Golang官方依赖管理工具:dep

发表于 | 更新于 | 分类于

dep 是一个原型依赖管理工具,需要在 Go 1.7 及更高的版本中使用 .

安装

go get -u github.com/golang/dep/cmd/dep

使用

老规矩,篇幅有限,我只介绍经常使用到的。 先进入在 GOPATH 的一个项目中。

cd $GOPATH/src/foordep

初始化(dep init )

$ cd foordep/
$ dep init
$ ll
total 12
-rw-rw-r-- 1 qiangmzsx qiangmzsx  286 Aug  7 11:45 Gopkg.lock
-rw-rw-r-- 1 qiangmzsx qiangmzsx  535 Aug  7 11:45 Gopkg.toml
drwxrwxr-x 2 qiangmzsx qiangmzsx 4096 Aug  7 11:45 vendor

大家发现了,应用 foordep 目录下出现了两个文件(Gopkg.lock 、 Gopkg.toml)和一个目录(vendor )。 它们是什么关系呢 ?

所以出现Gopkg.toml and Gopkg.lock are out of sync.时候最好执行一下dep ensure

下面看看它们的内容。

$ cat Gopkg.lock
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.


[solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "ab4fef131ee828e96ba67d31a7d690bd5f2f42040c6766b1b12fe856f87e0ff7"
  solver-name = "gps-cdcl"
  solver-version = 1
$ cat Gopkg.toml

# Gopkg.toml example
#
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
#   name = "github.com/user/project"
#   version = "1.0.0"
#
# [[constraint]]
#   name = "github.com/user/project2"
#   branch = "dev"
#   source = "github.com/myfork/project2"
#
# [[override]]
#  name = "github.com/x/y"
#  version = "2.4.0"

dep ensure

我们写一个 Gopkg.toml 看看效果。

# 必需包
required = ["github.com/astaxie/beego"]
# 忽略包
ignored = ["golang.org/x/crypto"]
# 项目元数据
[metadata]
homepage = "https://github.com/qiangmzsx"
license = "MIT"
owners_name_1 = "qiangmzsx"
owners_email_1 = "qiangmzsx@hotmail.com"
owners_homepage_1 = "https://github.com/qiangmzsx"

# 约束条件
[[constraint]]
  name = "github.com/astaxie/beego"
  # 可选:版本
  version = "=1.8.0"
  # 分支
  #branch = "master"
  # 修订
  #revision = "beego 1.8.0"
  # 可选:指定来源
  source = "github.com/astaxie/beego"

但是怎么样执行?可以执行如下命令寻找帮助:

$ dep help ensure
Usage: dep ensure [-update | -add] [-no-vendor | -vendor-only] [-dry-run] [<spec>...]

Project spec:

  <import path>[:alt source URL][@<constraint>]


Ensure gets a project into a complete, reproducible, and likely compilable state:

  * All non-stdlib imports are fulfilled
  * All rules in Gopkg.toml are respected
  * Gopkg.lock records precise versions for all dependencies
  * vendor/ is populated according to Gopkg.lock

Ensure has fast techniques to determine that some of these steps may be
unnecessary. If that determination is made, ensure may skip some steps. Flags
may be passed to bypass these checks; -vendor-only will allow an out-of-date
Gopkg.lock to populate vendor/, and -no-vendor will update Gopkg.lock (if
needed), but never touch vendor/.

The effect of passing project spec arguments varies slightly depending on the
combination of flags that are passed.


Examples:

  dep ensure                                 Populate vendor from existing Gopkg.toml and Gopkg.lock
  dep ensure -add github.com/pkg/foo         Introduce a named dependency at its newest version
  dep ensure -add github.com/pkg/foo@^1.0.1  Introduce a named dependency with a particular constraint

For more detailed usage examples, see dep ensure -examples.

Flags:

  -add          add new dependencies, or populate Gopkg.toml with constraints for existing dependencies (default: false)
  -dry-run      only report the changes that would be made (default: false)
  -examples     print detailed usage examples (default: false)
  -no-vendor    update Gopkg.lock (if needed), but do not update vendor/ (default: false)
  -update       update the named dependencies (or all, if none are named) in Gopkg.lock to the latest allowed by Gopkg.toml (default: false)
  -v            enable verbose logging (default: false)
  -vendor-only  populate vendor/ from Gopkg.lock without updating it first (default: false)

执行一下

$ dep ensure
all dirs lacked any go code

错误了,这是因为 foordep 目录下没有任何的 go 代码,只能加上一个看看。

$ vim main.go
package main

import (
    "github.com/astaxie/beego"
    "runtime"
)

func main() {
    maxCPU := runtime.NumCPU()
    runtime.GOMAXPROCS(maxCPU)
    beego.Run()
}

再来试试看。

$ dep ensure
$ ll vendor/
total 4
drwxrwxr-x 3 qiangmzsx qiangmzsx 4096 Aug  7 16:29 github.com

看看 Gopkg.lock 的内容。

# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.


