Go Modules Reference

Master Go workspace management with go.work files, multi-module development, and modern alternatives to GOPATH. Learn best practices for organizing multiple projects.

Master Go project layouts with proven patterns from flat structures to hexagonal architecture. Learn when to use cmd/, internal/, pkg/ and avoid common pitfalls.

A Go module datastore and proxy. Contribute to gomods/athens development by creating an account on GitHub.

Supabase CLI. Manage postgres migrations, run Supabase locally, deploy edge functions. Postgres backups. Generating types from your database schema. - supabase/cli

A minimalist Go module proxy handler. Contribute to goproxy/goproxy development by creating an account on GitHub.

Source Spotter reproduces Go toolchains to detect tampering in distributed binaries.

I made my next game twice as fast by forking go's crypto library

Carson Gross explores the concept of 'vendoring' in software development, where external project sources are copied directly into a project. He covers the benefits of vendoring, such as improved visibility and control over dependencies, and discusses challenges like transitive dependencies and the culture of dependency in modern software development. He also contrasts vendoring with modern dependency management tools, and considers the potential for vendor-first dependency managers to combine the strengths of both approaches. He encourages a rethinking of dependencies and promotes a more independent approach to software development.

A minimalist Go module proxy handler. Contribute to goproxy/goproxy development by creating an account on GitHub.

A concise intro to Go, covering its design, syntax, concurrency model, standard library, and ecosystem.

TL;DR ¶ I’ve just released jub0bs/cors, a new CORS middleware library for Go, perhaps the best one yet. It has some advantages over the more popular rs/cors library, including a simpler API, better documentation, extensive configuration validation, a useful debug mode, stronger performance guarantees. Here is a representative example of client code: package main import ( "io" "log" "net/http" "github.com/jub0bs/cors" ) func main() { mux := http.NewServeMux() mux.HandleFunc("GET /hello", handleHello) // no CORS on this corsMw, err := cors.NewMiddleware(cors.Config{ Origins: []string{"https://example.com"}, Methods: []string{http.MethodGet, http.MethodPost}, RequestHeaders: []string{"Authorization"}, }) if err != nil { log.Fatal(err) } corsMw.SetDebug(true) // optional: turn debug mode on api := http.NewServeMux() api.HandleFunc("GET /users", handleUsersGet) api.HandleFunc("POST /users", handleUsersPost) mux.Handle("/api/", http.StripPrefix("/api", corsMw.Wrap(api))) log.Fatal(http.ListenAndServe(":8080", mux)) } func handleHello(w http.ResponseWriter, _ *http.Request) { io.WriteString(w, "Hello, World!") } func handleUsersGet(w http.ResponseWriter, _ *http.Request) { // omitted } func handleUsersPost(w http.ResponseWriter, _ *http.Request) { // omitted } If you’re already convinced and wish to migrate your code to jub0bs/cors without further ado, skip to the migration guide further down this post.

I've been working through Mastering Distributed Tracing to learn more about (you guessed it) tracing. The book is from 2019, and while I've been assured that its contents are still sufficiently up-to-date, the Go-based code examples are a bit dated; namely, they use dep for dependency management, rather than the new(er) built-in module system. dep seems like a fine tool that had its time, but seeing as I'm used to Go modules, and I don't really want to learn an obsolete tool just for some book exercises, I created a Go module for the exercises and started converting the Gopkg.toml/Gopkg.lock files by hand.

Originally published on the Grab Tech Blog. Read the original post on engineering.grab.com. At Grab, we rely heavily on a large Go monorepo for backend development, which offers benefits like code reusability and discoverability. However, as we continue to grow, managing a large monorepo brings about its own

Contribute to aws/rolesanywhere-credential-helper development by creating an account on GitHub.

Earlier this year at work we decided to consolidate our Go code into a monorepo. This was driven by some pain points: Poor code sharing between services Services had sections of code that were duplicates or very similar. The duplicate code could have been extracted into another repo. We had some libraries we already shared between services, but the duplicate snippets were too small to justify another repo. An additional library repo which must be linted, tested, built, and released is more overhead for developers and make shipping slower. A ‘kitchen sink’ repo that collects these snippets would have been another option (we kind of had one anyway) but this introduces other challenges, like versioning. How can you properly semantically version a module with many unrelated API surfaces?

