search

govend / govend

A simple tool to vendor Go package dependencies. It's like "go get" for vendoring.
Apache License 2.0
226 stars 30 forks source link

Ability to ignore packages from being vendored? #44

Closed deankarn closed 8 years ago

deankarn commented 8 years ago

Hi, I was wondering if it would be possible to add an option to ignore dependencies that are not already in the lock file from being vendored?

Scenario

Company has developed a web application say: github.com/company/webapp and has also developed a bunch of reusable libraries for use in multiple applications, like the following:

github.com/company/db - common database access used by many applications

now this library is fully under the company's control so we know that master is always going to be stable; this is ensured by only admin having the ability to merge or push code to the master branch ( this is actually a security requirement of the company... ) The db library is also frequently updated when making changes to our web application and this is where the troubles, for us, begin because the steps in getting a projects changes merged becomes too involved:

  1. Remove github.com/company/db from the vendored code
  2. Make changes to web application and db library + test.....
  3. Commit and push/create pull request for db changes
  4. Now have to wait for an admin to merge the db changes into master before we can update the webapp and add the new db library commit version
  5. Commit changes to webapp wait for them to be merged
  6. Developer can move on to next task

this is just an example of one reusable library, we use many more.

Proposed Solution 1

Add option, say -i, --ignore and when a lock file already exists it will only download and vendor packages within the lock file.

Proposed Solution 2

Add section to the vendor lock file of packages to ignore and preserve when updating all.

Either of these would solve our issues as the developer doesn't have to worry about vendoring the company code which is guaranteed to be stable.

Thanks in advance for your consideration :)

P.S. Thanks for govend, out of all the tools I've tried so far it is simple and does vendoring properly! this is the only problem that's stopping us from implementing as our vendoring solution.

jackspirou commented 8 years ago

@joeybloggs thanks for the comments and support. I think the proposed -i, --ignore would be a fine addition.

deankarn commented 8 years ago

Thanks @jackspirou :+1:

jackspirou commented 8 years ago

@joeybloggs FYI - i'm playing around with an implementation for this request on the ignore branch. https://github.com/govend/govend/compare/ignore

deankarn commented 8 years ago

Awesome @jackspirou Thanks! I will also check it out when I get a spare moment.

deankarn commented 8 years ago

Hey @jackspirou finally had a chance to test and it appears to be working great. I would however make one adjustment to the help documentation, currently it states:

-i, --ignore          The --ignore flag ignores the source code and just vendored
    packages that are found in the manifest file.

but I think it would be less confusing as:

-i, --ignore          The --ignore flag ignores any packages that are NOT found in the manifest
        file.
jackspirou commented 8 years ago

@joeybloggs the ignore branch has been merged into master, with the adjustments to the documentation you suggested above. You should be good to go!

deankarn commented 8 years ago

Thanks so much @jackspirou :thumbsup: 😃