Menu
I am using dep to handle my Go dependencies. Is it best practice to also commit the vendor directory into version control? Or is best practice to always execute dep ensure after checking out a repository?
490
The general recommendation is no. The vendor directory (or wherever your dependencies are installed) should be added to . gitignore / svn:ignore /etc. The best practice is to then have all the developers use Composer to install the dependencies.
The vendor folder is where you usually (I'm using the word 'usually' because it's not exactly a rule but more of a preference in the coding community with the purpose of having a semantic directory structure) keep third-party resources(icons, images, codes, you name it) as opposed to a lib (library) folder where you or ...
js land, Golang's vendor directory is basically the same as Node's node_modules . It is a directory found at the root of a Go module that stores a copy of all the code the module depends on. The vendored code is used to compile the final executable when the go build command is run.
The dep tool's FAQ answers this:
Should I commit my vendor directory?
It's up to you:
Pros
- It's the only way to get truly reproducible builds, as it guards against upstream renames, deletes and commit history overwrites.
- You don't need an extra
dep ensurestep to syncvendor/withGopkg.lockafter most operations, such as go get, cloning, getting latest, merging, etc.Cons
- Your repo will be bigger, potentially a lot bigger, though prune can help minimize this problem.
- PR diffs will include changes for files under
vendor/whenGopkg.lockis modified, however files invendor/are hidden by default on GitHub.
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