You may already be familiar with GitHub’s CI/CD offering, GitHub Actions. Confusingly, “Actions” refers not only to the CI/CD platform, but also reusable steps within workflows that anyone can publish on the Marketplace. Actions are published through ordinary repositories hosted on GitHub. GitHub itself provides many useful official Actions, such as checkout which checks out a repository. It can be used like this: - name: Checkout uses: actions/checkout@v4 actions/checkout refers to the organisation and repository where the Action code is hosted, and v4 refers to the git tag to use. Herein lies, in my opinion, a severe issue with Actions.

Go is a tool for managing Go source code.

I recently released a small project called poulpe.ztec.fr. I personally use this repository as a library in one of my other projects. When I do so, my import statement looks like this:

What's the difference between Go modules and packages? How to use multiple modules in one repository.

I’ve spent most of my time at Grafana Labs working on Grafana Agent, the project that eventually evolved to Grafana Alloy, our distribution of the OpenTelemetry Collector.

In this, my fifth article on the Go programming language, I’m looking at the build and packaging process, and other tooling. I’ll start by looking at how code is structured into packages, and then look at the tools for building, packaging and testing.

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Workspaces are a feature introduced in March 2022 with Go 1.18. They did not really get a lot of publicity, and I have not had the chance to experiment with them until recently. However I am really glad I did because they improve a major aspect of my workflow: dealing with multiple modules. Go modules are not ideal Go modules were a big help when they were introduced in 2018, but they were always limited. Larger products are often split into multiple projects: one or more applications and several libraries and tools, meaning multiple modules.

anarcat

A post outlining my journey into Rust, and how I reimplemented the server that powers this very website in Rust, then benchmarked both the old and new implementation with K6, investigated a performance issue with Parca and then automated the whole lot using Nix!

uv is an extremely fast Python package installer and resolver, designed as a drop-in alternative to pip and pip-tools.

When I started working as a software engineer, I really wanted to work full time in open source. I've been lucky enough to spend a decent chunk of my career doing exactly that. Much of that work has been incredibly rewarding, but for readers interested in taking a similar path, I want to share an insight and a warning.

Starting a two week vacation today, so I’ve planned a small project: a Go-specific version of ctags. I’ve used ctags in the past to navigate a medium-sized Go monorepo, but there were some pain points. Re-indexing usually took about a minute, and, at least by default, ctags doesn’t search the standard library or Go module dependencies. I’m imagining a tool that’s easy to use from the CLI as well as from within an editor like vim or aretext.

Setting up a CI with Go build and module caches in WoodpeckerCI

La Maison-Blanche demande un audit sur la sécurité des logiciels open source. Partie 1/3 : sécuriser la chaine d’approvisionement.

Les paquets permettent d’installer des logiciels et des bibliothèques sur un ordinateur, mais quel format pour quelle tache ?

Go is a tool for managing Go source code.

Athens is a Server for Your Go Packages Welcome, Gophers! Athens is an open source enterprise ready Go Module proxy with extensive configuration for a variety of online and offline usecases. It is in use for anti-censorship, compliance, data privacy, and data continuity usecases in homes and corporations across the globe today. How To Get Started? Run docker run -p '3000:3000' gomods/athens:latest Then, set up your GOPROXY and go get going!

The Prometheus monitoring system and time series database. - prometheus/prometheus

Why I'm very excited about `go tool` landing in Go 1.24.

A deep dive into the tooling and Github applications that power workflows for 3,000 users across 6,000 repositories.

I previously wrote about starting a Go project in 2018. A lot has changed since I wrote that and I had been wanting to write an updated version. What follows should be enough for anyone new to Go to …

When developing with Go on a team, it is useful to have a good branching strategy so you can work together as a team and not tromp on each others changes. But how do you use Go modules with a branching strategy? It’s easy to refer to another project (even at a certain version) – but branches seem to offer a bit of a challenge. The official guidance involves using the specific commit hash for the module you want, like this:

Configure modules.

The Certificate Transparency ecosystem has been improving transparency for the web PKI since 2013. It helps make clear exactly what certificates each certificate authority has issued and makes sure errors or compromises of certificate authorities are detectable. Let’s Encrypt participates in CT both as a certificate issuer and as a log operator. For the past year, we’ve also been running an experiment to help validate a next-generation design for Certificate Transparency logs. That experiment is now nearing a successful conclusion. We’ve demonstrated that the new architecture (called the “Static CT API”) works well, providing greater efficiency and making it easier to run huge and reliable CT log services with comparatively modest resources. The Static CT API also makes it easier to download and share data from CT logs.

Renovate documentation.

In Go, go.mod acts as both manifest and lockfile. There is never a reason to look at go.sum.

The non-CVE half of package manager security