Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should I commit Godeps/_workspace or is Godeps.json enough?

I'm writing a project in Go to be deployed on heroku, managing dependencies with godep.

When I godep save, I get both a Godeps.json file listing my dependencies with versions and an _workspace/ directory with the source for all dependencies copied in. I'd rather not commit _workspace, all that code's already on github elsewhere. It seems Godeps.json has all the information we need to go get the version locked dependencies at heroku buildpack time.

Several sources recommend committing the full Godeps/ directory, but others suggest it might not be necessary.

The godep docs aren't much help:

This will save a list of dependencies to the file Godeps/Godeps.json, and copy their source code into Godeps/_workspace. Read over its contents and make sure it looks reasonable. Then commit the file to version control.

Is Godeps.json the file?

like image 403
hurrymaplelad Avatar asked Oct 13 '14 06:10

hurrymaplelad


1 Answers

Official answer:

From GitHub issue #131:

The intended use of godep is to vendor dependencies and commit the _workspace directory to version control. See the proposal document by @kr linked in #123 (proposal: http://goo.gl/RpYs8e) As discussed in that proposal, godep used to have a mode (-copy=false) that supported not vendoring the dependencies. My guess is that the ambiguous language in the Readme may be due to that. This mode has been removed as documented in #123.

Here's also godep author talking about his project and ideas behind - Vendoring and Import Path Rewriting

Personal opinion:

I don't think there is a right way to do it.

Committing vendor libs does seem awkward, but it has it's advantages:

  • You're not relying on external services (GitHub, etc). GitHub has outages, maybe you have some horrible company policy which prevents you from using it, maybe repository disappears or it's history is rewritten, maybe you're behind firewall (staging/build server), etc.
  • Each time there are updates to your deps you get a nice diff of what has changed. Which helps when updating to newer version, or just keeping track of changes if you screen code that is being used.

At the end it's up to you to weigh the pros and cons. Personally I cringe every time I have to commit vendor code, but in my Go projects I do. At least for now.

Also companies like Google and Facebook mostly keep everything in one repository and that includes vendor code (or so I've heard).

Interesting article on the topic: Go Package Management

like image 124
Maiku Mori Avatar answered Nov 15 '22 21:11

Maiku Mori