Refactoring to modules: All you can learn in 15 minutes

A presentation at Seattle Go Meetup April 2019 in April 2019 in Seattle, WA, USA by Baruch Sadogursky

Slide 1

Slide 1

Refactoring to modules: All you can possibly learn in 15 minutes @jbaruch #golang http://jfrog.com/shownotes

Slide 2

Slide 2

shownotes http://jfrog.com/shownotes Slides Video Links Comments, Ratings Raffle @jbaruch #golang http://jfrog.com/shownotes

Slide 3

Slide 3

Slide 4

Slide 4

Let’s go back in time

Slide 5

Slide 5

Pre 1.0 (2012) 1.2 (2013) Poll time! 1.5 (2015) 1.8 (2017) 1.11 (2018) @jbaruch #golang http://jfrog.com/shownotes

Slide 6

Slide 6

Why we have a problem? @jbaruch #golang http://jfrog.com/shownotes

Slide 7

Slide 7

Why we have a problem? @jbaruch #golang http://jfrog.com/shownotes

Slide 8

Slide 8

Dependencies are sources Remote import is a VCS path Dump everything together into one source tree (GOPATH) Simple solution! Compile Profit @jbaruch #golang http://jfrog.com/shownotes

Slide 9

Slide 9

@jbaruch #golang http://jfrog.com/shownotes

Slide 10

Slide 10

Know which dependencies do I use? Know which dependencies did you use? Know which dependencies should I use? But… how do i… Know is it our code that I am editing right now? WTF is going on?! @jbaruch #golang http://jfrog.com/shownotes

Slide 11

Slide 11

Yeah… “ To date, we’ve resorted to an email semaphore whenever someone fixes a bug a package, imploring everyone else to run go get -u. You can probably imagine how successful this is, and how much time is being spent chasing bugs that were already fixed. Dave Cheney @jbaruch #golang http://jfrog.com/shownotes

Slide 12

Slide 12

Duplicate your dependencies “ Check your dependencies to your own VCS. Brad Firzpatrick @jbaruch #golang http://jfrog.com/shownotes

Slide 13

Slide 13

Build your own dependency manager “ It’s not the role of the tooling provided by the language to dictate how you manage your code in the production sense. Andrew Gerrand @jbaruch #golang http://jfrog.com/shownotes

Slide 14

Slide 14

We expect you to already have a homegrown dependency manager “ If you need to build any tooling around what Go uses (Git, Mercurial, Bazaar), you already understand those tools, so it should be straightforward to integrate with whatever system you have. Andrew Gerrand @jbaruch #golang http://jfrog.com/shownotes

Slide 15

Slide 15

Don’t trust what we’ve built “ go-get is nice for playing around, but if you do something serious, like deploying to production, your deploy script now involves fetching some random dude’s stuff on GitHub. Brad Firzpatrick @jbaruch #golang http://jfrog.com/shownotes

Slide 16

Slide 16

Slide 17

Slide 17

dependencies.tsv godeps.json govendor, govend, goven, gv quiz time! trash, garbage, rubbish Weapons manufacturer @jbaruch #golang http://jfrog.com/shownotes

Slide 18

Slide 18

GOPATH + VENDORING = 💖 @jbaruch #golang http://jfrog.com/shownotes

Slide 19

Slide 19

GOPATH, The proud son of the monorepo

Slide 20

Slide 20

It only allows a single version of any given package to exist at once (per GOPATH) Two huge problems with gopath @jbaruch We cannot programmatically differentiate between code the user is working on and code they merely depend on #golang http://jfrog.com/shownotes

Slide 21

Slide 21

vendoring “ Copy all of the files at some version from one version control repository and paste them into a different version control repository @jbaruch #golang http://jfrog.com/shownotes

Slide 22

Slide 22

History, branch, and tag information is lost Pulling updates is impossible It invites modification, divergence, and bad fork It wastes space Good luck finding which version of the code you forked What’s wrong with it (well, what’s not) @jbaruch #golang http://jfrog.com/shownotes