[[projects]]
  name = "github.com/astaxie/beego"
  packages = [".","config","context","grace","logs","session","toolbox","utils"]
  revision = "323a1c4214101331a4b71922c23d19b7409ac71f"
  source = "github.com/astaxie/beego"
  version = "v1.8.0"


[solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "6fb93334da1b165aaab11f170d871a92b40033575e66e2cf4289e77e0d64551d"
  solver-name = "gps-cdcl"
  solver-version = 1

现在需要解析 json,我们试试使用命令行的方式导入 github.com/bitly/go-simplejson 包。

$ dep ensure -add github.com/bitly/go-simplejson
$ Gopkg.lock
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.


[[projects]]
  name = "github.com/astaxie/beego"
  packages = [".","config","context","grace","logs","session","toolbox","utils"]
  revision = "323a1c4214101331a4b71922c23d19b7409ac71f"
  source = "github.com/astaxie/beego"
  version = "v1.8.0"

[[projects]]
  name = "github.com/bitly/go-simplejson"
  packages = ["."]
  revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44"
  version = "v0.5.0"

[solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "6fb93334da1b165aaab11f170d871a92b40033575e66e2cf4289e77e0d64551d"
  solver-name = "gps-cdcl"
  solver-version = 1

可以发现多了 github.com/bitly/go-simplejson,但是 Gopkg.toml 并没有任何改变。 注意:执行 dep ensure -add 时候报错

$ dep ensure -add github.com/bitly/go-simplejson
Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -add

还可以指定依赖的版本:

$ dep ensure -add github.com/bitly/go-simplejson@=0.4.3

是因为 Gopkg.toml 和 Gopkg.lock 不同步了,需要重新执行一下 dep ensure 即可。 重新整理一下 Gopkg.toml。

# 必需包
required = ["github.com/astaxie/beego"]
# 忽略包
ignored = ["golang.org/x/crypto"]
# 项目元数据
[metadata]
homepage = "https://github.com/qiangmzsx"
license = "MIT"
owners_name_1 = "qiangmzsx"
owners_email_1 = "qiangmzsx@hotmail.com"
owners_homepage_1 = "https://github.com/qiangmzsx"

# 约束条件
[[constraint]]
  name = "github.com/astaxie/beego"
  # 可选:版本
  version = "=1.8.0"
  # 分支
  #branch = "master"
  # 修订
  #revision = "beego 1.8.0"
  # 可选:指定来源
  source = "github.com/astaxie/beego"


[[constraint]]
  name = "github.com/bitly/go-simplejson"
  branch = "master"
  source = "https://github.com/bitly/go-simplejson.git"

Gopkg.toml 的 version 规则: ~ 和 = 是 version 使用的操作符规则,如果仅仅是指定 version = “1.8.0”, 那么 dep 会自动加上 ^,表示最左边的非零位的版本加一。

^1.2.3 意味 1.2.3 <= X < 2.0.0
^0.2.3 意味 0.2.3 <= X < 0.3.0
^0.0.3 意味 0.0.3 <= X < 0.1.0

如果执行 dep ensure 时候出现

$ dep  ensure
error while parsing /home/users/qiangmzsx/golang/src/foordep/Gopkg.toml: multiple constraints specified for github.com/astaxie/beego, can only specify one

说明配置写错了,需要看看 Gopkg.toml 文件中是不是同时配置了 version、branch 和 revision。

空配置

我们现在尝试着把 foordep 目录情况就留下 main.go

package main

import (
    "github.com/astaxie/beego"
    "github.com/bitly/go-simplejson"
    "runtime"
)

func main() {
    maxCPU := runtime.NumCPU()
    runtime.GOMAXPROCS(maxCPU)
    strJson := `{"announcer": {"nickname": "非议讲史", "kind": "user", "created_at": 1494904539000, "updated_at": 1494983507000, "track_id": 38088960}}`
    mapJson,_:=simplejson.NewJson([]byte(strJson))
    println(mapJson)
    beego.Run()
}

执行 dep ensure 为了更好地看到过程,加上参数 -v。

$ dep init -v
Root project is "foordep"
 1 transitively valid internal packages
 2 external packages imported from 2 projects
(0)   ✓ select (root)
(1)    ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(1)        try github.com/bitly/go-simplejson@v0.5.0
(1)    ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
(2)    ? attempt github.com/astaxie/beego with 1 pkgs; 23 versions to try
(2)        try github.com/astaxie/beego@v1.8.3
(2)    ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
found solution with 10 packages from 2 projects

