Dependency management in large company projects - How do you do it?

Hey. :wave:

Just a little preamble to introduce myself and the context of my question: I started learning Go around 6 years ago as a pure side project language. In the beginning of last year, I actually got hired in a company which works primarily with Go for their backend projects. They started with it years before go modules were a thing and everything was managed via the GOPATH. They developed an awesome custom package management tool which integrates great in their automation system, manages mirrors of dependencies and helps creating license summary exports. But now, we want to migrate to go modules instead of using the GOPATH system.

I did some investigation on how it could be possible to create a custom dependency management system in combination with go modules and it came out to be quite difficult and hacky. I followed the approach to put packages into the vendor/ directory, which is then used by the go toolchain to search for external packages. But this also means that you need to manually create and manage the go.mod file, which is really not a great experience and also feels like it could break at any time.

I know that some projects like cockroach use custom build tools like bazel. But we actually really like to use to be able to build our projects simply with the great go toolchain and don’t really aim to dive deep into custom build solutions.

Now, if you are working with go at a company, how do you manage your dependencies? Do you simply use go get? Do you have a custom dependency manager and if yes, how does it work? What are your mirroring and offline build strategies?

Thank you very much in advance for your responses. :slight_smile:

go get and go mod vendor are the primary way and the toolchain happy path.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.