Private Dependency

If you like this blog and want to contribute, read this post.

Sidorenko Konstantin thecampagnards

Golang Development

Introduction to Go Dependencies

These are based on a module whose source is in a git repository.

The dependency will target to a commit or a tag.

Example:

golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 // indirect => this target a commit
gopkg.in/yaml.v2 v2.4.0 // indirect => this target a tag

When you add a dependency to your project you will do this:

go get -u github.com/gofiber/fiber/v2 # this will use the latest version without @

You will get a go.mod file like:

module test

go 1.19

require github.com/gofiber/fiber/v2 v2.41.0

require (
	github.com/andybalholm/brotli v1.0.4 // indirect
	github.com/klauspost/compress v1.15.15 // indirect
	github.com/mattn/go-colorable v0.1.13 // indirect
	github.com/mattn/go-isatty v0.0.17 // indirect
	github.com/mattn/go-runewidth v0.0.14 // indirect
	github.com/rivo/uniseg v0.4.3 // indirect
	github.com/valyala/bytebufferpool v1.0.0 // indirect
	github.com/valyala/fasthttp v1.44.0 // indirect
	github.com/valyala/tcplisten v1.0.0 // indirect
	golang.org/x/sys v0.4.0 // indirect
)

For more information on go and its dependencies management, check this page

If you need to expose your module (or try to always), name it according to its git repository URL.

How to use private dependency

What if my dependencies are in a private git repository ?

Let’s use gitlab as a private repository which is the most common in companies.

Here is the project https://gitlab.com/a-trick-a-day/golang-private-dependency, you can’t see it because it’s a private project.

gitlab repository

It’s a simple main.go:

package main

import "fmt"

func main() {
	Hello()
}

func Hello() {
	fmt.Println("Hello")
}

and its go.mod:

module gitlab.com/a-trick-a-day/golang-private-dependency

go 1.19

In my case I will use a gitlab deploy token with the read repository permission. Depending of your project you can use a personal or a group token with read repository permission.

Run this commands:

git config --global url.https://gitlab+deploy-token-1715684:zaA_MonZ6XskfCVM7ACm@gitlab.com.insteadOf https://gitlab.com # will rewrite the url during remote actions
go env -w GOPRIVATE=gitlab.com # will tell to go it's a private repo
go install gitlab.com/a-trick-a-day/golang-private-dependency@latest # will install the latest version of golang-private-dependency

For GOPRIVATE, the go command defaults to downloading modules from the public Go module mirror at goproxy.io. The GOPRIVATE environment variable controls which modules the go command considers to be private (not available publicly) and should therefore not use the proxy or checksum database.

You should be able to run this command now:

~/go/bin/golang-private-dependency
Hello

Now to use this as dependency you can do this:

➜  go mod init test # to init my module not needed if you already have it
go: creating new go.mod: module test
➜  go get gitlab.com/a-trick-a-day/golang-private-dependency
go: added gitlab.com/a-trick-a-day/golang-private-dependency v0.0.0-20230123145256-d7f205052328

Don't forget to do ago mod tidy after updating your dependencies.

go.mod:

module test

go 1.18

require gitlab.com/a-trick-a-day/golang-private-dependency v0.0.0-20230123145256-d7f205052328 // indirect

Inside your gitlab CI you can use the CI_JOB_TOKEN
git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com.insteadOf https://gitlab.com

During development, you should be able to:

package main

import (
	"fmt"

	d "gitlab.com/a-trick-a-day/golang-private-dependency"
)

func main() {
	fmt.Println("aa")
	d.Hello()
}

In our case it doesn’t work because we try to import a main package.

Try to avoid - in the names of go libraries, it should have a valid identifiers.

A Trick A Day

Private Dependency

How to have private modules.

Introduction to Go Dependencies

How to use private dependency

Categories