Dep: Gopkg.toml doesn't get updated after ensure

Created on 31 Jul 2017  路  2Comments  路  Source: golang/dep

What version of Go (go version) and dep (git describe --tags) are you using?

Go: 1.8.3
dep: 0.2.0

What dep command did you run?

dep ensure github.com/package/name

What did you expect to see?

I expect to see that dep add this package to *.toml file then update vendor/ dir.

What did you see instead?

Only lock file and vendor/ dir gets updated. Toml file untouched. This causes a deployment problem. If I commit and push to server and do dep ensure, my new package(s) does not get installed and go build will fail to find proper packages in vendor/ dir.

Glide has this feature. You can do glide get package_url and this will both modify yaml and lock files besides vendor/ dir. Even other package managers (for other programming languages) have this lifecycle.

picture gencer

Most helpful comment

Hi @gencer , thanks for trying dep.

This is the right behavior. As mentioned in the README - adding a dependency, you import the package in your source code files and then run ensure to add the new dependency. This added dependency need not exist in Gopkg.toml file. ensure would add it to Gopkg.lock file and you can commit this. Next time you run ensure, the package would be vendored.

Only if you want to add a constraint to the dependency, you can add an entry of the same dependency in Gopkg.toml and define the constraint as a version, branch or revision. Running ensure would ensure that the specified constraint is respected in the vendored package.

So, it's fine if dependencies are missing from Gopkg.toml. This file is only for manually adding constraints. Gopkg.lock is where all the details are kept.

Hope this helps :)

picture darkowlzz on 31 Jul 2017
👍8

All 2 comments

Hi @gencer , thanks for trying dep.

This is the right behavior. As mentioned in the README - adding a dependency, you import the package in your source code files and then run ensure to add the new dependency. This added dependency need not exist in Gopkg.toml file. ensure would add it to Gopkg.lock file and you can commit this. Next time you run ensure, the package would be vendored.

Only if you want to add a constraint to the dependency, you can add an entry of the same dependency in Gopkg.toml and define the constraint as a version, branch or revision. Running ensure would ensure that the specified constraint is respected in the vendored package.

So, it's fine if dependencies are missing from Gopkg.toml. This file is only for manually adding constraints. Gopkg.lock is where all the details are kept.

Hope this helps :)

darkowlzz picture darkowlzz on 31 Jul 2017
👍8

Just a small additional note - #489 will introduce a dep ensure -add, which will add a constraint to Gopkg.toml. However, as @darkowlzz notes, it's not necessary that there be any record of it there - simply importing it is sufficient.

sdboyer picture sdboyer on 31 Jul 2017
👍6
Was this page helpful?
0 / 5 - 0 ratings

Related issues

carolynvs picture carolynvs  路  3Comments
cemremengu picture cemremengu  路  3Comments
mildred picture mildred  路  3Comments
sdboyer picture sdboyer  路  3Comments
rustyx picture rustyx  路  3Comments