third-party tools will be compatible with the official version;
- There is also a mandarin, for the better development of go;
dep's FAQ has a descriptiondep
andgo get
a URL , and it also talks about dependency management tools andgo get
relationships. In one sentence, it依赖管理工具
is used to manage code for applications and codego get
for GOPATH. .
Enter the tutorial below.
introduce
dep is a prototype dependency management tool that needs to be used in Go 1.7 and later versions, indicating that there is still a market for third-party tools in the near future.
PS: This blog is dep
based on v0.3.
Install
Environment preparation.
//设置环境变量 使用vendor目录
GO15VENDOREXPERIMENT=1
install dep
When dep
it is officially integrated into Golang, perhaps Golang 1.10, the majority of people who eat melons can use go dep
commands directly. You still need to install it yourself.
$ go get -u github.com/golang/dep/cmd/dep
Verify installation
$ dep
dep is a tool for managing dependencies for Go projects
Usage: dep <command>
Commands:
init Initialize a new project with manifest and lock files
status Report the status of the project's dependencies
ensure Ensure a dependency is safely vendored in the project
prune Prune the vendor tree of unused packages
Examples:
dep init set up a new project
dep ensure install the project's dependencies
dep ensure -update update the locked versions of all dependencies
dep ensure -add github.com/pkg/errors add a dependency to the project
Use "dep help [command]" for more information about a command.
There is a very important option ensure
Chinese meaning is 确保;保证;担保
that the author wants to convey the meaning is 确保所有本地状态-代码树、清单、锁和供应商彼此同步
.
See this instruction has been installed.
use
Old rules, limited space, I only introduce frequently used ones. First enter a project in GOPATH.
cd $GOPATH/src/foordep
initialization (dep init)
$ cd foordep/
$ dep init
$ ll
total 12
-rw-rw-r-- 1 qiangmzsx qiangmzsx 286 Aug 7 11:45 Gopkg.lock
-rw-rw-r-- 1 qiangmzsx qiangmzsx 535 Aug 7 11:45 Gopkg.toml
drwxrwxr-x 2 qiangmzsx qiangmzsx 4096 Aug 7 11:45 vendor
We found that there are two files (Gopkg.lock, Gopkg.toml) and one directory (vendor) in the application fordep directory. What is their relationship?
So Gopkg.toml and Gopkg.lock are out of sync.
it's best to execute them when they appear dep ensure
.
Take a look at their contents below.
$ cat Gopkg.lock
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "ab4fef131ee828e96ba67d31a7d690bd5f2f42040c6766b1b12fe856f87e0ff7"
solver-name = "gps-cdcl"
solver-version = 1
$ cat Gopkg.toml
# Gopkg.toml example
#
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
# name = "github.com/user/project"
# version = "1.0.0"
#
# [[constraint]]
# name = "github.com/user/project2"
# branch = "dev"
# source = "github.com/myfork/project2"
#
# [[override]]
# name = "github.com/x/y"
# version = "2.4.0"
dep ensure
Let's write one Gopkg.toml
to see the effect.
# 必需包
required = ["github.com/astaxie/beego"]
# 忽略包
ignored = ["golang.org/x/crypto"]
# 项目元数据
[metadata]
homepage = "https://github.com/qiangmzsx"
license = "MIT"
owners_name_1 = "qiangmzsx"
owners_email_1 = "[email protected]"
owners_homepage_1 = "https://github.com/qiangmzsx"
# 约束条件
[[constraint]]
name = "github.com/astaxie/beego"
# 可选:版本
version = "=1.8.0"
# 分支
#branch = "master"
# 修订
#revision = "beego 1.8.0"
# 可选:指定来源
source = "github.com/astaxie/beego"
But how to implement it? You can run the following command to find help:
$ dep help ensure
Usage: dep ensure [-update | -add] [-no-vendor | -vendor-only] [-dry-run] [<spec>...]
