Go dependency management tool experiment (deprecated)

dependency-manager golang package-manager toolchain

Перейти к файлу

sam boyer 0e4001a90a Windows-friendly filepath join (hopefully)		2016-08-01 00:36:37 -04:00
_testdata/src	Fix disallowed test, now that dots are out again	2016-07-13 17:51:39 -04:00
.gitignore	Remove and ignore vendor dir	2016-04-01 11:34:25 -04:00
CODE_OF_CONDUCT.md	Add COC and CONTRIBUTING.md	2016-07-12 01:33:17 -04:00
CONTRIBUTING.md	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
LICENSE	Initial commit	2016-03-14 23:33:42 -04:00
README.md	Update example and README	2016-07-26 22:59:07 -04:00
analysis.go	Exclude root dirs from source list if bad path	2016-07-13 17:34:19 -04:00
analysis_test.go	Fix disallowed test, now that dots are out again	2016-07-13 17:51:39 -04:00
appveyor.yml	Fix the example, and have CI verify it compiles	2016-07-22 11:40:53 -04:00
bridge.go	Buncha type renames; short tests now passing again	2016-07-29 00:47:32 -04:00
circle.yml	Fix the example, and have CI verify it compiles	2016-07-22 11:40:53 -04:00
constraint_test.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
constraints.go	Implement overrides in the solver	2016-07-27 14:24:22 -04:00
discovery.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
example.go	Update example and README	2016-07-26 22:59:07 -04:00
flags.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
glide.lock	Fix weird values in glide.lock	2016-06-07 00:07:57 -04:00
glide.yaml	Not using immutable-radix	2016-07-12 14:57:57 -04:00
hash.go	Have sourceBridge compose SourceManager	2016-07-27 22:37:43 -04:00
hash_test.go	Incorporate overrides into input hashing	2016-07-27 12:25:08 -04:00
import_mode_go15.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
import_mode_go16.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
lock.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
manager_test.go	Windows-friendly filepath join (hopefully)	2016-08-01 00:36:37 -04:00
manifest.go	More assorted renamings	2016-07-26 23:15:48 -04:00
marker-header.png	Add the header image	2016-07-12 14:53:57 -04:00
project_manager.go	Windows-friendly filepath join (hopefully)	2016-08-01 00:36:37 -04:00
remote.go	Add possible schemes by vcs in remote deduction	2016-07-31 22:50:04 -04:00
remote_test.go	Add possible schemes by vcs in remote deduction	2016-07-31 22:50:04 -04:00
remove_go16.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
remove_go17.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
result.go	Buncha type renames; short tests now passing again	2016-07-29 00:47:32 -04:00
result_test.go	Buncha type renames; short tests now passing again	2016-07-29 00:47:32 -04:00
satisfy.go	Have sourceBridge compose SourceManager	2016-07-27 22:37:43 -04:00
selection.go	Fold select methods into selectAtom()	2016-07-20 23:10:29 -04:00
solve_basic_test.go	Buncha type renames; short tests now passing again	2016-07-29 00:47:32 -04:00
solve_bimodal_test.go	Buncha type renames; short tests now passing again	2016-07-29 00:47:32 -04:00
solve_failures.go	Rename errors.go to make space for sm errors	2016-07-27 20:49:31 -04:00
solve_test.go	Buncha type renames; short tests now passing again	2016-07-29 00:47:32 -04:00
solver.go	Buncha type renames; short tests now passing again	2016-07-29 00:47:32 -04:00
source_manager.go	Windows-friendly filepath join (hopefully)	2016-08-01 00:36:37 -04:00
trace.go	Basically overhaul tracing	2016-07-21 16:11:37 -04:00
types.go	Implement overrides in the solver	2016-07-27 14:24:22 -04:00
version.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00
version_queue.go	Have sourceBridge compose SourceManager	2016-07-27 22:37:43 -04:00
version_test.go	s/vsolver/gps/g	2016-07-12 14:56:12 -04:00

README.md

gps

gps is the Go Packaging Solver. It is an engine for tackling dependency management problems in Go. It is trivial - about 35 lines of code - to replicate the fetching bits of go get using gps.

gps is not Yet Another Go Package Management Tool. Rather, it's a library that package management (and adjacent) tools can use to solve the hard parts of the problem in a consistent, holistic way. It is a distillation of the ideas behind language package managers like bundler, npm, elm-package, cargo (and others) into a library, artisanally handcrafted with ❤️ for Go's specific requirements.

gps is on track to become the engine behind glide.

The wiki has a general introduction to the gps approach, as well as guides for folks implementing tools or looking to contribute.

gps is progressing rapidly, but still in beta, with a concomitantly liberal sprinkling of panics.

Wait...a package management library?!

Yup. See the rationale.

Features

A feature list for a package management library is a bit different than one for a package management tool. Instead of listing the things an end-user can do, we list the choices a tool can make and offer, in some form, to its users, as well as the non-choices/assumptions/constraints that gps imposes on a tool.

Non-Choices

We'd love for gps's non-choices to be noncontroversial. But that's not always the case.

Nevertheless, these non-choices remain because, taken as a whole, they make experiments and discussion around Go package management coherent and productive.

Go >=1.6, or 1.5 with GO15VENDOREXPERIMENT = 1 set
Everything under vendor/ is volatile and controlled solely by the tool
A central cache of repositories is used (cannot be GOPATH)
A project concept: a tree of packages, all covered by one vendor directory
A manifest and lock approach to tracking version and constraint information
Source repositories can be git, bzr, hg or svn (Most of the work here is through a separate lib)
What the available versions are for a given project/repository (all branches, tags, or revs are eligible)
- In general, semver tags are preferred to plain tags, are preferred to branches
The actual packages required (determined through import graph static analysis)
- How the import graph is statically analyzed (Similar to go/build, but with a combinatorial view of build tags)
Package import cycles are not allowed (not yet implemented)

There are also some current non-choices that we would like to push into the realm of choice:

Different versions of packages from the same repository cannot be used
Importable projects that are not bound to the repository root

Choices

These choices represent many of the ways that gps-based tools could substantively differ from each other.

Some of these are choices designed to encompass all options for topics on which reasonable people have disagreed. Others are simply important controls that no general library could know a priori.

How to store manifest and lock information (file(s)? a db?)
Which of the other package managers to interoperate with
Which types of version constraints to allow the user to specify (e.g., allowing semver ranges or not)
Whether or not to strip nested vendor directories
Which packages in the import graph to ignore
What informational output to show the end user
What dependency version constraints are declared by the root project
What dependency version constraints are declared by all dependencies
Given a previous solution, which versions to let change, and how
- In the absence of a previous solution, whether or not to use preferred versions
Allowing, or not, the user to swap in different network names for import paths (e.g. forks)
Specifying additional input/source packages not reachable from the root import graph (not complete)

This list may not be exhaustive - see the implementor's guide for a proper treatment.

Contributing

Yay, contributing! Please see CONTRIBUTING.md. Note that gps also abides by a Code of Conduct, and is MIT-licensed.