Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Do I need to add gopkg.lock to Git?

Tags:

go

Given that:

The manifest describes user intent, and the lock describes computed outputs. There's flexibility in manifests that isn't present in locks..., as the "branch": "master" constraint will match whatever revision master HAPPENS to be at right now, whereas the lock is nailed down to a specific revision.

This flexibility is important because it allows us to provide easy commands (e.g. dep ensure -update) that can manage an update process for you, within the constraints you specify, AND because it allows your project, when imported by someone else, to collaboratively specify the constraints for your own dependencies.

Reference: https://github.com/golang/dep/blob/master/docs/FAQ.md

like image 208
Shihao Xu Avatar asked Aug 08 '18 04:08

Shihao Xu

People also ask

What is Gopkg lock?

The Gopkg. lock file is generated by dep ensure and dep init . It is the output of the solving function: a transitively complete snapshot of a project's dependency graph, expressed as a series of [[project]] stanzas. That means: Every package a project needs to compile.

How do you use DEP ensure?

If we wanted to express the dep ensure guarantee as a sentence, it would go something like this: "Hey dep, please make sure that my project is in sync: that Gopkg. lock satisfies all the imports in my project, and all the rules in Gopkg. toml , and that vendor/ contains exactly what Gopkg.

What is Gopkg TOML?

The Gopkg. toml file is initially generated by dep init , and is primarily hand-edited. It contains several types of rule declarations that govern dep's behavior: Dependency rules: constraints and overrides allow the user to specify which versions of dependencies are acceptable, and where they should be retrieved from.

What is DEP init?

dep init will make educated guesses about what versions to use for your dependencies, generate sane Gopkg.

1 Answers

Yes, in order to ensure a reproducible build.

There's flexibility in manifests that isn't present in locks..., as the "branch": "master" constraint will match whatever revision master HAPPENS to be at right now, whereas the lock is nailed down to a specific revision.

Anyone cloning your Go project repository with a lock file will get the exact SHA1 of the dependencies.
You can still update that lock file anytime you want, and version its updated content.

like image 80
VonC Avatar answered Sep 24 '22 05:09

VonC
Sign in to Comment

Related questions

How to set a struct member that is a pointer to a string using reflection in Go
How to add a plugin to Telegraf?
Images in godoc?
in golang, is there any performance difference between maps initialized using make vs {}
Generate Private Key from Pem String Golang
Not able to save uploaded file on server using GOLANG and POLYMER http: no such file
Echo command in Golang
Go project structure to produce library and cli with the same name in single repository
How to get Type representation from name via reflection?
performance of golang select statement in a for loop
Docker alpine golang go get error for coding.net private repo
How to get a bufio.Writer that implements io.WriteCloser
http2: server sent GOAWAY and closed the connection; LastStreamID=1999
Download files by chunks in multiple threads in Go
How to get a File description(Product name, Original filname, etc.) using golang in windows?
Telegram Bot API Webhooks with Go, GoLang on Heroku
Fastest way to find number of lines in go?
Golang `select` seems not fair [duplicate]
Find the available RAM using GO API
are temporary files temporal? if so how long?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!