Project spec:
<import path>[:alt source URL][@<constraint>]
Ensure gets a project into a complete, reproducible, and likely compilable state:
* All non-stdlib imports are fulfilled
* All rules in Gopkg.toml are respected
* Gopkg.lock records precise versions for all dependencies
* vendor/ is populated according to Gopkg.lock
Ensure has fast techniques to determine that some of these steps may be
unnecessary. If that determination is made, ensure may skip some steps. Flags
may be passed to bypass these checks; -vendor-only will allow an out-of-date
Gopkg.lock to populate vendor/, and -no-vendor will update Gopkg.lock (if
needed), but never touch vendor/.
The effect of passing project spec arguments varies slightly depending on the
combination of flags that are passed.
Examples:
dep ensure Populate vendor from existing Gopkg.toml and Gopkg.lock
dep ensure -add github.com/pkg/foo Introduce a named dependency at its newest version
dep ensure -add github.com/pkg/foo@^1.0.1 Introduce a named dependency with a particular constraint
For more detailed usage examples, see dep ensure -examples.
Flags:
-add add new dependencies, or populate Gopkg.toml with constraints for existing dependencies (default: false)
-dry-run only report the changes that would be made (default: false)
-examples print detailed usage examples (default: false)
-no-vendor update Gopkg.lock (if needed), but do not update vendor/ (default: false)
-update update the named dependencies (or all, if none are named) in Gopkg.lock to the latest allowed by Gopkg.toml (default: false)
-v enable verbose logging (default: false)
-vendor-only populate vendor/ from Gopkg.lock without updating it first (default: false)
do it
$ dep ensure
all dirs lacked any go code
Wrong, this is because there is no go code in the foordep directory, only one can be added.
$ vim main.go
package main
import (
"github.com/astaxie/beego"
"runtime"
)
func main() {
maxCPU := runtime.NumCPU()
runtime.GOMAXPROCS(maxCPU)
beego.Run()
}
Try again.
$ dep ensure
$ ll vendor/
total 4
drwxrwxr-x 3 qiangmzsx qiangmzsx 4096 Aug 7 16:29 github.com
Take a look at the contents of Gopkg.lock.
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
name = "github.com/astaxie/beego"
packages = [".","config","context","grace","logs","session","toolbox","utils"]
revision = "323a1c4214101331a4b71922c23d19b7409ac71f"
source = "github.com/astaxie/beego"
version = "v1.8.0"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "6fb93334da1b165aaab11f170d871a92b40033575e66e2cf4289e77e0d64551d"
solver-name = "gps-cdcl"
solver-version = 1
Now we need to parse the json, let's try to import the github.com/bitly/go-simplejson
package using the command line.
$ dep ensure -add github.com/bitly/go-simplejson
$ Gopkg.lock
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
name = "github.com/astaxie/beego"
packages = [".","config","context","grace","logs","session","toolbox","utils"]
revision = "323a1c4214101331a4b71922c23d19b7409ac71f"
source = "github.com/astaxie/beego"
version = "v1.8.0"
[[projects]]
name = "github.com/bitly/go-simplejson"
packages = ["."]
revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44"
version = "v0.5.0"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "6fb93334da1b165aaab11f170d871a92b40033575e66e2cf4289e77e0d64551d"
solver-name = "gps-cdcl"
solver-version = 1
More can be found github.com/bitly/go-simplejson
, but Gopkg.toml
nothing has changed. Note : an dep ensure -add
error is reported during execution
$ dep ensure -add github.com/bitly/go-simplejson
Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -add
You can also specify the version of dependencies:
$ dep ensure -add github.com/bitly/go-simplejson@=0.4.3
It is because it is out of sync and needs to be re- Gopkg.toml
executed . Refresh .Gopkg.lock
dep ensure
Gopkg.toml
# 必需包
required = ["github.com/astaxie/beego"]
# 忽略包
ignored = ["golang.org/x/crypto"]
# 项目元数据
[metadata]
homepage = "https://github.com/qiangmzsx"
license = "MIT"
owners_name_1 = "qiangmzsx"
owners_email_1 = "[email protected]"
owners_homepage_1 = "https://github.com/qiangmzsx"
# 约束条件
[[constraint]]
name = "github.com/astaxie/beego"
# 可选:版本
version = "=1.8.0"
# 分支
#branch = "master"
# 修订
#revision = "beego 1.8.0"
# 可选:指定来源
source = "github.com/astaxie/beego"
[[constraint]]
name = "github.com/bitly/go-simplejson"
branch = "master"
source = "https://github.com/bitly/go-simplejson.git"
Gopkg.toml
The version
rule: ~
and =
is version
the operator rule used, if it is only specified version = "1.8.0"
, it dep
will be automatically added ^
, indicating the version of the leftmost non-zero bit 加一
.
^1.2.3 意味 1.2.3 <= X < 2.0.0
^0.2.3 意味 0.2.3 <= X < 0.3.0
^0.0.3 意味 0.0.3 <= X < 0.1.0
If dep ensure
it appears when executing
$ dep ensure
error while parsing /home/users/qiangmzsx/golang/src/foordep/Gopkg.toml: multiple constraints specified for github.com/astaxie/beego, can only specify one
It means that the configuration is wrong, you need to see if the Gopkg.toml
file is configured at the same time version
, branch
and revision
.
empty configuration
Let's try to leave the foordep
directory situation alone for nowmain.go
package main
import (
"github.com/astaxie/beego"
"github.com/bitly/go-simplejson"
"runtime"
)
func main() {
maxCPU := runtime.NumCPU()
runtime.GOMAXPROCS(maxCPU)
strJson := `{"announcer": {"nickname": "非议讲史", "kind": "user", "created_at": 1494904539000, "updated_at": 1494983507000, "track_id": 38088960}}`
mapJson,_:=simplejson.NewJson([]byte(strJson))
println(mapJson)
beego.Run()
}
Execute dep ensure
To better see the process, add parameters -v
.
$ dep init -v
Root project is "foordep"
1 transitively valid internal packages
2 external packages imported from 2 projects
(0) ✓ select (root)
(1) ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(1) try github.com/bitly/[email protected]
(1) ✓ select github.com/bitly/[email protected] w/1 pkgs
(2) ? attempt github.com/astaxie/beego with 1 pkgs; 23 versions to try
(2) try github.com/astaxie/[email protected]
(2) ✓ select github.com/astaxie/[email protected] w/9 pkgs
✓ found solution with 10 packages from 2 projects
Solver wall times by segment:
b-list-versions: 3.926086724s
b-list-pkgs: 285.209471ms
b-gmal: 266.828805ms
select-atom: 3.417834ms
satisfy: 3.126864ms
select-root: 428.276µs
new-atom: 234.106µs
other: 45.014µs
b-source-exists: 6.946µs
b-deduce-proj-root: 3.472µs
TOTAL: 4.485387512s
Using ^0.5.0 as constraint for direct dep github.com/bitly/go-simplejson
Locking in v0.5.0 (aabad6e) for direct dep github.com/bitly/go-simplejson
Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego
View Gopkg.toml
and Gopkg.lock
file again at this time:
$ vim Gopkg.toml
[[constraint]]
name = "github.com/astaxie/beego"
version = "1.8.3"
[[constraint]]
name = "github.com/bitly/go-simplejson"
version = "0.5.0"
$ vim Gopkg.lock
[[projects]]
name = "github.com/astaxie/beego"
packages = [".","config","context","context/param","grace","logs","session","toolbox","utils"]
revision = "cab8458c1c4a5a3b4bf5192922be620e6dede15b"
version = "v1.8.3"
[[projects]]
name = "github.com/bitly/go-simplejson"
packages = ["."]
revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44"
version = "v0.5.0"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "dc040fb12390d61768be6388ad2935bdd7f9cc93d4b1fdda421a284058277c80"
solver-name = "gps-cdcl"
solver-version = 1
The same glide
as, has a 自举
function, I don't know if this term is used correctly. dep
The files are automatically generated Gopkg.toml
and Gopkg.lock
configured from the code.
