Golang官方依赖管理工具:dep

梦朝思夕 · · 53737 次点击 · · 开始浏览    
这是一个创建于 的文章,其中的信息可能已经有所发展或是发生改变。

在这里声明一下,百度或者google看到的godep不是我这篇博文说的dep,那它们是什么关系呢?按照Peter Bourgon博文来说,它们的作者都有相同的人,但是一个是dep是官方版本,godep是第三方工具。
我今天介绍的是dep,之前也有介绍过glide,有兴趣的可以到Golang依赖管理工具:glide从入门到精通使用看看。 现在还有一个疑问是为什么官方现在要支持依赖管理了呢?我个人认为有如下原因(勿喷,如果不同或者遗漏欢迎留言补充):

  • 第三方依赖管理很多,虽然很好用,但是很少可以兼容的,结果--乱;
  • 官方的包管理为了增加社区的凝聚力,保持Go开箱即用的简单特性,不需要大家再安装各种第三方工具了,而且第三方工具都会过来兼容官方版的;
  • 还有一个官话,为了go更好的发展;
    dep的FAQ中有一段描述depgo get网址,也是侧面说了依赖管理工具和go get关系, 一句话概括:依赖管理工具是为应用管理代码的,go get是为GOPATH管理代码的。

下面进入教程。

介绍

dep是一个原型依赖管理工具,需要在Go 1.7及更高的版本中使用,说明第三方工具近期还是有市场的。
PS:本博客的dep基于v0.3。

安装

环境准备。


//设置环境变量 使用vendor目录
GO15VENDOREXPERIMENT=1

安装dep

等到dep正式集成到Golang中时候,也许是Golang 1.10 ,广大吃瓜群众就可以直接使用go dep命令。现在还是需要自己安装的。

$ go get -u github.com/golang/dep/cmd/dep

验证安装

$ dep
dep is a tool for managing dependencies for Go projects

Usage: dep <command>

Commands:

  init    Initialize a new project with manifest and lock files
  status  Report the status of the project's dependencies
  ensure  Ensure a dependency is safely vendored in the project
  prune   Prune the vendor tree of unused packages

Examples:
  dep init                               set up a new project
  dep ensure                             install the project's dependencies
  dep ensure -update                     update the locked versions of all dependencies
  dep ensure -add github.com/pkg/errors  add a dependency to the project

Use "dep help [command]" for more information about a command.

有一个很重要的选项ensure中文含义是确保;保证;担保,作者想传达的意思是确保所有本地状态-代码树、清单、锁和供应商彼此同步

看到这个说明已经安装好了。

使用

老规矩,篇幅有限,我只介绍经常使用到的。 先进入在GOPATH的一个项目中。

cd $GOPATH/src/foordep

初始化(dep init)

$ cd foordep/
$ dep init
$ ll
total 12
-rw-rw-r-- 1 qiangmzsx qiangmzsx  286 Aug  7 11:45 Gopkg.lock
-rw-rw-r-- 1 qiangmzsx qiangmzsx  535 Aug  7 11:45 Gopkg.toml
drwxrwxr-x 2 qiangmzsx qiangmzsx 4096 Aug  7 11:45 vendor

大家发现了,应用foordep目录下出现了两个文件(Gopkg.lock、Gopkg.toml)和一个目录(vendor)。 它们是什么关系呢?
关系
所以出现Gopkg.toml and Gopkg.lock are out of sync.时候最好执行一下dep ensure

下面看看它们的内容。

$ cat Gopkg.lock 
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.


[solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "ab4fef131ee828e96ba67d31a7d690bd5f2f42040c6766b1b12fe856f87e0ff7"
  solver-name = "gps-cdcl"
  solver-version = 1
$ cat Gopkg.toml 

# Gopkg.toml example
#
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
#   name = "github.com/user/project"
#   version = "1.0.0"
#
# [[constraint]]
#   name = "github.com/user/project2"
#   branch = "dev"
#   source = "github.com/myfork/project2"
#
# [[override]]
#  name = "github.com/x/y"
#  version = "2.4.0"

dep ensure

我们写一个Gopkg.toml看看效果。


# 必需包
required = ["github.com/astaxie/beego"]
# 忽略包
ignored = ["golang.org/x/crypto"]
# 项目元数据
[metadata]
homepage = "https://github.com/qiangmzsx"
license = "MIT"
owners_name_1 = "qiangmzsx"
owners_email_1 = "qiangmzsx@hotmail.com"
owners_homepage_1 = "https://github.com/qiangmzsx"

