CD2H gitForager

DataDog/glock

Name: glock

Owner: Datadog, Inc.

Description: Forked due to https://github.com/robfig/glock/pull/34 (Keeping it stable for now)

Forked from: robfig/glock

Created: 2016-08-12 15:53:45.0

Updated: 2016-08-12 16:04:30.0

Pushed: 2017-02-20 10:27:21.0

Homepage:

Size: 93

Language: Go

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

Glock is a command-line tool to lock dependencies to specific revisions, using a version control hook to keep those revisions in sync across a team.

Overview

Glock provides 2 commands and a version control hook:

“glock save project” writes the transitive repo root[1] dependencies of all packages under “project/…” to a GLOCKFILE
“glock sync project” updates all packages listed in project/GLOCKFILE to the listed version.
“glock install project” installs a version control hook that watches for changes to project/GLOCKFILE and incrementally applies them.

GLOCKFILEs are simple text files that record a repo roots's revision, e.g.

ucket.org/tebeka/selenium 02df1758050f
.google.com/p/cascadia 4f03c71bc42b
.google.com/p/go-uuid 7dda39b2e7d5

[1] “repo root” refers to the base package in a repository. For example, although code.google.com/p/go.net/websocket is a Go package, code.google.com/p/go.net is the “repo root”, and any dependencies on non-root packages roll up to the root.

Use case

It is meant to serve a team that:

develops multiple applications within a single Go codebase
uses a single dedicated GOPATH for development
wants all applications within the codebase to use one version of any dependency.

For example, at work we keep our Go code in one repo (rather than many small ones) and use a single GOPATH. This tool allows us to gain reproducible builds, with version updates automatically propagated to the team via the hook, with the following advantages:

We still use the normal Go toolchain / dev process (e.g. not having to run everything in a godep sandbox). We can more easily contribute to 3rd party libraries, since they are not in a vendor sandbox or have rewritten import paths.
We avoid the repo bloat of checking in our dependencies (> 100 MB), in addition to the extra churn. Updating a dependency involves a change to one line of a text file instead of thousand-line diffs.
Much easier and less error-prone than manually checking in dependencies. Developers don't have to fight git because git wants to make the project a submodule instead of just checking in the files. Running glock on your CI server or as a pre-commit hook can ensure that any new dependencies have been recorded.

Setup

Here is how to get started with Glock.

tch and install glock
 get github.com/robfig/glock

cord the package's transitive dependencies, as they currently exist.
ock writes the dependencies to a GLOCKFILE in that package's directory.
l dependencies of all descendent packages are included.
ock save github.com/acme/project

view and check in the dependencies.
t add src/github.com/acme/project/GLOCKFILE
t commit -m 'Save current dependency revisions'
t push

l developers install the git hook
ock install github.com/acme/project

Once the VCS hook is installed, all developers will have their dependencies added and updated automatically as the GLOCKFILE changes.

Add/update a dependency

veloper wants to add a dependency
 get -u github.com/some/dependency
ock save github.com/acme/project
t commit src/github.com/acme/project/GLOCKFILE
t push

“go get -u” will download the latest revision of that library and update to it. “glock save” records the current state of dependencies in your GOPATH, which should reflect the new or updated revision.

You can use the same process to update all dependencies to the latest revision:

 $GOPATH/src
 get -u -v ./...
ock save github.com/acme/project

In any case, the dependency update will be propagated to all team members as they pull that revision.

Continuous Integration

It may also be useful to verify that all dependencies are recorded as part of your continuous build. A simple diff works:

ff <(glock save -n github.com/acme/project) <(cat github.com/acme/project/GLOCKFILE)

That will return success (0) if there were no differences between the current project dependencies and what is recorded in the GLOCKFILE, or it will exit with an error (1) and print the differences.

Commands

Glock can also be used to build and update go programs across the team.

Commands are declared at the top of your GLOCKFILE:

code.google.com/p/go.tools/cmd/godoc
code.google.com/p/go.tools/cmd/goimports
code.google.com/p/go.tools/cmd/vet

The declarations have a couple effects:

These commands will have their dependencies included when glock calculates them.
The commands will be built (if necessary) during “glock sync”.
New commands will be installed by “glock apply”, and existing commands will be re-installed when package versions are updated.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.