ACM@UIUC TIL logo ACM@UIUC TIL

go

Dependency Management in Go

Since things in the go world change constantly, new changes to libraries may cause your code to break. Other languages (e.g. python, ruby, javascript) solve this issue using a package manager (pip, bundler/gem, npm/yarn) which will record specific versions of libraries in a file so that when others use your code they will install the same versions of each library. Some package managers will also install libraries in a directory in the project, so that projects can use different versions of the same library. This process is called vendoring.

Go 1.5 introduced experimental vendoring, which in Go 1.7 is a standard feature. They also introduced a new official dependency management tool called dep which is now in alpha

How to use dep

Install dep

To install dep use the standard go get

go get github.com/golang/dep/...

Now that go is installed assuming that $GOPATH/bin is in your $PATH you should now have a command called dep

Using dep

To start tracking library versions for a package use

dep init 
dep ensure --update

This will create a Gopkg.toml file and a Gopkg.lock file and a directory called vendor which will contain the dependencies. It’s usually recommended that you track both of the files in your git repository but not the vendor directory

Install dependencies after clone

dep ensure

Updating package versions

To update all of the package versions to the latest versions

dep ensure -update

To update a single package to a specfic version

dep ensure github.com/pkg/errors@0.8.0

To update a single package to above a specfic version

dep ensure github.com/pkg/errors@^0.8.0

Making your project compatible with dep

Go expects a lot of things to be setup in a particular way. The way a package is referenced is by its url, just like with go get It also uses git tags to refer to versions and those versions have some what of an expected format v[Version number]-[qualifier] For example

v0.1.0
v0.1.0-beta 
v0.1.0-rc

are valid but,

v0.1.0rc
v0.1.0b

are not.

Github and Gitlab have convient interfaces to tag releases, just follow their instructions and it should be fine.