# 约束条件
[[constraint]]
  name = "github.com/astaxie/beego"
  # 可选:版本
  version = "=1.8.0"
  # 分支
  #branch = "master"
  # 修订
  #revision = "beego 1.8.0"
  # 可选:指定来源
  source = "github.com/astaxie/beego"

但是怎么样执行?可以执行如下命令寻找帮助:

$ dep help ensure
Usage: dep ensure [-update | -add] [-no-vendor | -vendor-only] [-dry-run] [<spec>...]

Project spec:

  <import path>[:alt source URL][@<constraint>]


Ensure gets a project into a complete, reproducible, and likely compilable state:

  * All non-stdlib imports are fulfilled
  * All rules in Gopkg.toml are respected
  * Gopkg.lock records precise versions for all dependencies
  * vendor/ is populated according to Gopkg.lock

Ensure has fast techniques to determine that some of these steps may be
unnecessary. If that determination is made, ensure may skip some steps. Flags
may be passed to bypass these checks; -vendor-only will allow an out-of-date
Gopkg.lock to populate vendor/, and -no-vendor will update Gopkg.lock (if
needed), but never touch vendor/.

The effect of passing project spec arguments varies slightly depending on the
combination of flags that are passed.


Examples:

  dep ensure                                 Populate vendor from existing Gopkg.toml and Gopkg.lock
  dep ensure -add github.com/pkg/foo         Introduce a named dependency at its newest version
  dep ensure -add github.com/pkg/foo@^1.0.1  Introduce a named dependency with a particular constraint

For more detailed usage examples, see dep ensure -examples.

Flags:

  -add          add new dependencies, or populate Gopkg.toml with constraints for existing dependencies (default: false)
  -dry-run      only report the changes that would be made (default: false)
  -examples     print detailed usage examples (default: false)
  -no-vendor    update Gopkg.lock (if needed), but do not update vendor/ (default: false)
  -update       update the named dependencies (or all, if none are named) in Gopkg.lock to the latest allowed by Gopkg.toml (default: false)
  -v            enable verbose logging (default: false)
  -vendor-only  populate vendor/ from Gopkg.lock without updating it first (default: false)

执行一下

$ dep ensure
all dirs lacked any go code

错误了,这是因为foordep目录下没有任何的go代码,只能加上一个看看。


$ vim main.go
package main

import (
    "github.com/astaxie/beego"
    "runtime"
)

func main() {
    maxCPU := runtime.NumCPU()
    runtime.GOMAXPROCS(maxCPU)
    beego.Run()
}

再来试试看。

$ dep ensure
$ ll vendor/
total 4
drwxrwxr-x 3 qiangmzsx qiangmzsx 4096 Aug  7 16:29 github.com

看看Gopkg.lock的内容。

# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.


[[projects]]
  name = "github.com/astaxie/beego"
  packages = [".","config","context","grace","logs","session","toolbox","utils"]
  revision = "323a1c4214101331a4b71922c23d19b7409ac71f"
  source = "github.com/astaxie/beego"
  version = "v1.8.0"


[solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "6fb93334da1b165aaab11f170d871a92b40033575e66e2cf4289e77e0d64551d"
  solver-name = "gps-cdcl"
  solver-version = 1

现在需要解析json,我们试试使用命令行的方式导入github.com/bitly/go-simplejson包。

$ dep ensure -add github.com/bitly/go-simplejson
$ Gopkg.lock
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.


