dep的FAQ中有一段描述dep和go get的 网址,也是侧面说了依赖管理工具和go get关系, 一句话概括:依赖管理工具是为应用管理代码的,go get是为GOPATH管理代码的。
下面进入教程。
介绍
dep是一个原型依赖管理工具,需要在Go 1.7及更高的版本中使用,说明第三方工具近期还是有市场的。
安装
安装dep
等到dep正式集成到Golang中时候,也许是Golang 2.0 ,广大吃瓜群众就可以直接使用go dep命令。现在还是需要自己安装的。
$ go get -u github.com/golang/dep/cmd/dep
验证安装
$ dep dep is a tool for managing dependencies for Go projects Usage: dep <command> Commands: init Initialize a new project with manifest and lock files status Report the status of the project's dependencies ensure Ensure a dependency is safely vendored in the project prune Prune the vendor tree of unused packages Examples: dep init set up a new project dep ensure install the project's dependencies dep ensure -update update the locked versions of all dependencies dep ensure -add github.com/pkg/errors add a dependency to the project Use "dep help [command]" for more information about a command.
有一个很重要的选项ensure中文含义是确保;保证;担保,作者想传达的意思是确保所有本地状态-代码树、清单、锁和供应商彼此同步。
看到这个说明已经安装好了。
使用
老规矩,篇幅有限,我只介绍经常使用到的。 先进入在GOPATH的一个项目中。
cd $GOPATH/src/foordep
初始化(dep init)
$ cd foordep/ $ dep init $ ll total 12 -rw-rw-r-- 1 qiangmzsx qiangmzsx 286 Aug 7 11:45 Gopkg.lock -rw-rw-r-- 1 qiangmzsx qiangmzsx 535 Aug 7 11:45 Gopkg.toml drwxrwxr-x 2 qiangmzsx qiangmzsx 4096 Aug 7 11:45 vendor
大家发现了,应用foordep目录下出现了两个文件(Gopkg.lock、Gopkg.toml)和一个目录(vendor)。 它们是什么关系呢?
所以出现Gopkg.toml and Gopkg.lock are out of sync.时候最好执行一下dep ensure。
下面看看它们的内容。
$ cat Gopkg.lock # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. [solve-meta] analyzer-name = "dep" analyzer-version = 1 inputs-digest = "ab4fef131ee828e96ba67d31a7d690bd5f2f42040c6766b1b12fe856f87e0ff7" solver-name = "gps-cdcl" solver-version = 1 $ cat Gopkg.toml # Gopkg.toml example # # Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md # for detailed Gopkg.toml documentation. # # required = ["github.com/user/thing/cmd/thing"] # ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] # # [[constraint]] # name = "github.com/user/project" # version = "1.0.0" # # [[constraint]] # name = "github.com/user/project2" # branch = "dev" # source = "github.com/myfork/project2" # # [[override]] # name = "github.com/x/y" # version = "2.4.0"
dep ensure
我们写一个Gopkg.toml看看效果。
# 必需包 required = ["github.com/astaxie/beego"] # 忽略包 ignored = ["golang.org/x/crypto"] # 项目元数据 [metadata] homepage = "https://github.com/qiangmzsx" license = "MIT" owners_name_1 = "qiangmzsx" owners_email_1 = "qiangmzsx@hotmail.com" owners_homepage_1 = "https://github.com/qiangmzsx" # 约束条件 [[constraint]] name = "github.com/astaxie/beego" # 可选:版本 version = "=1.8.0" # 分支 #branch = "master" # 修订 #revision = "beego 1.8.0" # 可选:指定来源 source = "github.com/astaxie/beego"
但是怎么样执行?可以执行如下命令寻找帮助:
$ dep help ensure Usage: dep ensure [-update | -add] [-no-vendor | -vendor-only] [-dry-run] [<spec>...] Project spec: <import path>[:alt source URL][@<constraint>] Ensure gets a project into a complete, reproducible, and likely compilable state: * All non-stdlib imports are fulfilled * All rules in Gopkg.toml are respected * Gopkg.lock records precise versions for all dependencies * vendor/ is populated according to Gopkg.lock Ensure has fast techniques to determine that some of these steps may be unnecessary. If that determination is made, ensure may skip some steps. Flags may be passed to