Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The New Era of Go Package Management
Search
sam boyer
July 14, 2017
Technology
0
140
The New Era of Go Package Management
Closing keynote of Gophercon 2017.
sam boyer
July 14, 2017
Tweet
Share
Other Decks in Technology
See All in Technology
SREを知らずに SREマネージャーになった話 / How I Became an SRE Manager Without Knowing What SRE Is
moneyforward
0
290
エンジニアリングマネージャー“お悩み相談”パネルセッション
ar_tama
1
650
Recoil脱却の現状と挑戦
kirik
2
320
データエンジニアリング 4年前と変わったこと、 4年前と変わらないこと
tanakarian
2
350
MCPに潜むセキュリティリスクを考えてみる
milix_m
1
700
AWS Well-Architected から考えるオブザーバビリティの勘所 / Considering the Essentials of Observability from AWS Well-Architected
sms_tech
1
850
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.7k
Ktor + Google Cloud Tasks/PubSub におけるOTel Messaging計装の実践
sansantech
PRO
1
250
AI Ready API ─ AI時代に求められるAPI設計とは?/ AI-Ready API - Designing MCP and APIs in the AI Era
yokawasa
20
5.7k
SAE J1939シミュレーション環境構築
daikiokazaki
0
130
QAを早期に巻き込む”って どうやるの? モヤモヤから抜け出す実践知
moritamasami
2
170
P2P通信の標準化 WebRTCを知ろう
faithandbrave
6
2.3k
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Fireside Chat
paigeccino
37
3.5k
Writing Fast Ruby
sferik
628
62k
Faster Mobile Websites
deanohume
308
31k
The World Runs on Bad Software
bkeepers
PRO
70
11k
The Cult of Friendly URLs
andyhume
79
6.5k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
530
Building an army of robots
kneath
306
45k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
How to Ace a Technical Interview
jacobian
278
23k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
Transcript
@sdboyer The New Era of Go Package Management sam boyer
@sdboyer 1. We write code
@sdboyer 2. We use others’ code
@sdboyer 3. ow
@sdboyer Package (dependency) management matters
@sdboyer No, like…more than that
@sdboyer Tools -> Social Systems
None
None
None
None
None
None
None
@sdboyer Roots of the problem • GOPATH allows only one
version • No reproducibility • Releases, ~pointless • Updates, a crapshoot
None
@sdboyer Rise of the tools • 2013: Godep, gom, et
al. - 2013 • 2014: glide, gopkg.in, et al. - 2014 • 2015: gb, govendor, et al. - 2015
@sdboyer vendor/ on the scene • Go 1.5: vendor/ added,
off by default (Aug, 2015) • Go 1.6: vendor/ on by default (Feb, 2016) • Go 1.7: vendor/ always on (Aug, 2016)
None
@sdboyer godep glide gb govendor (et al.)
@sdboyer github.com/golang/dep
@sdboyer
@sdboyer dep fundamentals • Borrows from others, but is tailored
to Go • Imports are queen • Two-file system: Gopkg.toml, Gopkg.lock • Project-oriented • Semver tagging • vendor/-centric - (almost) no GOPATH
@sdboyer dep status dep init dep ensure
@sdboyer godep glide gb govendor (et al.) GOPATH dep
@sdboyer dep status dep init dep ensure
@sdboyer ensure keeps states in sync Project Code (imports) Gopkg.toml
Gopkg.lock Deps (vendor)
@sdboyer “Sync-based” tool
None
@sdboyer “Hey dep, ensure everything’s shipshape, kthx”
@sdboyer
@sdboyer
@sdboyer ) dep dep go
@sdboyer ) dep go
None
@sdboyer Key insights from dep • Two-file system • Imports
are queen • Still sync-based • Semver tagging • vendor/, sorta
@sdboyer TODOs • Multi-project workflow • Semver suggestion tool •
Registries • Editor integration patterns • Security model • Performance! • Better failure feedback • Private/enterprise patterns
@sdboyer TODOs…for YOU • Tag your projects with semver •
Convert projects to dep (yes, it’s ready!) • Maybe jump in and contribute to dep - word is, we’re super friendly! • Hackathon, tomorrow! • Updates: sdboyer.io/dep-status
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY
KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND… The MIT License
None