PS: But it is not recommended, because the dependency packages it pulls are the latest, and there may be incompatibility, and China is a 被墙
place.
cache
Many people will have questions when they see this? dep
Does the dependency package pull the new one every time or use the local cache first? What is certain is that there is dep
also a local cache , you can open it to $GOPATH/pkg/dep/
see if it exists!
Let's do two tests below.
$GOPATH/src does not exist dependent packages
Prepare the environment, clear the original cache and vendor, and don't miss $GOPATH/src
out github.com/bitly/go-simplejson
.
$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 990 Aug 7 16:39 main.go
$ vim main.go
package main
import (
"github.com/astaxie/beego"
"github.com/bitly/go-simplejson"
"runtime"
)
func main() {
maxCPU := runtime.NumCPU()
runtime.GOMAXPROCS(maxCPU)
strJson := `{"announcer": {"nickname": "非议讲史", "kind": "user", "updated_at": 1494983507000, "track_id": 38088960}}`
mapJson,_:=simplejson.NewJson([]byte(strJson))
println(mapJson)
beego.Run()
}
Perform the dep init -gopath -v
view initialization process.
$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 382 Aug 8 12:47 main.go
$ dep init -gopath -v
Searching GOPATH for projects...
Following dependencies were not found in GOPATH. Dep will use the most recent versions of these projects.
github.com/bitly/go-simplejson
Root project is "foordep"
1 transitively valid internal packages
2 external packages imported from 2 projects
(0) ✓ select (root)
(1) ? attempt github.com/astaxie/beego with 1 pkgs; at least 1 versions to try
(1) try github.com/astaxie/beego@76ce912a30f9255d8d353d365ab99cb069fd29e0
(1) ✗ Unable to update checked out version: fatal: reference is not a tree: 76ce912a30f9255d8d353d365ab99cb069fd29e0
(1) try github.com/astaxie/[email protected]
(1) ✓ select github.com/astaxie/[email protected] w/9 pkgs
(2) ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(2) try github.com/bitly/[email protected]
(2) ✓ select github.com/bitly/[email protected] w/1 pkgs
✓ found solution with 10 packages from 2 projects
Solver wall times by segment:
b-list-pkgs: 320.955115ms
b-gmal: 274.950203ms
satisfy: 8.179966ms
select-atom: 2.62224ms
new-atom: 392.168µs
b-list-versions: 254.937µs
select-root: 209.152µs
b-deduce-proj-root: 40.45µs
other: 37.01µs
b-source-exists: 5.83µs
TOTAL: 607.647071ms
Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego
Using ^0.5.0 as constraint for direct dep github.com/bitly/go-simplejson
Locking in v0.5.0 (aabad6e) for direct dep github.com/bitly/go-simplejson
The log shows that dep
it is first searched from $GOPATH github.com/bitly/go-simplejson
, and downloaded from the network because it is not found.
There are dependent packages in $GOPATH
Prepare the environment, clear the original cache and vendor, and pay attention$GOPATH/src
to the github.com/bitly/go-simplejson
existence of it.
$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 382 Aug 8 12:47 main.go
$ dep init -gopath -v
Searching GOPATH for projects...