bypass these checks; -vendor-only will allow an out-of-date Gopkg.lock to populate vendor/, and -no-vendor will update Gopkg.lock (if needed), but never touch vendor/. The effect of passing project spec arguments varies slightly depending on the combination of flags that are passed. Examples: dep ensure Populate vendor from existing Gopkg.toml and Gopkg.lock dep ensure -add github.com/pkg/foo Introduce a named dependency at its newest version dep ensure -add github.com/pkg/foo@^1.0.1 Introduce a named dependency with a particular constraint For more detailed usage examples, see dep ensure -examples. Flags: -add add new dependencies, or populate Gopkg.toml with constraints for existing dependencies (default: false) -dry-run only report the changes that would be made (default: false) -examples print detailed usage examples (default: false) -no-vendor update Gopkg.lock (if needed), but do not update vendor/ (default: false) -update update the named dependencies (or all, if none are named) in Gopkg.lock to the latest allowed by Gopkg.toml (default: false) -v enable verbose logging (default: false) -vendor-only populate vendor/ from Gopkg.lock without updating it first (default: false)
执行一下
$ dep ensure all dirs lacked any go code
错误了,这是因为foordep目录下没有任何的go代码,只能加上一个看看
$ vim main.go
package main
import (
"github.com/astaxie/beego"
"runtime"
)
func main() {
maxCPU := runtime.NumCPU()
runtime.GOMAXPROCS(maxCPU)
beego.Run()
}
再来试试看。
$ dep ensure $ ll vendor/ total 4 drwxrwxr-x 3 qiangmzsx qiangmzsx 4096 Aug 7 16:29 github.com
看看Gopkg.lock的内容。
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. [[projects]] name = "github.com/astaxie/beego" packages = [".","config","context","grace","logs","session","toolbox","utils"] revision = "323a1c4214101331a4b71922c23d19b7409ac71f" source = "github.com/astaxie/beego" version = "v1.8.0" [solve-meta] analyzer-name = "dep" analyzer-version = 1 inputs-digest = "6fb93334da1b165aaab11f170d871a92b40033575e66e2cf4289e77e0d64551d" solver-name = "gps-cdcl" solver-version = 1
现在需要解析json,我们试试使用命令行的方式导入github.com/bitly/go-simplejson包。
$ dep ensure -add github.com/bitly/go-simplejson $ Gopkg.lock # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. [[projects]] name = "github.com/astaxie/beego" packages = [".","config","context","grace","logs","session","toolbox","utils"] revision = "323a1c4214101331a4b71922c23d19b7409ac71f" source = "github.com/astaxie/beego" version = "v1.8.0" [[projects]] name = "github.com/bitly/go-simplejson" packages = ["."] revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44" version = "v0.5.0" [solve-meta] analyzer-name = "dep" analyzer-version = 1 inputs-digest = "6fb93334da1b165aaab11f170d871a92b40033575e66e2cf4289e77e0d64551d" solver-name = "gps-cdcl" solver-version = 1
可以发现多了github.com/bitly/go-simplejson,但是Gopkg.toml并没有任何改变。 注意:执行dep ensure -add时候报错
$ dep ensure -add github.com/bitly/go-simplejson Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -add
还可以指定依赖的版本:
$ dep ensure -add github.com/bitly/go-simplejson@=0.4.3
是因为Gopkg.toml和Gopkg.lock不同步了,需要重新执行一下dep ensure即可。 重新整理一下Gopkg.toml。