[[projects]]
  name = "github.com/astaxie/beego"
  packages = [".","config","context","grace","logs","session","toolbox","utils"]
  revision = "323a1c4214101331a4b71922c23d19b7409ac71f"
  source = "github.com/astaxie/beego"
  version = "v1.8.0"

[[projects]]
  name = "github.com/bitly/go-simplejson"
  packages = ["."]
  revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44"
  version = "v0.5.0"

[solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "6fb93334da1b165aaab11f170d871a92b40033575e66e2cf4289e77e0d64551d"
  solver-name = "gps-cdcl"
  solver-version = 1

可以发现多了github.com/bitly/go-simplejson,但是Gopkg.toml并没有任何改变。 注意:执行dep ensure -add时候报错

$ dep ensure -add github.com/bitly/go-simplejson
Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -add

还可以指定依赖的版本:

$ dep ensure -add github.com/bitly/go-simplejson@=0.4.3

是因为Gopkg.tomlGopkg.lock不同步了,需要重新执行一下dep ensure即可。 重新整理一下Gopkg.toml

# 必需包
required = ["github.com/astaxie/beego"]
# 忽略包
ignored = ["golang.org/x/crypto"]
# 项目元数据
[metadata]
homepage = "https://github.com/qiangmzsx"
license = "MIT"
owners_name_1 = "qiangmzsx"
owners_email_1 = "qiangmzsx@hotmail.com"
owners_homepage_1 = "https://github.com/qiangmzsx"

# 约束条件
[[constraint]]
  name = "github.com/astaxie/beego"
  # 可选:版本
  version = "=1.8.0"
  # 分支
  #branch = "master"
  # 修订
  #revision = "beego 1.8.0"
  # 可选:指定来源
  source = "github.com/astaxie/beego"


[[constraint]]
  name = "github.com/bitly/go-simplejson"
  branch = "master"
  source = "https://github.com/bitly/go-simplejson.git"

Gopkg.tomlversion规则: ~=version使用的操作符规则,如果仅仅是指定version = "1.8.0",那么dep会自动加上^,表示最左边的非零位的版本加一

^1.2.3 意味 1.2.3 <= X < 2.0.0
^0.2.3 意味 0.2.3 <= X < 0.3.0
^0.0.3 意味 0.0.3 <= X < 0.1.0

如果执行dep ensure时候出现

$ dep  ensure 
error while parsing /home/users/qiangmzsx/golang/src/foordep/Gopkg.toml: multiple constraints specified for github.com/astaxie/beego, can only specify one

说明配置写错了,需要看看Gopkg.toml文件中是不是同时配置了versionbranchrevision

空配置

我们现在尝试着把foordep目录情况就留下main.go


package main

import (
    "github.com/astaxie/beego"
    "github.com/bitly/go-simplejson"
    "runtime"
)

func main() {
    maxCPU := runtime.NumCPU()
    runtime.GOMAXPROCS(maxCPU)
    strJson := `{"announcer": {"nickname": "非议讲史", "kind": "user", "created_at": 1494904539000, "updated_at": 1494983507000, "track_id": 38088960}}`
    mapJson,_:=simplejson.NewJson([]byte(strJson))
    println(mapJson)
    beego.Run()
}

执行dep ensure 为了更好地看到过程,加上参数-v

$ dep init -v
Root project is "foordep"
 1 transitively valid internal packages
 2 external packages imported from 2 projects
(0)   ✓ select (root)
(1)    ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(1)        try github.com/bitly/go-simplejson@v0.5.0
(1)    ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
(2)    ? attempt github.com/astaxie/beego with 1 pkgs; 23 versions to try
(2)        try github.com/astaxie/beego@v1.8.3
(2)    ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
  ✓ found solution with 10 packages from 2 projects

Solver wall times by segment:
     b-list-versions: 3.926086724s
         b-list-pkgs: 285.209471ms
              b-gmal: 266.828805ms
         select-atom:   3.417834ms
             satisfy:   3.126864ms
         select-root:    428.276µs
            new-atom:    234.106µs
               other:     45.014µs
     b-source-exists:      6.946µs
  b-deduce-proj-root:      3.472µs

  TOTAL: 4.485387512s

  Using ^0.5.0 as constraint for direct dep github.com/bitly/go-simplejson
  Locking in v0.5.0 (aabad6e) for direct dep github.com/bitly/go-simplejson
  Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
  Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego

此时再查看Gopkg.tomlGopkg.lock文件:

$ vim Gopkg.toml
[[constraint]]
  name = "github.com/astaxie/beego"
  version = "1.8.3"

[[constraint]]
  name = "github.com/bitly/go-simplejson"
  version = "0.5.0"

$ vim Gopkg.lock
[[projects]]
  name = "github.com/astaxie/beego"
  packages = [".","config","context","context/param","grace","logs","session","toolbox","utils"]
  revision = "cab8458c1c4a5a3b4bf5192922be620e6dede15b"
  version = "v1.8.3"

