Hello Matt, Having dependencies inside the project is the easiest way to make reproducible builds (without having infrastructure for mirrors) and makes your organization more independent from third parties. Moreover, tools based on dependencies rules (like maven, npm, etc) could make your project ending up with unexpected versions. How many libraries are in a regular project, 10 maybe 20? managing versions by one by one and testing the side effects of upgrading a library is affordable. Also, having all the code in the same place makes the project reproducible for several years even if the original repositories/vcs are not longer available or vcs has been compromised with malicious code.
Also, golla works with any git repos because destination folder is indicated explicitly. Each tool has its pros and cons, this one fits what I expect from software configuration. I hope having answered your question :) Chrs, Fulldump El martes, 15 de mayo de 2018, 15:56:23 (UTC+2), matthe...@gmail.com escribió: > > Hello, > > I haven’t seen this pattern: > > src/vendor/github.com/fulldump/goconfig > > I’ve put vendored dependencies in the project: > > src/github.com/my/project/vendor/github.com/fulldump/goconfig > > Why are you doing it this way? > > Have you tried vgo? https://github.com/golang/vgo > > Matt > > On Sunday, May 13, 2018 at 3:12:59 PM UTC-5, Gerardo Oscar JT wrote: >> >> Hi gophers! >> >> Golang do not have a canonical way to download dependencies. Glide is the >> last one I have been using and it is like a drunk elephant in my laptop. >> >> This weekend I have managed to summon the force to work on a silly script >> that read a list of git repos, and do the clones, one by one. >> >> For the moment it supports: >> >> - Clone a specific git repo inside a specific directory (removing the >> .git folder) >> - Pin a specific tag/branch/commit >> - Select a specific file or directory inside a repo to avoid cloning >> all the repo >> - Comments prefixed with # are suported >> >> The project is called *golla*, here is the repo: >> https://github.com/fulldump/golla >> >> All dependencies should be specified in a file called golla like this: >> >> # This is a golla file! >> # First, we will clone a repo to a dir: >> git@ github.com:fulldump/goconfig.git* ->* src/vendor/ >> github.com/fulldump/goconfig >> >> # Here we will clone a specific version: >> git@ github.com:fulldump/golax.git*#**v0.6.1* -> src/vendor/ >> github.com/fulldump/golax >> >> # Only a file is cloned here (for example, golla script itself): >> git@ github.com:fulldump/golla.git*>golla.go* -> golla.go >> >> >> I hope this script could be helpful for anyone else. >> >> Happy to learn from your feedback, >> Fulldump >> >> >> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