Solver wall times by segment:
     b-list-versions: 3.926086724s
         b-list-pkgs: 285.209471ms
              b-gmal: 266.828805ms
         select-atom:   3.417834ms
             satisfy:   3.126864ms
         select-root:    428.276µs
            new-atom:    234.106µs
               other:     45.014µs
     b-source-exists:      6.946µs
  b-deduce-proj-root:      3.472µs

  TOTAL: 4.485387512s

  Using ^0.5.0 as constraint for direct dep github.com/bitly/go-simplejson
  Locking in v0.5.0 (aabad6e) for direct dep github.com/bitly/go-simplejson
  Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
  Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego

此时再查看 Gopkg.toml 和 Gopkg.lock 文件:

$ vim Gopkg.toml
[[constraint]]
  name = "github.com/astaxie/beego"
  version = "1.8.3"

[[constraint]]
  name = "github.com/bitly/go-simplejson"
  version = "0.5.0"

$ vim Gopkg.lock
[[projects]]
  name = "github.com/astaxie/beego"
  packages = [".","config","context","context/param","grace","logs","session","toolbox","utils"]
  revision = "cab8458c1c4a5a3b4bf5192922be620e6dede15b"
  version = "v1.8.3"

[[projects]]
  name = "github.com/bitly/go-simplejson"
  packages = ["."]
  revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44"
  version = "v0.5.0"

[solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "dc040fb12390d61768be6388ad2935bdd7f9cc93d4b1fdda421a284058277c80"
  solver-name = "gps-cdcl"
  solver-version = 1

与 glide 一样,具有自举功能,不知道这个名词用得对不对。dep 会自动根据代码生成 Gopkg.toml 和 Gopkg.lock 配置文件。 PS :但是不建议使用,因为其拉取的依赖包都是最新的,可能出现不兼容,再者我国是一个被墙的地方。

dep cache

看到这里时候很多人都会有疑问?dep 的依赖包每一次都是拉取新的还是优先使用本地 cache 呢?可以肯定的是 dep 也是有本地缓存的,大家可以打开 $GOPATH/pkg/dep/ 看看,是不是存在呢!下面我们做两个测试看看。

$GOPATH/src 不存在依赖包

环境准备,将原来的 cache 和 vendor 清空,别遗漏了 $GOPATH/src 中的 github.com/bitly/go-simplejson。

$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 990 Aug  7 16:39 main.go
$ vim main.go
package main

import (
    "github.com/astaxie/beego"
    "github.com/bitly/go-simplejson"
    "runtime"
)

func main() {
    maxCPU := runtime.NumCPU()
    runtime.GOMAXPROCS(maxCPU)
    strJson := `{"announcer": {"nickname": "非议讲史", "kind": "user", "updated_at": 1494983507000, "track_id": 38088960}}`
    mapJson,_:=simplejson.NewJson([]byte(strJson))
    println(mapJson)
    beego.Run()
}

执行 dep init -gopath -v 查看初始化过程。

$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 382 Aug  8 12:47 main.go
$ dep  init -gopath -v
Searching GOPATH for projects...
Following dependencies were not found in GOPATH. Dep will use the most recent versions of these projects.
  github.com/bitly/go-simplejson
Root project is "foordep"
 1 transitively valid internal packages
 2 external packages imported from 2 projects
(0)   ✓ select (root)
(1)    ? attempt github.com/astaxie/beego with 1 pkgs; at least 1 versions to try
(1)        try github.com/astaxie/beego@76ce912a30f9255d8d353d365ab99cb069fd29e0
(1)    ✗   Unable to update checked out version: fatal: reference is not a tree: 76ce912a30f9255d8d353d365ab99cb069fd29e0
(1)        try github.com/astaxie/beego@v1.8.3
(1)    ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
(2)    ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(2)        try github.com/bitly/go-simplejson@v0.5.0
(2)    ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
found solution with 10 packages from 2 projects

Solver wall times by segment:
         b-list-pkgs: 320.955115ms
              b-gmal: 274.950203ms
             satisfy:   8.179966ms
         select-atom:    2.62224ms
            new-atom:    392.168µs
     b-list-versions:    254.937µs
         select-root:    209.152µs
  b-deduce-proj-root:      40.45µs
               other:      37.01µs
     b-source-exists:       5.83µs

  TOTAL: 607.647071ms

  Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
  Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego
  Using ^0.5.0 as constraint for direct dep github.com/bitly/go-simplejson
  Locking in v0.5.0 (aabad6e) for direct dep github.com/bitly/go-simplejson

