For Golang developers, managing and installing Go modules is usually straightforward when dealing with public repositories. However, things get more tricky when you need to work with private Go modules.
The Go modules toolchain doesn't provide a built-in mechanism for working with private modules beyond using a private GOPROXY, and properly setting up and maintaining one is not an option for every developer or organization. Some package repository services support working with private Go modules but generally don't provide the cleanest experience for developers.
For this reason, in most cases, we end up arranging intricate Git configurations (.netrc or .gitconfig) combined with some Go environment variables to manage authentication with our private repositories when using go get, go install, or go mod download.
The problem with these Git configurations is that they are not evident to all developers, and they may be insecure since can require storing plain-text credentials in the filesystem. These issues become even more problematic when configuring CI/CD systems, building Docker images, etc.
As long-time Golang developers (coming from the age when Go modules didn't even exist), we've always dreamed of a time when working with private Go libraries would be as easy and powerful as working with public ones.
Imagine developing and pushing your private Go libraries to GitHub, and immediately go get -u the new changes from your project source code by only setting the GOPROXY environment variable. No tricky and insecure Git configurations, no self-hosted GOPROXY maintenance, no complex and error-prone publishing workflows, and the same setup for your local dev machine, Dockerfile, and CI/CD environment.
Say hello to goproxy.dev, a private GOPROXY service that integrates with GitHub to provide you withseamless Go private modules installation.
Just sign in into goproxy.dev with your GitHub account, give access to the private repositories you'll use, and export your GOPROXY and GONOSUMDB environment variables.
export GOPROXY=TOKEN@proxy.goproxy.dev,proxy.golang.org,direct export GONOSUMDB=github.com/your-organization
These Go environment variables can be set directly from your shell config (.zshrc, .bashrc, etc.) or using go env -w.
Then you can run your usual go commands to install and download your private modules.
go get github.com/your-organization/go-module@v2.0.0 go install github.com/your-organization/go-module/cmd ... go mod download
Integrating with goproxy.dev only requires setting up two environment variables. The best way to do so during a Docker build is by using the Docker build secrets feature.
Inside your Dockerfile:
COPY go.mod go.sum ./ RUN --mount=type=secret,id=GOPROXY \ GOPROXY=$(cat /run/secrets/GOPROXY) \ GONOSUMDB=github.com/your-organization \ go mod download RUN go build .
And the run:
GOPROXY="[your GOPROXY value]" docker build --secret id=GOPROXY
Just configure a secret for your GitHub Actions containing your GOPROXY URL and use it from your workflows:
jobs: build: - run: | go mod download go build . env: GOPROXY: ${{ secrets.PRIVATE_GOPROXY }} GONOSUMDB: github.com/your-organization
With goproxy.dev you'll have the best developer experience when consuming libraries with Go. Whether you depend on open-source public libraries or private modules from your organization, you'll have a unified workflow: set up your GOPROXY environment variable, and go get dependencies for a specific version, Git branch, or commit.
Learn more and get started with goproxy.dev today by signing up for our 14-day free trial.
The above is the detailed content of Easily manage and install your private Go modules. For more information, please follow other related articles on the PHP Chinese website!