2.1 Go依赖管理工具dep

Go dependency management tool

环境要求

• Golang >= 1.9

• Dep

目前版本：

dep:
 version     : devel
 build date  : 
 git hash    : 
 go version  : go1.10
 go compiler : gc
 platform    : linux/amd64

Latest release为v0.4.1

安装

go get -u github.com/golang/dep/cmd/dep

若$GOPATH/bin不在PATH下，则需要将生成的dep文件从$GOPATH/bin移动至$GOBIAN下

验证

$ dep
Dep is a tool for managing dependencies for Go projects

Usage: "dep [command]"

Commands:

  init     Set up a new Go project, or migrate an existing one
  status   Report the status of the project's dependencies
  ensure   Ensure a dependency is safely vendored in the project
  prune    Pruning is now performed automatically by dep ensure.
  version  Show the dep version information

Examples:
  dep init                               set up a new project
  dep ensure                             install the project's dependencies
  dep ensure -update                     update the locked versions of all dependencies
  dep ensure -add github.com/pkg/errors  add a dependency to the project

Use "dep help [command]" for more information about a command.

初始化

在项目根目录执行初始化命令，dep在初始化时会分析应用程序所需要的所有依赖包，得出依赖包清单

并生成vendor目录，Gopkg.toml、Gopkg.lock文件

image

默认初始化

$ dep init -v

直接从对应网络资源处下载

优先从$GOPATH初始化

$ dep init -gopath -v

该命令会先从$GOPATH查找既有的依赖包，若不存在则从对应网络资源处下载

Gopkg.toml

该文件由dep init生成，包含管理dep行为的规则声明

required = ["github.com/user/thing/cmd/thing"]

ignored = [
  "github.com/user/project/pkgX",
  "bitbucket.org/user/project/pkgA/pkgY"
]

[metadata]
key1 = "value that convey data to other systems"
system1-data = "value that is used by a system"
system2-data = "value that is used by another system"

[[constraint]]
  # Required: the root import path of the project being constrained.
  name = "github.com/user/project"
  # Recommended: the version constraint to enforce for the project.
  # Note that only one of "branch", "version" or "revision" can be specified.
  version = "1.0.0"
  branch = "master"
  revision = "abc123"

  # Optional: an alternate location (URL or import path) for the project's source.
  source = "https://github.com/myfork/package.git"

  # Optional: metadata about the constraint or override that could be used by other independent systems
  [metadata]
  key1 = "value that convey data to other systems"
  system1-data = "value that is used by a system"
  system2-data = "value that is used by another system"

Gopkg.lock

该文件由dep ensure和dep init生成，包含一个项目依赖关系图的传递完整快照，表示为一系列[[project]]节

# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.

[[projects]]
  branch = "master"
  name = "github.com/golang/protobuf"
  packages = [
    "jsonpb",
    "proto",
    "protoc-gen-go/descriptor",
    "ptypes",
    "ptypes/any",
    "ptypes/duration",
    "ptypes/struct",
    "ptypes/timestamp"
  ]
  revision = "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175"

常用命令

dep ensure

从项目中的Gopkg.toml和Gopkg.lock中分析关系图，并获取所需的依赖包

用于确保本地的关系图、锁、依赖包清单完全一致

dep ensure -add

# 引入该依赖包的最新版本
dep ensure -add github.com/pkg/foo

# 引入具有特定约束（指定版本）的依赖包
dep ensure -add github.com/pkg/foo@^1.0.1

dep ensure -update

将Gopkg.lock中的约定依赖项更新为Gopkg.toml允许的最新版本

最后

目前dep还在官方试验阶段，但已表示生产可安全使用

如果出现什么问题，大家可以一起留个言讨论讨论