Skip to content
This repository has been archived by the owner on Sep 9, 2020. It is now read-only.

Specify which subset of dependencies to vendor during dep init #350

Closed
BTBurke opened this issue Mar 25, 2017 · 4 comments
Closed

Specify which subset of dependencies to vendor during dep init #350

BTBurke opened this issue Mar 25, 2017 · 4 comments

Comments

@BTBurke
Copy link

BTBurke commented Mar 25, 2017

Currently, dep init generates a lock file with all dependencies in the project. In some cases, you only want to vendor certain dependencies. As an example, I'm trying to use dep with a plugin for the Caddy server.

Caddy plugins must import packages from the Caddy server, but these should not be vendored because the Caddy build server should manage these dependencies itself. In my case, the plugin is a JWT auth library, so I'd like to vendor only the dependency on the JWT validation library and leave the Caddy imports unmanaged by dep.

There might be a couple options to implement this:

  1. dep init does not try to solve for dependencies on the initial run, only creating a skeleton manifest file. Then a subsequent call to dep ensure <library> would allow you to selectively include packages to be vendored.

  2. dep init -x <excluded library> or dep init -i <included library> to allow the user to select which packages to vendor on the initial run.

@sdboyer
Copy link
Member

sdboyer commented Mar 25, 2017

Interesting use case, thanks for the issue!

I think we should have this covered right now. There's a system - not currently well/at all documented - that may be sufficient: in your manifest.json, you can specify ignores - an array of package names that the system will then disregard. If you list all the packages you import from Caddy, it'll ignore those packages, and any transitive dependencies only reachable through the ignored packages.

It's not something you can specify at dep init, but you can just make the changes manually, then run dep ensure.

Of course, this could create problems if your plugin actually does rely on particular versions of Caddy, and that relationship needs to be maintained. (I don't know how Caddy plugins work). If your only goal here is to control what's populated into vendor/, you may be better off with simply having a script that strips out the undesired parts.

Still, though, this is a use case I hadn't previously considered; exploring the requirements more would be handy. Could you provide some links to info about Caddy plugins, Caddy build servers, etc.?

@BTBurke
Copy link
Author

BTBurke commented Mar 26, 2017

I'll give that a try. I'm planning to write up some docs for the Caddy plugin developers so that will be helpful.

The way the plugins work is that the build server creates a custom binary by selectively importing the plugins a user chooses. The source for the base Caddy server is being updated on a different schedule from the plugins. The core APIs that the plugins rely on are stable, but it would probably break the build to vendor the whole caddy package.

More info on the plugins:
https://github.com/mholt/caddy/wiki/Extending-Caddy

@sdboyer
Copy link
Member

sdboyer commented Apr 27, 2017

@BTBurke does it seem like your case is covered, if not currently then by the new WIP spec described in #277? If so, I'd like to clean house a bit and close this out.

@BTBurke
Copy link
Author

BTBurke commented Apr 27, 2017 via email

@sdboyer sdboyer closed this as completed Apr 28, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants