Command to lock the Gomfile
Closed this issue · 15 comments
It'd be great if there was a command to lock the Gomfile with gom lock
so that it stores all the git commit ids in a lockfile or in the Gomfile.
When you perform a gom lock
a new file called Gomfile.lock
is created. If this file exists, the regular Gomfile
is ignored, am I right?
yes, right.
Why not just update the original Gomfile
then?
As it is now, you end up with two files with same purpose, that is, defining package dependencies.
Gomfile is not depend on OS. But Gomfile.lock is depend on your OS. similar to Gemfile.lock
I'm not familiar with Gemfiles at all, but I can't see anything regarding my OS in this Gomfile.lock
:
gom 'github.com/Sirupsen/logrus', :commit => '3c5b048a9d4a00d644cf9992762c26d4ca8493ac'
gom 'github.com/auth0/go-jwt-middleware', :commit => '4fb819167f530a087591cbb0b9c287b0d53a7627'
gom 'github.com/codegangsta/negroni', :commit => '1dd3ab0ff59e13f5b73dcbf70703710aebe50d2f'
gom 'github.com/dgrijalva/jwt-go', :commit => 'a3e2f13bb7a4cfef6824fab97be5a7df9b86eff2'
gom 'github.com/gorilla/context', :commit => '215affda49addc4c8ef7e2534915df2c8c35c6cd'
gom 'github.com/gorilla/mux', :commit => 'e444e69cbd2e2e3e0749a2f3c717cec491552bbf'
gom 'github.com/gotk/ctx', :commit => '1feaa34465f5416722fb03f644c4879d10e29ebc'
gom 'github.com/gotk/pg', :commit => '617e7cfe66fb82f12f5c3b0b4551c979ae1d78f5'
gom 'github.com/guregu/null', :commit => '68a803260b6b65e7c87c2a641aaa31b3c4f0d240'
gom 'github.com/joho/godotenv', :commit => 'ead2e75027bf1a3f6457e28d9eb3c2fa05109d2b'
gom 'github.com/lib/pq', :commit => '19eeca3e30d2577b1761db471ec130810e67f532'
gom 'github.com/lib/pq/oid'
gom 'github.com/nicksnyder/go-i18n/i18n'
gom 'github.com/nicksnyder/go-i18n/i18n/bundle'
gom 'github.com/nicksnyder/go-i18n/i18n/language'
gom 'github.com/nicksnyder/go-i18n/i18n/translation'
And this is the original Gomfile
:
gom 'github.com/Sirupsen/logrus'
gom 'github.com/auth0/go-jwt-middleware'
gom 'github.com/codegangsta/negroni'
gom 'github.com/dgrijalva/jwt-go'
gom 'github.com/gorilla/context'
gom 'github.com/gorilla/mux'
gom 'github.com/gotk/ctx'
gom 'github.com/gotk/pg'
gom 'github.com/guregu/null'
gom 'github.com/joho/godotenv'
gom 'github.com/lib/pq'
gom 'github.com/lib/pq/oid'
gom 'github.com/nicksnyder/go-i18n/i18n'
gom 'github.com/nicksnyder/go-i18n/i18n/bundle'
gom 'github.com/nicksnyder/go-i18n/i18n/language'
gom 'github.com/nicksnyder/go-i18n/i18n/translation'
Am I missing some important concept to handle these files correctly?
This is not just things for OS. it locks versions by current commit-ids of dependencies. For example, if you have below line on linux/OSX, it will be removed on Gemfile.lock because it's not needed.
gom 'github.com/mattn/go-ole', :goos => 'windows'
Sorry, but think I did not understand the entire workflow with gom
yet.
What would be the most basic workflow, supposing that I don't have any OS specific package, just like the sample Gomfile
provided earlier?
BTW, what are considered best practices about the _vendor
directory and version control systems? Should it be added to the repository or totally ignored?
I don't know if this helps, but I came from a Python and Java background.
What would be the most basic workflow, supposing that I don't have any OS specific package, just like the sample Gomfile provided earlier?
When Gomfile.lock exists, gom checkout the commit-id of extra package. This is a way to avoid unstable behavior of extra package.
So if you want, you can replace Gomfile.lock to Gomfile. Or you can put Gomfile.lock on repository.
BTW, what are considered best practices about the _vendor directory and version control systems? Should it be added to the repository or totally ignored?
If you want to stick versions of extra package, you've better to put _vendor directory on your repo.
However when do gom install
, gom checkout dependency with specific commit-id into vendor directory.
If you want to stick versions of extra package, you've better to put _vendor directory on your repo.
I think I found an issue when I added the _vendor
directory into the git repository. Let me try to explain the scenario:
The gom install
command seems to perform a git clone
of the repositories of the packages into the _vendor
directory.
After that, when I git add _vendor
, the files of these cloned repos are not added to my original repo, for instance:
On branch master
Your branch is up-to-date with 'origin/master'.
Changes to be committed:
(use "git reset HEAD <file>..." to unstage)
new file: _vendor/src/github.com/Sirupsen/logrus
new file: _vendor/src/github.com/auth0/go-jwt-middleware
new file: _vendor/src/github.com/codegangsta/negroni
new file: _vendor/src/github.com/dgrijalva/jwt-go
new file: _vendor/src/github.com/gorilla/context
new file: _vendor/src/github.com/gorilla/mux
new file: _vendor/src/github.com/gotk/ctx
new file: _vendor/src/github.com/gotk/pg
new file: _vendor/src/github.com/guregu/null
new file: _vendor/src/github.com/joho/godotenv
new file: _vendor/src/github.com/lib/pq
new file: _vendor/src/github.com/nicksnyder/go-i18n
And I suppose that happens because those directories has their own .git
directory (submodule, maybe?)
So, if I commit these changes, the files of the packages under _vendor
will not be added, making the whole idea of a _vendor
directory useless.
Hope this makes sense, if not let me know and I'll try to explain it better.
And I suppose that happens because those directories has their own .git directory (submodule, maybe?)
Ah, Sorry you are right. I didn't still do this.
As i said in above, user must do gom install
themselfs.
As I believe the main purpose of tools like gom
or godep
is to provide a way to reproduce a build at any time, even if a dependency is not available to clone anymore, I was hoping that gom install
would be able to "automagically" download the specific versions of each package listed in my Gomfile
into the _vendor
directory, so I could have a reliable "backup" of the dependencies added to my original repo.
Note that I mentioned "download" instead of "clone", in order to avoid the issue with submodules explained earlier. Maybe performing a git clone
followed by rm -rf .git
for each cloned repo could be a workaround for this "download only" feature.
So workflow should be like below.
- Don't put _vendor into repo
- You can copy Gomfile.lock to Gomfile.
But if I don't put the _vendor
into my repo and a dependency has its repo deleted or reseted (git push --force) how could I reproduce my build?
I may be asking for something outside the original scope of gom
, so I think I should manage this workflow by my own.
Nonetheless, your project is great and gave me really good ideas to deal with dependencies on the Go land. Keep it up. :-)