# 必需包 required = ["github.com/astaxie/beego"] # 忽略包 ignored = ["golang.org/x/crypto"] # 项目元数据 [metadata] homepage = "https://github.com/qiangmzsx" license = "MIT" owners_name_1 = "qiangmzsx" owners_email_1 = "qiangmzsx@hotmail.com" owners_homepage_1 = "https://github.com/qiangmzsx" # 约束条件 [[constraint]] name = "github.com/astaxie/beego" # 可选:版本 version = "=1.8.0" # 分支 #branch = "master" # 修订 #revision = "beego 1.8.0" # 可选:指定来源 source = "github.com/astaxie/beego" [[constraint]] name = "github.com/bitly/go-simplejson" branch = "master" source = "https://github.com/bitly/go-simplejson.git"
Gopkg.toml的version规则: ~和=是version使用的操作符规则,如果仅仅是指定version = "1.8.0",那么dep会自动加上^,表示最左边的非零位的版本加一。
^1.2.3 意味 1.2.3 <= X < 2.0.0 ^0.2.3 意味 0.2.3 <= X < 0.3.0 ^0.0.3 意味 0.0.3 <= X < 0.1.0
如果执行dep ensure时候出现
$ dep ensure error while parsing /home/users/qiangmzsx/golang/src/foordep/Gopkg.toml: multiple constraints specified for github.com/astaxie/beego, can only specify one
说明配置写错了,需要看看Gopkg.toml文件中是不是同时配置了version、branch和revision。
空配置
我们现在尝试着把foordep目录情况就留下main.go
package main
import (
"github.com/astaxie/beego"
"github.com/bitly/go-simplejson"
"runtime"
)
func main() {
maxCPU := runtime.NumCPU()
runtime.GOMAXPROCS(maxCPU)
strJson := `{"announcer": {"nickname": "非议讲史", "kind": "user", "created_at": 1494904539000, "updated_at": 1494983507000, "track_id": 38088960}}`
mapJson,_:=simplejson.NewJson([]byte(strJson))
println(mapJson)
beego.Run()
}
执行dep ensure 为了更好地看到过程,加上参数-v。
$ dep init -v
Root project is "foordep"
1 transitively valid internal packages
2 external packages imported from 2 projects
(0) ✓ select (root)
(1) ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(1) try github.com/bitly/go-simplejson@v0.5.0
(1) ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
(2) ? attempt github.com/astaxie/beego with 1 pkgs; 23 versions to try
(2) try github.com/astaxie/beego@v1.8.3
(2) ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
✓ found solution with 10 packages from 2 projects
Solver wall times by segment:
b-list-versions: 3.926086724s
b-list-pkgs: 285.209471ms
b-gmal: 266.828805ms
select-atom: 3.417834ms
satisfy: 3.126864ms
select-root: 428.276µs
new-atom: 234.106µs
other: 45.014µs
b-source-exists: 6.946µs
b-deduce-proj-root: 3.472µs
TOTAL: 4.485387512s
Using ^0.5.0 as constraint for direct dep github.com/bitly/go-simplejson
Locking in v0.5.0 (aabad6e) for direct dep github.com/bitly/go-simplejson
Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego
此时再查看Gopkg.toml和Gopkg.lock文件:
$ vim Gopkg.toml [[constraint]] name = "github.com/astaxie/beego" version = "1.8.3" [[constraint]] name = "github.com/bitly/go-simplejson" version = "0.5.0" $ vim Gopkg.lock [[projects]] name = "github.com/astaxie/beego" packages = [".","config","context","context/param","grace","logs","session","toolbox","utils"] revision = "cab8458c1c4a5a3b4bf5192922be620e6dede15b" version = "v1.8.3" [[projects]] name = "github.com/bitly/go-simplejson" packages = ["."] revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44" version = "v0.5.0" [solve-meta] analyzer-name = "dep" analyzer-version = 1 inputs-digest = "dc040fb12390d61768be6388ad2935bdd7f9cc93d4b1fdda421a284058277c80" solver-name = "gps-cdcl" solver-version = 1
与glide一样,具有自举功能,不知道这个名词用得对不对。dep会自动根据代码生成Gopkg.toml和Gopkg.lock配置文件。
PS:但是不建议使用,因为其拉取的依赖包都是最新的,可能出现不兼容,再者我国是一个被墙的地方。
dep cache
看到这里时候很多人都会有疑问?dep的依赖包每一次都是拉取新的还是优先使用本地cache呢?可以肯定的是 dep也是有本地缓存的,大家可以打开$GOPATH/pkg/dep/看看,是不是存在呢!
