Reputation: 14908
Is it best-practice to commit the `vendor` directory?
I am using dep to handle my Go dependencies. Is it best practice to also commit the vendor directory into version control? Or is best practice to always execute dep ensure after checking out a repository?
Upvotes: 39
Views: 19305
Answers (3)
Reputation: 14908
The dep tool's FAQ answers this:
Should I commit my vendor directory?
It's up to you:
Pros
- It's the only way to get truly reproducible builds, as it guards against upstream renames, deletes and commit history overwrites.
- You don't need an extra
dep ensurestep to syncvendor/withGopkg.lockafter most operations, such as go get, cloning, getting latest, merging, etc.Cons
- Your repo will be bigger, potentially a lot bigger, though prune can help minimize this problem.
- PR diffs will include changes for files under
vendor/whenGopkg.lockis modified, however files invendor/are hidden by default on GitHub.
Upvotes: 34
Reputation: 3542
imagine what would happen to your project if a dependency was taken offline by the author. Until Go has a central server to hold all packages which are unable to be deleted a lot of people will always see the need to commit the vendor folder
Upvotes: 8
Reputation: 12845
I don’t commit for well available sources. Because on this case many commit messages are bloated with changes in vendors. When I want update then I do it and then commit updated Gopkg.*.
Upvotes: 0
Related Questions
- What are the benefits of having a vendor folder?
- Should I commit vendor directory with go mod?
- Does it make sense to add `go mod vendor` to a pre-commit hook?
- vendor folder not used with 'go build'
- should we always place our own packages in vendor/ folder when developing a golang library?
- multiple go projects and sharing a vendor directory (in go before 1.11)
- Using nested vendor directories in go 1.7
- How to handle nested "vendor" directories in Go packages?
- Is it common practice to symbolic link to the GOPATH folder?
- Package management with go vendoring