我应该提交 Godeps/_workspace 目录还是只提交 Godeps.json 文件就足够了?

huangapple go评论100阅读模式
英文:

Should I commit Godeps/_workspace or is Godeps.json enough?

问题

我正在使用Go编写一个项目,将其部署在Heroku上,并使用godep管理依赖项。

当我运行godep save命令时,会生成一个Godeps.json文件,其中列出了我使用的依赖项及其版本,并且还会生成一个_workspace/目录,其中包含了所有依赖项的源代码副本。我不想将_workspace/目录提交到版本控制中,因为这些代码已经在GitHub的其他地方了。在Heroku的构建过程中,似乎Godeps.json文件中包含了我们需要的所有信息来获取锁定版本的依赖项。

一些来源 建议将完整的Godeps/目录提交到版本控制中,但也有人认为可能不是必需的

godep的文档并没有提供太多帮助:

> 这将把依赖项列表保存到文件Godeps/Godeps.json中,并将它们的源代码复制到Godeps/_workspace中。请仔细阅读其内容,并确保它看起来合理。然后将文件提交到版本控制。

这里的文件是指Godeps.json吗?

英文:

I'm writing a project in Go to be deployed on heroku, managing dependencies with godep.

When I godep save, I get both a Godeps.json file listing my dependencies with versions and an _workspace/ directory with the source for all dependencies copied in. I'd rather not commit _workspace, all that code's already on github elsewhere. It seems Godeps.json has all the information we need to go get the version locked dependencies at heroku buildpack time.

Several sources recommend committing the full Godeps/ directory, but others suggest it might not be necessary.

The godep docs aren't much help:

>This will save a list of dependencies to the file Godeps/Godeps.json, and copy their source code into Godeps/_workspace. Read over its contents and make sure it looks reasonable. Then commit the file to version control.

Is Godeps.json the file?

答案1

得分: 18

官方回答:

来自GitHub问题#131

> godep的预期用途是将依赖项放入vendor目录并将_workspace_目录提交到版本控制。请参阅@kr在#123中链接的提案文档(提案:http://goo.gl/RpYs8e)。正如在该提案中讨论的那样,godep曾经有一种模式(-copy=false)支持不将依赖项放入vendor目录。我猜Readme中模糊的语言可能是由于此原因。如#123中所述,此模式已被删除。

这里还有godep的作者谈论他的项目和背后的想法 - Vendoring and Import Path Rewriting

个人观点:

我认为没有一种正确的方法。

提交供应商库似乎很尴尬,但它有其优点:

  • 您不依赖外部服务(GitHub等)。GitHub会出现故障,也许您有一些可怕的公司政策阻止您使用它,也许存储库消失或其历史记录被重写,也许您在防火墙(暂存/构建服务器)后面等等。
  • 每次依赖项更新时,您都会得到一个漂亮的差异,显示了发生了什么变化。
    这在更新到较新版本时很有帮助,或者仅仅是跟踪正在使用的代码的变化。

最后,权衡利弊取决于您。就个人而言,每次我提交供应商代码时,我都会感到不安,但在我的Go项目中,我会这样做。至少目前是这样。

此外,像Google和Facebook这样的公司主要将所有内容放在一个存储库中,包括供应商代码(或者我听说是这样)。

关于这个主题的有趣文章:
Go Package Management

英文:

Official answer:

From GitHub issue #131:

> The intended use of godep is to vendor dependencies and commit the _workspace directory to version control. See the proposal document by @kr linked in #123 (proposal: http://goo.gl/RpYs8e) As discussed in that proposal, godep used to have a mode (-copy=false) that supported not vendoring the dependencies. My guess is that the ambiguous language in the Readme may be due to that. This mode has been removed as documented in #123.

Here's also godep author talking about his project and ideas behind - Vendoring and Import Path Rewriting

Personal opinion:

I don't think there is a right way to do it.

Committing vendor libs does seem awkward, but it has it's advantages:

  • You're not relying on external services (GitHub, etc). GitHub has outages, maybe you have some horrible company policy which prevents you from using it, maybe repository disappears or it's history is rewritten, maybe you're behind firewall (staging/build server), etc.
  • Each time there are updates to your deps you get a nice diff of what has changed.
    Which helps when updating to newer version, or just keeping track of changes if you screen code that is being used.

At the end it's up to you to weigh the pros and cons. Personally I cringe every time I have to commit vendor code, but in my Go projects I do. At least for now.

Also companies like Google and Facebook mostly keep everything in one repository and that includes vendor code (or so I've heard).

Interesting article on the topic:
Go Package Management

答案2

得分: 2

godep需要json文件来读取依赖项,如update.go中所示。因此,该文件需要进行版本控制。

但是,godep会填充godep/_workspace的内容,这意味着它是一个"生成的"内容:您不需要对其进行版本控制。

英文:

godep will need the json file in order to read back the dependencies, as shown in update.go.
So that file needs to be versioned.

But then godep would fill the content of godep/_workspace, which means it is a "generated" content: you don't need to version it.

答案3

得分: 2

只需将Godeps.json文件添加到存储库中,并将_workspace添加到.gitignore列表中即可。

尽管您的代码应完全包含在存储库中,但依赖项只需以某种方式引用(godep.json、package.json、git submodule...您选择的方式),而不需要其他任何内容。
相同的策略适用于npm、bower、apt和所有其他软件包管理器。

您的存储库-您的内容+对供应商库的引用(当然,仅当可以引用sourceforge zip文件时)。

正如@VonC所说,我们不希望对供应商库进行版本控制。

英文:

Just add Godeps.json file to the repo, and _workspace to the .gitignore list :).

While your code should be fully included in your repo, dependencies have to be just referenced somehow (godep.json, package.json, git submodule... you choose), and nothing more than that.
The same tactics apply to npm, bower, apt and all other package managers.

Your repo - your things + references to vendor libs (of course, when it is possible, you cannot reference sourceforge zip file).

As @VonC said, we do not want to version vendor libs.

huangapple
  • 本文由 发表于 2014年10月13日 14:38:16
  • 转载请务必保留本文链接:https://go.coder-hub.com/26334220.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定