下面我们做两个测试看看。
$GOPATH/src不存在依赖包
环境准备,将原来的cache和vendor清空,别遗漏了$GOPATH/src中的github.com/bitly/go-simplejson。
$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 990 Aug 7 16:39 main.go
$ vim main.go
package main
import (
"github.com/astaxie/beego"
"github.com/bitly/go-simplejson"
"runtime"
)
func main() {
maxCPU := runtime.NumCPU()
runtime.GOMAXPROCS(maxCPU)
strJson := `{"announcer": {"nickname": "非议讲史", "kind": "user", "updated_at": 1494983507000, "track_id": 38088960}}`
mapJson,_:=simplejson.NewJson([]byte(strJson))
println(mapJson)
beego.Run()
}
执行dep init -gopath -v查看初始化过程。
$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 382 Aug 8 12:47 main.go
$ dep init -gopath -v
Searching GOPATH for projects...
Following dependencies were not found in GOPATH. Dep will use the most recent versions of these projects.
github.com/bitly/go-simplejson
Root project is "foordep"
1 transitively valid internal packages
2 external packages imported from 2 projects
(0) ✓ select (root)
(1) ? attempt github.com/astaxie/beego with 1 pkgs; at least 1 versions to try
(1) try github.com/astaxie/beego@76ce912a30f9255d8d353d365ab99cb069fd29e0
(1) ✗ Unable to update checked out version: fatal: reference is not a tree: 76ce912a30f9255d8d353d365ab99cb069fd29e0
(1) try github.com/astaxie/beego@v1.8.3
(1) ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
(2) ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(2) try github.com/bitly/go-simplejson@v0.5.0
(2) ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
✓ found solution with 10 packages from 2 projects
Solver wall times by segment:
b-list-pkgs: 320.955115ms
b-gmal: 274.950203ms
satisfy: 8.179966ms
select-atom: 2.62224ms
new-atom: 392.168µs
b-list-versions: 254.937µs
select-root: 209.152µs
b-deduce-proj-root: 40.45µs
other: 37.01µs
b-source-exists: 5.83µs
TOTAL: 607.647071ms
Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego
Using ^0.5.0 as constraint for direct dep github.com/bitly/go-simplejson
Locking in v0.5.0 (aabad6e) for direct dep github.com/bitly/go-simplejson
日志显示,dep首先从$GOPATH查找github.com/bitly/go-simplejson,因为没有找到才从网络下载。
$GOPATH存在依赖包
环境准备,将原来的cache和vendor清空,注意$GOPATH/src中的github.com/bitly/go-simplejson存在。
$ ll
total 4
-rwxr--r-- 1 qiangmzsx qiangmzsx 382 Aug 8 12:47 main.go
$ dep init -gopath -v
Searching GOPATH for projects...