Slide 23

Slide 23

Slide 24

Slide 24

You still have no idea what version are you using You have to connect each dependency as a submodule manually Switching branches and forks LOL Working on modules with other teams ROFL Still wrong! @jbaruch #golang http://jfrog.com/shownotes

Slide 25

Slide 25

@jbaruch #golang http://jfrog.com/shownotes

Slide 26

Slide 26

The go dep experiment

Slide 27

Slide 27

@jbaruch #dockercon jfrog.com/shownotes

Slide 28

Slide 28

Working in project directories Proper dependency management? Local cache for dependencies Version declarations Conflict resolution @jbaruch #golang http://jfrog.com/shownotes

Slide 29

Slide 29

Conflict on the conflict resolution SAT/SMT vs MVS/SIV

Slide 30

Slide 30

Enter Go modules

Slide 31

Slide 31

Enter go modules @jbaruch #golang http://jfrog.com/shownotes

Slide 32

Slide 32

go mod init go.mod file is created Backwards compatibility and migration @jbaruch The rest is the same: imports in code just work #golang http://jfrog.com/shownotes

Slide 33

Slide 33

That’s some serious dark magic… @jbaruch #golang http://jfrog.com/shownotes

Slide 34

Slide 34

Go modules convert everything (almost?) @jbaruch #golang http://jfrog.com/shownotes

Slide 35

Slide 35

What happens to go.mod when you add import (and run go get/go build)

Slide 36

Slide 36

Go checks the URL: If it’s Go Proxy (module repository), it gets the module If it’s a VCS it clones and builds the module locally If it’s a web page, looks for go-import meta tag Selects the latest compatible version tag Semantic import versioning @jbaruch #golang http://jfrog.com/shownotes

Slide 37

Slide 37

@jbaruch #golang http://jfrog.com/shownotes

Slide 38

Slide 38

Let’s assume SemVer works (LOL) The latest version of v1.x.x is compatible with v1.0.0 and up Compatible?! Premise: import path string should always be backwards compatible @jbaruch #golang http://jfrog.com/shownotes

Slide 39

Slide 39

] Incompatible code can’t use the same import path Add /v2/ to the module path What about version 2?! Use /v2/ in the import path import “github.com/my/module/v2/mypkg” @jbaruch #golang http://jfrog.com/shownotes

Slide 40

Slide 40

What if it doesn’t have any semver tags?! @jbaruch Pseudo version v0.0.0-yyyymmddhhmmss-abcdefabcdef #golang http://jfrog.com/shownotes

Slide 41

Slide 41

You can specify “version X or later”: >= x.y.z What if (when) I want to ban a version?! @jbaruch You can use exclude or replace for better control #golang http://jfrog.com/shownotes

Slide 42

Slide 42

From vendoring to hierarchy of module repositories

Slide 43

Slide 43

Go modules define an hierarchy of caches Public Modules Repository GoCenter Organizational Modules Repository The Athens Project JFrog Artifactory Local cache on the developer’s machine $GOPATH/pkg/mod

Slide 44

Slide 44

After the mods are resolved (or built) they are cached in $GOPATH/pkg/mod Local cache on the developer’s machine Provides immediate access Not shared Not reliable (can be wiped at any moment) @jbaruch #golang http://jfrog.com/shownotes

Slide 45

Slide 45

JFrog Artifactory or Project Athens Provides faster (Intranet) access Provides reproducible builds as it caches the dependencies used once for build reproduction Requires team infrastructure and maintenance (SaaS offers exist) Organizational modules repository @jbaruch #golang http://jfrog.com/shownotes

Slide 46

Slide 46

GoCenter Google announced a vision for a federation of public repositories Provides fast access Provides reproducible builds as it caches the popular and requested dependencies from version control Highly available, requires no maintenance, free public modules repositories @jbaruch #golang http://jfrog.com/shownotes

Slide 47

Slide 47

Twitter ads and q&A jfrog.com/shownotes @jbaruch #GoLang gocenter.io @jbaruch #golang http://jfrog.com/shownotes