$ go get -u github.com/golang/dep/cmd/depdep will analyize your project, identify your dependencies, pick the highest compatible version for each dependency,
generate a Gopkg.toml manifest and Gopkg.lock files
(see here for background on the two file format),
and install dependencies in vendor/.
$ dep initIf you are already using glide, godep, vndr, or govend, dep will convert the existing dependency management file. See this issue and this interface for implementing configuration importers.
If you have an existing vendor/ directory, it will be backed up to _vendor-TIMESTAMP/.
You can tell dep to resolve dependencies from GOPATH before resorting to network mode with dep init -gopath. See
here for
a bit more detail.
$ dep ensuredep's solver regenerates Gopkg.lock if it detects any change in your code imports and/or Gopkg.toml. If this is
the case, then the new Gopkg.lock file is used to completely rewrite vendor/ (at some point
vednor verification will allow the contents of vendor/ to also be
checked for consistency with Gopkg.lock, updating only what is necessary to make the contents current.
This process may be slow for large projects, especially the first time as dependencies are cloned or when it hasn't been run in a while and there are many changesets to fetch. dep manages a cache at $GOPATH/pkg/dep to mitigate fetch overhead. See
here for further details.
$ dep ensure -add github.com/foo/bardep will update your Gopkg.toml, Gopkg.lock, and vendor/.
Use this to detect a mismatch between the state of your project, such as imports that have not been added (and therefore
are not in the generated Gopkg.lock file). Use this information to update your configuration with dep ensure -add.
$ dep statusdep will update your dependencies to the latest versions that satisify the constraints specified in Gopkg.toml.
$ dep ensure -update github.com/foo/bar github.com/another/project...or just
$ dep ensure -updateThe latest version means the latest version in a semver range or if depending on a branch, the tip of the branch.
- Remove the relevant
importpackage statements and usage in your code - Remove the relevant
[[constraint]]rules fromGopkg.toml - Run
dep ensure
Your project may rely on dependencies that you wish to edit. These dependencies should not be updated
directly under vendor/ since they can be overwritted by dep. Instead, volatile dependencies should be removed
manually from under vendor/ and then placed in the appropriate location in your $GOPATH. When building,
Go will first search your vendor/ directory, then it will search your $GOPATH.
If the package update has been pushed to its public repo, then simply run dep ensure -update as described in
Changing Dependencies.
As a user of python virtualenvwrapper I would recommend being able to create a virtual dependancy tree anywhere and make the project dependant on it