Using master as constraint for direct dep github.com/bitly/go-simplejson
Locking in master (da1a892) for direct dep github.com/bitly/go-simplejson
Root project is "foordep"
1 transitively valid internal packages
2 external packages imported from 2 projects
(0) ✓ select (root)
(1) ? attempt github.com/astaxie/beego with 1 pkgs; at least 1 versions to try
(1) try github.com/astaxie/beego@76ce912a30f9255d8d353d365ab99cb069fd29e0
(1) ✗ Unable to update checked out version: fatal: reference is not a tree: 76ce912a30f9255d8d353d365ab99cb069fd29e0
(1) try github.com/astaxie/beego@v1.8.3
(1) ✓ select github.com/astaxie/beego@v1.8.3 w/9 pkgs
(2) ? attempt github.com/bitly/go-simplejson with 1 pkgs; at least 1 versions to try
(2) try github.com/bitly/go-simplejson@master
(2) ✓ select github.com/bitly/go-simplejson@master w/1 pkgs
✓ found solution with 10 packages from 2 projects
Solver wall times by segment:
b-list-pkgs: 312.646734ms
b-gmal: 265.066047ms
satisfy: 6.488056ms
select-atom: 3.287416ms
new-atom: 397.837µs
select-root: 373.267µs
b-list-versions: 108.466µs
other: 47.43µs
b-source-exists: 7.71µs
b-deduce-proj-root: 6.568µs
TOTAL: 588.429531ms
Using ^1.8.3 as constraint for direct dep github.com/astaxie/beego
Locking in v1.8.3 (cab8458) for direct dep github.com/astaxie/beego
可以看到github.com/bitly/go-simplejson是优先从$GOPATH获取的。 好处我个人认为有两个:
- 节省时间;
- 本地类库的稳定性和兼容性已经经过用户验证了。
在dep v0.1时候还不需要手动加上-gopath选项,dep工具会自动判断,但是dep v0.3后如果没有加上-gopath那么默认就是从网络下载。
更新配置 (dep ensure -update)
现在修改foordep项目的Gopkg.toml内容为:
$ vim Gopkg.toml
[[constraint]]
name = "github.com/astaxie/beego"
# 约束为1.8.0
version = "=1.8.0"
[[constraint]]
name = "github.com/bitly/go-simplejson"
version = "0.5.0"
$ dep ensure -update
Gopkg.toml and Gopkg.lock are out of sync. Run a plain dep ensure to resync them before attempting to -update
$ dep ensure
$ dep ensure -update -v
Root project is "foordep"
1 transitively valid internal packages
2 external packages imported from 2 projects
(0) ✓ select (root)
(1) ? attempt github.com/astaxie/beego with 1 pkgs; 23 versions to try
(1) try github.com/astaxie/beego@v1.8.3
(2) ✗ github.com/astaxie/beego@v1.8.3 not allowed by constraint 1.8.0:
(2) 1.8.0 from (root)
(1) try github.com/astaxie/beego@v1.8.2
(2) ✗ github.com/astaxie/beego@v1.8.2 not allowed by constraint 1.8.0:
(2) 1.8.0 from (root)
(1) try github.com/astaxie/beego@v1.8.1
(2) ✗ github.com/astaxie/beego@v1.8.1 not allowed by constraint 1.8.0:
(2) 1.8.0 from (root)
(1) try github.com/astaxie/beego@v1.8.0
(1) ✓ select github.com/astaxie/beego@v1.8.0 w/8 pkgs
(2) ? attempt github.com/bitly/go-simplejson with 1 pkgs; 5 versions to try
(2) try github.com/bitly/go-simplejson@v0.5.0
(2) ✓ select github.com/bitly/go-simplejson@v0.5.0 w/1 pkgs
✓ found solution with 9 packages from 2 projects
Solver wall times by segment:
b-source-exists: 4.00794324s
b-list-pkgs: 2.545452669s
b-gmal: 276.070372ms
satisfy: 5.179016ms
select-atom: 4.337704ms
new-atom: 1.359055ms
b-list-versions: 467.799µs
b-matches: 371.239µs
select-root: 193.471µs
b-pair-rev: 127.992µs
other: 25.962µs
b-pair-version: 7.866µs
TOTAL: 6.841536385s
$ dep status
PROJECT CONSTRAINT VERSION REVISION LATEST PKGS USED
github.com/astaxie/beego 1.8.0 v1.8.0 323a1c4 323a1c4 8
github.com/bitly/go-simplejson ^0.5.0 v0.5.0 aabad6e aabad6e 1
后记
看到了这里,那么对dep已经可以进行基本的使用了,不过目前而言,dep还不够稳定,谁也不知道后续会怎么样更改,尝鲜可以,个人还不建议使用在线上。
延伸阅读
Golang Vendor 包管理工具 glide 使用教程