dep is the vendoring tool chosen for this
project because it is simple and powerful for some corner cases. Furthermore,
this tool is expected to be the official vendoring tool for Golang.
Ensure you use the latest version of the dep tool. See
How to install and update dep for details.
Install or update this tool using the following command:
$ go get -u github.com/golang/dep/cmd/depMake sure your PATH contains $GOPATH/bin:
$ export PATH=$GOPATH/bin:$PATHdep init: Initialize a new project with manifest and lock files.dep ensure: Ensure a dependency is safely vendored in the project.
Here will be listed the different vendoring use cases a developer could encounter when developing for Kata Containers.
If no prior vendoring has been performed on the package, you need to initialize it with the following command:
$ dep initThis should create a new directory named vendor at the root of your
package, and two new files to manage the vendoring (i.e. Gopkg.toml
and Gopkg.lock).
Gopkg.lock is automatically re-generated by dep every time a new
dep ensure command is issued. This file should not be modified by the
developer.
Gopkg.toml is automatically generated by dep init and can be modified
in order to add a constraint on a package to follow a specific revision.
The following is what Gopkg.toml should look like:
# Gopkg.toml example
#
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
# name = "github.com/user/project"
# version = "1.0.0"
#
# [[constraint]]
# name = "github.com/user/project2"
# branch = "dev"
# source = "github.com/myfork/project2"
#
# [[override]]
# name = "github.com/x/y"
# version = "2.4.0"
#
# [prune]
# non-go = false
# go-tests = true
# unused-packages = trueThis file contains all the information you need to modify it properly.
At this point you can vendor any package needed from your code.
dep provides the feature to remove all non-go files from your vendor tree
during its prune phase. By default this is not enabled, but generally for
Kata Containers repositories, we do enable this feature. If possible, modify your
[prune] section to enable this feature:
[prune]
non-go = true
go-tests = true
unused-packages = trueThe following case describes a situation when you add new code that relies
on a package that has never been imported (e.g. github.com/foo/bar):
$ dep ensureAt this point, only the required files will be copied into vendor.
Additionally, you might want to ensure the vendored package refers to a
specific version. This is called a constraint with dep. By modifying
Gopkg.toml, you can decide to force the package github.com/foo/bar to
point to the revision f5742cb6. The following is what the file should look
like:
[[constraint]]
name = "github.com/foo/bar"
revision = "f5742cb6"Or, if you want to point to a specific version 1.2.4:
[[constraint]]
name = "github.com/foo/bar"
version = "1.2.4"Or, if you want to point to a specific branch work-dev:
[[constraint]]
name = "github.com/foo/bar"
branch = "work-dev"Lastly, a powerful constraint is to specify if the source of the repository comes from a forked repository:
[[constraint]]
name = "github.com/foo/bar"
branch = "fork-work-dev"
source = "github.com/myfork/bar"Note: Constraining a package is important because this is the only way to be certain of the imported package version. This prevents any build failure that could result from a package change on the upstream.
The following case describes a situation where you add some code that relies
on another version of a package already vendored. This is a simple case since
the package is already part of the vendoring. You modify Gopkg.toml by
updating the vendoring version:
--- Gopkg.toml.orig 2018-01-23 09:04:54.160760426 -0800
+++ Gopkg.toml.new 2018-01-23 09:05:09.164094911 -0800
@@ -1,3 +1,3 @@
[[constraint]]
name = "github.com/foo/bar"
- revision = "f5742cb6"
+ revision = "a4be45c7"Let dep update the vendoring by relying on this new revision:
$ dep ensureThe following case describes a situation where you modify the existing
code, no longer relying on a vendored package. Running the usual commands
removes the vendored package from vendor directory and from
Gopkg.lock:
$ dep ensureIf a constraint is set in Gopkg.toml, it is your responsibility to remove
the constraint manually from the file.
The following case describes a situation where you need to perform testing
on your code due to a pending pull request from a vendored package.
The easiest and safest way to do that is to rely on a feature proposed
by dep called override. This feature allows you to leave the constraints
unmodified, but relies on a different version of the vendored package for
testing purposes.
The pending pull request can be submitted to the main repository through a
development branch work-dev. In this case, you will need to modify
Gopkg.toml as follows:
--- Gopkg.toml.orig 2018-01-23 09:04:54.160760426 -0800
+++ Gopkg.toml.new 2018-01-23 09:06:49.735633780 -0800
@@ -1,3 +1,7 @@
[[constraint]]
name = "github.com/foo/bar"
revision = "f5742cb6"
+
+[[override]]
+ name = "github.com/foo/bar"
+ branch = "work-dev"The pending pull request can be submitted to a forked repository through a
development branch called work-dev. In this case you will need to modify
Gopkg.toml as follows:
--- Gopkg.toml.orig 2018-01-23 09:04:54.160760426 -0800
+++ Gopkg.toml.new 2018-01-23 09:09:58.475261707 -0800
@@ -1,3 +1,8 @@
[[constraint]]
name = "github.com/foo/bar"
revision = "f5742cb6"
+
+[[override]]
+ name = "github.com/foo/bar"
+ branch = "work-dev"
+ source = "github.com/myfork/bar"The previous case is more common because typically you do not have permissions to push directly to the main repository.
For additional information about vendoring, see "Re-vendor PRs".