[[projects]]
  name = "github.com/bitly/go-simplejson"
  packages = ["."]
  revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44"
  version = "v0.5.0"

[solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "dc040fb12390d61768be6388ad2935bdd7f9cc93d4b1fdda421a284058277c80"
  solver-name = "gps-cdcl"
  solver-version = 1

glide一样,具有自举功能,不知道这个名词用得对不对。dep会自动根据代码生成Gopkg.tomlGopkg.lock配置文件。
PS:但是不建议使用,因为其拉取的依赖包都是最新的,可能出现不兼容,再者我国是一个被墙的地方。

dep cache

看到这里时候很多人都会有疑问?dep的依赖包每一次都是拉取新的还是优先使用本地cache呢?可以肯定的是 dep也是有本地缓存的,大家可以打开$GOPATH/pkg/dep/看看,是不是存在呢!
下面我们做两个测试看看。

$GOPATH/src不存在依赖包

环境准备,将原来的cache和vendor清空,别遗漏了$GOPATH/src中的github.com/bitly/go-simplejson

$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 990 Aug  7 16:39 main.go
$ vim main.go 
package main

import (
    "github.com/astaxie/beego"
    "github.com/bitly/go-simplejson"
    "runtime"
)

func main() {
    maxCPU := runtime.NumCPU()
    runtime.GOMAXPROCS(maxCPU)
    strJson := `{"announcer": {"nickname": "非议讲史", "kind": "user", "updated_at": 1494983507000, "track_id": 38088960}}`
    mapJson,_:=simplejson.NewJson([]byte(strJson))
    println(mapJson)
    beego.Run()
}

执行dep init -gopath -v查看初始化过程。

$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 382 Aug  8 12:47 main.go
$ dep  init -gopath -v
Searching GOPATH for projects...
Following dependencies were not found in GOPATH. Dep will use the most recent versions of these projects.
  github.com/bitly/go-simplejson
Root project is "foordep"
 1 transitively valid internal packages
 2 external packages imported from 2 projects
(0)   ✓ select (root)
(1)    ? attempt github.com/astaxie/beego with 1 pkgs; at least 1 versions to try
(1)        try github.com/astaxie/beego@76ce912a30f9255d8d353d365ab99cb069fd29e0
(1)    ✗   Unable to update checked out version: fatal: reference is not a tree: 76ce912a30f9255d8d353d365ab99cb069fd29e0
(1)        try github.com/astaxie/beego@v1.8.3
(1)    ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
(2)    ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(2)        try github.com/bitly/go-simplejson@v0.5.0
(2)    ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
  ✓ found solution with 10 packages from 2 projects

Solver wall times by segment:
         b-list-pkgs: 320.955115ms
              b-gmal: 274.950203ms
             satisfy:   8.179966ms
         select-atom:    2.62224ms
            new-atom:    392.168µs
     b-list-versions:    254.937µs
         select-root:    209.152µs
  b-deduce-proj-root:      40.45µs
               other:      37.01µs
     b-source-exists:       5.83µs

  TOTAL: 607.647071ms

  Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
  Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego
  Using ^0.5.0 as constraint for direct dep github.com/bitly/go-simplejson
  Locking in v0.5.0 (aabad6e) for direct dep github.com/bitly/go-simplejson

日志显示,dep首先从$GOPATH查找github.com/bitly/go-simplejson,因为没有找到才从网络下载。

$GOPATH存在依赖包

环境准备,将原来的cache和vendor清空,注意$GOPATH/src中的github.com/bitly/go-simplejson存在。

$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 382 Aug  8 12:47 main.go
$ dep  init -gopath -v
Searching GOPATH for projects...
  Using master as constraint for direct dep github.com/bitly/go-simplejson
  Locking in master (da1a892) for direct dep github.com/bitly/go-simplejson
Root project is "foordep"
 1 transitively valid internal packages
 2 external packages imported from 2 projects
(0)   ✓ select (root)
(1)    ? attempt github.com/astaxie/beego with 1 pkgs; at least 1 versions to try
(1)        try github.com/astaxie/beego@76ce912a30f9255d8d353d365ab99cb069fd29e0
(1)    ✗   Unable to update checked out version: fatal: reference is not a tree: 76ce912a30f9255d8d353d365ab99cb069fd29e0
(1)        try github.com/astaxie/beego@v1.8.3
(1)    ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
(2)    ? attempt github.com/bitly/go-simplejson with 1 pkgs; at least 1 versions to try
(2)        try github.com/bitly/go-simplejson@master
(2)    ✓ select github.com/bitly/go-simplejson@master w/1 pkgs
  ✓ found solution with 10 packages from 2 projects