Using master as constraint for direct dep github.com/bitly/go-simplejson
Locking in master (da1a892) for direct dep github.com/bitly/go-simplejson
Root project is "foordep"
1 transitively valid internal packages
2 external packages imported from 2 projects
(0) ✓ select (root)
(1) ? attempt github.com/astaxie/beego with 1 pkgs; at least 1 versions to try
(1) try github.com/astaxie/beego@76ce912a30f9255d8d353d365ab99cb069fd29e0
(1) ✗ Unable to update checked out version: fatal: reference is not a tree: 76ce912a30f9255d8d353d365ab99cb069fd29e0
(1) try github.com/astaxie/[email protected]
(1) ✓ select github.com/astaxie/[email protected] w/9 pkgs
(2) ? attempt github.com/bitly/go-simplejson with 1 pkgs; at least 1 versions to try
(2) try github.com/bitly/go-simplejson@master
(2) ✓ select github.com/bitly/go-simplejson@master w/1 pkgs
✓ found solution with 10 packages from 2 projects
Solver wall times by segment:
b-list-pkgs: 312.646734ms
b-gmal: 265.066047ms
satisfy: 6.488056ms
select-atom: 3.287416ms
new-atom: 397.837µs
select-root: 373.267µs
b-list-versions: 108.466µs
other: 47.43µs
b-source-exists: 7.71µs
b-deduce-proj-root: 6.568µs
TOTAL: 588.429531ms
Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego
It can be seen that it github.com/bitly/go-simplejson
is $GOPATH
obtained first. The benefits I personally think are two:
- save time;
- The stability and compatibility of the native class library has been verified by users.
There is dep v0.1
no need to manually add -gopath
options at this time, the dep
tool will automatically judge, but dep v0.3
if it is not added later , -gopath
the default is to download from the network.
Update configuration (dep ensure -update)
Now modify foordep
the content of the project Gopkg.toml
to:
$ vim Gopkg.toml
[[constraint]]
name = "github.com/astaxie/beego"
# 约束为1.8.0
version = "=1.8.0"
[[constraint]]
name = "github.com/bitly/go-simplejson"
version = "0.5.0"
$ dep ensure -update
Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -update
$ dep ensure
$ dep ensure -update -v
Root project is "foordep"
1 transitively valid internal packages
2 external packages imported from 2 projects
(0) ✓ select (root)
(1) ? attempt github.com/astaxie/beego with 1 pkgs; 23 versions to try
(1) try github.com/astaxie/[email protected]
(2) ✗ github.com/astaxie/[email protected] not allowed by constraint 1.8.0:
(2) 1.8.0 from (root)
(1) try github.com/astaxie/[email protected]
(2) ✗ github.com/astaxie/[email protected] not allowed by constraint 1.8.0:
(2) 1.8.0 from (root)
(1) try github.com/astaxie/[email protected]
(2) ✗ github.com/astaxie/[email protected] not allowed by constraint 1.8.0:
(2) 1.8.0 from (root)
(1) try github.com/astaxie/[email protected]
(1) ✓ select github.com/astaxie/[email protected] w/8 pkgs
(2) ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(2) try github.com/bitly/[email protected]
(2) ✓ select github.com/bitly/[email protected] w/1 pkgs
✓ found solution with 9 packages from 2 projects
Solver wall times by segment:
b-source-exists: 4.00794324s
b-list-pkgs: 2.545452669s
b-gmal: 276.070372ms
satisfy: 5.179016ms
select-atom: 4.337704ms
new-atom: 1.359055ms
b-list-versions: 467.799µs
b-matches: 371.239µs
select-root: 193.471µs
b-pair-rev: 127.992µs
other: 25.962µs
b-pair-version: 7.866µs
TOTAL: 6.841536385s
$ dep status
PROJECT CONSTRAINT VERSION REVISION LATEST PKGS USED
github.com/astaxie/beego 1.8.0 v1.8.0 323a1c4 323a1c4 8
github.com/bitly/go-simplejson ^0.5.0 v0.5.0 aabad6e aabad6e 1
postscript
Seeing this, it dep
can be used for basic use, but for now, it dep
is not stable enough, and no one knows how to change it in the future. If you like this blog post, please 点赞
or 留言
, if you have different opinions, please 留言
discuss.