Libraries must not vendor code.
What's a library? You're code is, if some other project imports it.
Libraries must not vendor code.
What's a library? You're code is, if some other project imports it.
What this achieves is it puts a package at /pkg/foo which is importable from the outside world which doesn't pull in any vendor'd packages.
On 1 April 2016 at 10:01, Dave Cheney <da...@cheney.net> wrote:Libraries must not vendor code.
What's a library? You're code is, if some other project imports it.Some open questions:(Let's say I have something intended to be used as both a library and a program :)
Is it OK to have a library /pkg/foo and a program /cmd/foo in the same repository? (My intuitive guess: a reasonable thing to want?)
Is /cmd/foo allowed to vendor /pkg/foo's dependencies? (yes)
Must that program also vendor that /pkg/foo? (seems like it might be required if you want to use vendoring in /cmd/foo)
Can you suggest a directory structure? (seems like you need a copy of /pkg/foo in the repository, which lives under /cmd/vendor or /cmd/foo/vendor)Something like:/cmd/foo/cmd/vendor/pkg/foo/cmd/vendor/foo-dependency/pkg/fooThe copy at /cmd/vendor/pkg/foo (or /pkg/foo depending on your perspective) is unfortunate, but I don't currently see another way. I'd love for there to be one :)
What this achieves is it puts a package at /pkg/foo which is importable from the outside world which doesn't pull in any vendor'd packages.
Don't do that, you're making it to hard on yourself. If it's a library; designed to be imported by _other_ repositories, put it in it's own repo. If it's a library that is part of the final application (what gb calls a project), then don't split it into it's own repo, that's just making it harder than it needs to be.
On Friday, 1 April 2016 20:18:11 UTC+11, Peter Waller wrote:Something like:/cmd/foo/cmd/vendor/pkg/foo/cmd/vendor/foo-dependency/pkg/fooThe copy at /cmd/vendor/pkg/foo (or /pkg/foo depending on your perspective) is unfortunate, but I don't currently see another way. I'd love for there to be one :)That's too complicated IMO, vendoring is per repo (per project)
On 1 April 2016 at 11:15, Dave Cheney <da...@cheney.net> wrote:Don't do that, you're making it to hard on yourself. If it's a library; designed to be imported by _other_ repositories, put it in it's own repo. If it's a library that is part of the final application (what gb calls a project), then don't split it into it's own repo, that's just making it harder than it needs to be.The problem isn't that I do that - in itself - but that there are packages in the wild that do this that I may want to import.I'm willing to change my behaviour where I become aware that is it wrong.On the other hand, I don't see what's wrong with having both a library and a main function in one package. I mean, etcd does it, right? Are they doing it wrong? If so, please tell them for me :)
I write much of my code so that main() is really a tiny program which just calls a library. Are you saying this has to live in its own repository, or am I misunderstanding?
If the library has many consumers then you should not also place vendored code in that repository -- otherwise consumers of your library will find themselves in the same position as Peter Bourgon has found himself.
Does that mean if your code is a library (you want others to import it)
you cannot have within it a test suite which requires vendored code?
If so, that's a bit unfortunate for interoperability tests.
On 1 April 2016 at 10:01, Dave Cheney <da...@cheney.net> wrote:Libraries must not vendor code.
What's a library? You're code is, if some other project imports it.Some open questions:(Let's say I have something intended to be used as both a library and a program :)
2016-04-01 12:51 GMT+02:00 Alex Bligh <al...@alex.org.uk>:
>
> On 1 Apr 2016, at 10:01, Dave Cheney <da...@cheney.net> wrote:
>
>> I think it could be more succinctly expressed as:
>>
>> Libraries must not vendor code.
>>
>> What's a library? You're code is, if some other project imports it.
>
> Does that mean if your code is a library (you want others to import it)
> you cannot have within it a test suite which requires vendored code?
> If so, that's a bit unfortunate for interoperability tests.
As I understand it, vendored dependencies themselves are not the
problem here, but *exposing* them such as returning or taking as
arguments types from them. So vendoring x/net/context and having
methods accept a context.Ctx from the outside is a no-no. But a
vendored dependency for tests, or internal use only, or as a
dependency to some cmd/* package in the same repo ought to be
acceptable.
I don't think this changes anything for the base rule of "libraries
should not vendor" - that still holds.
//jb
My suggestion above may not be absolute, i'm sure with scrupulous attention to detail by a very dedicate development team, backed by tooling which hasn't been developed yet, it could be made to work. But it seems simpler, and far more explainable, to adopt a "only main packages vendor" maxim.
That sounds utterly miserable. Both you, the library author, and the other you, the library consumer are walking on eggshells; one is petrified of accidentally leaking -- I don't think that concept is well understood -- it's never been a think that Go developers have had to worry about because there was only every one type for a given import path before -- and the other is petrified of being passed a type which will could fail an equality check when code is refactored, or a dependency updated.My suggestion above may not be absolute, i'm sure with scrupulous attention to detail by a very dedicate development team, backed by tooling which hasn't been developed yet, it could be made to work. But it seems simpler, and far more explainable, to adopt a "only main packages vendor" maxim.