$ go get -u github.com/golang/dep/cmd/depRun
dep initto initialize your project.
dep will analyize your project, identify your dependencies, pick the highest compatible version for each dependency,
generate a Gopkg.toml manifest and Gopkg.lock files
(see here for background on the two file format),
and install dependencies in vendor/.
$ dep initIf you are already using glide, godep, vndr, or govend, dep will convert the existing dependency management file. See this issue and this interface for implementing configuration importers.
If you have an existing vendor/ directory, it will be backed up to _vendor-TIMESTAMP/.
You can tell dep to resolve dependencies from GOPATH before resorting to network mode with dep init -gopath.
See here for
a bit more detail.
Run
dep ensureto ensurevendor/is in the correct state for your configuration.
$ dep ensuredep's solver regenerates Gopkg.lock if it detects any change in your code imports and/or Gopkg.toml. If this is
the case, then the new Gopkg.lock file is used to completely rewrite vendor/ (at some point
vendor verification will allow the contents of vendor/ to also be
checked for consistency with Gopkg.lock, updating only what is necessary to make the contents current).
This process may be slow for large projects, especially the first time as dependencies are cloned or when it hasn't been run in a while and there are many changesets to fetch. dep manages a cache at $GOPATH/pkg/dep to mitigate fetch overhead. See
here for further details.
There are a number of variations to this command. Run dep ensure -examples for details. One in particular to note
that may be relevant when creating a Dockerfile is dep ensure -vendor-only.
Use
dep ensure -addto update your configuration with a new dependency.
$ dep ensure -add github.com/foo/bar github.com/foo/baz...dep will update your Gopkg.toml, Gopkg.lock, and vendor/ to the latest version unless version constraints
are applied; for example:
$ dep ensure -add github.com/foo/[email protected] github.com/foo/baz@masterUse this to detect a mismatch between the configuration and state of your project
One way this can happen is when you import a package that is resolved when you build because it is found
in your GOPATH, but it has not been added to your configuration (and therefore is not present in the
generated Gopkg.lock file).
$ dep statusUse this information to update your configuration with dep ensure -add as appropriate.
dep will update your dependencies to the latest versions that satisify the constraints specified in
Gopkg.toml.
Preferred
$ dep ensure -update github.com/foo/bar github.com/foo/baz...Possible, but being specific is preferred
$ dep ensure -updateThe latest version means the latest version in a semver range or if depending on a branch, the tip of the branch.
- Remove the relevant
importpackage statements and usage in your code - Remove the relevant
[[constraint]]rules fromGopkg.toml - Run
dep ensure
Your project may rely on dependencies that you wish to edit. These dependencies should not be updated
directly under vendor/ since they can be overwritted by dep. Instead, volatile dependencies should be removed
manually from under vendor/ and then placed in the appropriate location in your $GOPATH. When building,
Go will first search your vendor/ directory, then it will search your $GOPATH.
If the package update has been pushed to its public repo, then simply run dep ensure -update as described in
Changing Dependencies.
As a user of python virtualenvwrapper I would recommend being able to create a virtual dependancy tree anywhere and make the project dependant on it