日志显示,dep 首先从 $GOPATH 查找 github.com/bitly/go-simplejson,因为没有找到才从网络下载。

$GOPATH 存在依赖包

环境准备,将原来的 cache 和 vendor 清空,注意 $GOPATH/src 中的 github.com/bitly/go-simplejson 存在。

$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 382 Aug  8 12:47 main.go
$ dep  init -gopath -v
Searching GOPATH for projects...
  Using master as constraint for direct dep github.com/bitly/go-simplejson
  Locking in master (da1a892) for direct dep github.com/bitly/go-simplejson
Root project is "foordep"
 1 transitively valid internal packages
 2 external packages imported from 2 projects
(0)   ✓ select (root)
(1)    ? attempt github.com/astaxie/beego with 1 pkgs; at least 1 versions to try
(1)        try github.com/astaxie/beego@76ce912a30f9255d8d353d365ab99cb069fd29e0
(1)    ✗   Unable to update checked out version: fatal: reference is not a tree: 76ce912a30f9255d8d353d365ab99cb069fd29e0
(1)        try github.com/astaxie/beego@v1.8.3
(1)    ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
(2)    ? attempt github.com/bitly/go-simplejson with 1 pkgs; at least 1 versions to try
(2)        try github.com/bitly/go-simplejson@master
(2)    ✓ select github.com/bitly/go-simplejson@master w/1 pkgs
found solution with 10 packages from 2 projects

Solver wall times by segment:
         b-list-pkgs: 312.646734ms
              b-gmal: 265.066047ms
             satisfy:   6.488056ms
         select-atom:   3.287416ms
            new-atom:    397.837µs
         select-root:    373.267µs
     b-list-versions:    108.466µs
               other:      47.43µs
     b-source-exists:       7.71µs
  b-deduce-proj-root:      6.568µs

  TOTAL: 588.429531ms

  Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
  Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego

可以看到 github.com/bitly/go-simplejson 是优先从 $GOPATH 获取的。 好处我个人认为有两个:

节省时间;本地类库的稳定性和兼容性已经经过用户验证了。在 dep v0.1 时候还不需要手动加上 -gopath 选项,dep 工具会自动判断,但是 dep v0.3 后如果没有加上 -gopath 那么默认就是从网络下载。

更新配置 (dep ensure -update) 现在修改 foordep 项目的 Gopkg.toml 内容为:

$ vim  Gopkg.toml
[[constraint]]
  name = "github.com/astaxie/beego"
  # 约束为1.8.0
  version = "=1.8.0"

[[constraint]]
  name = "github.com/bitly/go-simplejson"
  version = "0.5.0"
$ dep  ensure -update
Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -update
$ dep  ensure
$ dep  ensure -update -v
Root project is "foordep"
 1 transitively valid internal packages
 2 external packages imported from 2 projects
(0)   ✓ select (root)
(1)    ? attempt github.com/astaxie/beego with 1 pkgs; 23 versions to try
(1)        try github.com/astaxie/beego@v1.8.3
(2)    ✗   github.com/astaxie/beego@v1.8.3 not allowed by constraint 1.8.0:
(2)        1.8.0 from (root)
(1)        try github.com/astaxie/beego@v1.8.2
(2)    ✗   github.com/astaxie/beego@v1.8.2 not allowed by constraint 1.8.0:
(2)        1.8.0 from (root)
(1)        try github.com/astaxie/beego@v1.8.1
(2)    ✗   github.com/astaxie/beego@v1.8.1 not allowed by constraint 1.8.0:
(2)        1.8.0 from (root)
(1)        try github.com/astaxie/beego@v1.8.0
(1)    ✓ select github.com/astaxie/beego@v1.8.0 w/8 pkgs
(2)    ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(2)        try github.com/bitly/go-simplejson@v0.5.0
(2)    ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
  ✓ found solution with 9 packages from 2 projects

Solver wall times by segment:
  b-source-exists:  4.00794324s
      b-list-pkgs: 2.545452669s
           b-gmal: 276.070372ms
          satisfy:   5.179016ms
      select-atom:   4.337704ms
         new-atom:   1.359055ms
  b-list-versions:    467.799µs
        b-matches:    371.239µs
      select-root:    193.471µs
       b-pair-rev:    127.992µs
            other:     25.962µs
   b-pair-version:      7.866µs

  TOTAL: 6.841536385s

$ dep status
PROJECT                         CONSTRAINT  VERSION  REVISION  LATEST   PKGS USED
github.com/astaxie/beego        1.8.0       v1.8.0   323a1c4   323a1c4  8
github.com/bitly/go-simplejson  ^0.5.0      v0.5.0   aabad6e   aabad6e  1

原文 :https://studygolang.com/articles/10589

0%