Solver wall times by segment:
         b-list-pkgs: 312.646734ms
              b-gmal: 265.066047ms
             satisfy:   6.488056ms
         select-atom:   3.287416ms
            new-atom:    397.837µs
         select-root:    373.267µs
     b-list-versions:    108.466µs
               other:      47.43µs
     b-source-exists:       7.71µs
  b-deduce-proj-root:      6.568µs

  TOTAL: 588.429531ms

  Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
  Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego

可以看到github.com/bitly/go-simplejson是优先从$GOPATH获取的。 好处我个人认为有两个:

  • 节省时间;
  • 本地类库的稳定性和兼容性已经经过用户验证了。

dep v0.1时候还不需要手动加上-gopath选项,dep工具会自动判断,但是dep v0.3后如果没有加上-gopath那么默认就是从网络下载。

更新配置 (dep ensure -update)

现在修改foordep项目的Gopkg.toml内容为:

$ vim  Gopkg.toml
[[constraint]]
  name = "github.com/astaxie/beego"
  # 约束为1.8.0
  version = "=1.8.0"

[[constraint]]
  name = "github.com/bitly/go-simplejson"
  version = "0.5.0"
$ dep  ensure -update
Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -update
$ dep  ensure 
$ dep  ensure -update -v
Root project is "foordep"
 1 transitively valid internal packages
 2 external packages imported from 2 projects
(0)   ✓ select (root)
(1)    ? attempt github.com/astaxie/beego with 1 pkgs; 23 versions to try
(1)        try github.com/astaxie/beego@v1.8.3
(2)    ✗   github.com/astaxie/beego@v1.8.3 not allowed by constraint 1.8.0:
(2)        1.8.0 from (root)
(1)        try github.com/astaxie/beego@v1.8.2
(2)    ✗   github.com/astaxie/beego@v1.8.2 not allowed by constraint 1.8.0:
(2)        1.8.0 from (root)
(1)        try github.com/astaxie/beego@v1.8.1
(2)    ✗   github.com/astaxie/beego@v1.8.1 not allowed by constraint 1.8.0:
(2)        1.8.0 from (root)
(1)        try github.com/astaxie/beego@v1.8.0
(1)    ✓ select github.com/astaxie/beego@v1.8.0 w/8 pkgs
(2)    ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(2)        try github.com/bitly/go-simplejson@v0.5.0
(2)    ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
  ✓ found solution with 9 packages from 2 projects

Solver wall times by segment:
  b-source-exists:  4.00794324s
      b-list-pkgs: 2.545452669s
           b-gmal: 276.070372ms
          satisfy:   5.179016ms
      select-atom:   4.337704ms
         new-atom:   1.359055ms
  b-list-versions:    467.799µs
        b-matches:    371.239µs
      select-root:    193.471µs
       b-pair-rev:    127.992µs
            other:     25.962µs
   b-pair-version:      7.866µs

  TOTAL: 6.841536385s

$ dep status
PROJECT                         CONSTRAINT  VERSION  REVISION  LATEST   PKGS USED
github.com/astaxie/beego        1.8.0       v1.8.0   323a1c4   323a1c4  8  
github.com/bitly/go-simplejson  ^0.5.0      v0.5.0   aabad6e   aabad6e  1

后记

看到了这里,那么对dep已经可以进行基本的使用了,不过目前而言,dep还不够稳定,谁也不知道后续会怎么样更改,尝鲜可以,个人还不建议使用在线上。 如果大家喜欢这篇博文请点赞或者留言,有不同见解的也请留言讨论。


有疑问加站长微信联系(非本文作者)

本文来自:开源中国博客

感谢作者:梦朝思夕

查看原文:Golang官方依赖管理工具:dep

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

53737 次点击  ∙  6 赞  
加入收藏 微博
被以下专栏收入,发现更多相似内容
7 回复  |  直到 2018-12-29 14:39:18
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传