Modules

https://github.com/golang/go/wiki/Modules

Quick Start Example
go.mod
Semantic Import Versioning
Define a Module
Prepare for a Release
Opening keynote: Go with Versions - GopherConSG 2018

Quick Start Example tutorial

$ mkdir -p ~/temp/hello
$ cd ~/temp/hello
$ go mod init temp/hello

go: creating new go.mod: module github.com/you/hello

temp/hello/hello.go

package main

import (
    "fmt"
    "rsc.io/quote"
)

func main() {
    fmt.Println(quote.Hello())
}

$ go build
$ ./hello

Hello, world.

go.mod

module temp/hello

require rsc.io/quote v1.5.2

`go.mod` reference

Modules must be semantically versioned in the form v(major).(minor).(patch), such as v0.1.0, v1.2.3, or v3.0.1
If using Git, tag released commits with their versions.
There are four directives: module, require, exclude, replace.
exclude and replace directives only operate on the current (“main”) module.

All of the packages in a module share a common prefix – the module path. The go.mod file defines the module path via the module directive. For example, if you are defining a module for two packages example.com/my/project/foo and example.com/my/project/bar, the first line in your go.mod file typically would be module example.com/my/project, and the corresponding on-disk structure could be:

project/
├── go.mod
├── bar
│   └── bar.go
└── foo
    └── foo.go

https://github.com/golang/go/wiki/Modules#modules

Semantic Import Versioning discussion

Follow semantic versioning (with tags such as v1.2.3).
If the module is version v2 or higher, the major version of the module must be included in both the module path in the go.mod file (e.g., module example.com/my/mod/v2) and the package import path (e.g., import "example.com/my/mod/v2/foo").
If the module is version v0 or v1, do not include the major version in either the module path or the import path.

https://github.com/golang/go/wiki/Modules#semantic-import-versioning

Define a Module howto

Most projects will follow the simplest approach of using a single module per repository, which typically would mean creating one go.mod file located in the root directory of a repository.

go mod init
go mod init github.com/you/hello
go build ./...
go test ./...
go test all

https://github.com/golang/go/wiki/Modules#how-to-define-a-module

Prepare for a Release howto

Run go mod tidy to possibly prune any extraneous requirements
Run go test all to test your module
Ensure your go.sum file is committed along with your go.mod file.
- go.sum contains the expected cryptographic checksums of the content of specific module versions.
- Note that go.sum is not a lock file as used in some alternative dependency management systems.

https://github.com/golang/go/wiki/Modules#releasing-modules-all-versions

Opening keynote: Go with Versions - GopherConSG 2018 tutoral

Instead of changing the meaning of strings.Split(), introduce a new name for a new meaning. — Instead of changing the meaning of `strings.Split()`, introduce a new name for a new meaning.

Like the change from name to github.com/owner/name, people will get used to it. — Like the change from `name` to `github.com/owner/name`, people will get used to it.

Supporting the availabilty of a binary with the two same pacakge of different versions is really troublesome for authors. However, when it comes to the users of the package, not allowing it would be a real problem. Considering the fact that the users would generally outnumber the authors, we should not prevent using two same pacakges at once.

Even though there are some lock files, but it is not going to work when the package with a lock file is used by another package.

vgo selects the minimum available version — `vgo` selects the minimum available version

The new D 1.6 released. For some reason, C 1.8 and D 1.6 do not work correctly. Regardless of which package caused the problem, users won't be affected by this Because C 1.8 has not yet released. — The new `D 1.6` released. For some reason, `C 1.8` and `D 1.6` do not work correctly. Regardless of which package caused the problem, users won't be affected by this Because `C 1.8` has not yet released.

Thanks to the minimum version policy, nothing is going to break.

Fix the bug, and release a newer version.

On the other hand, with the traditional approach like dep uses, which picks the latest available version, the problematic C 1.8 and D. 1.6 combo will be exposed to users. So, to deal with this emergency situation, the author of C had to release another C 1.9 with the upper bound verson of D. — On the other hand, with the traditional approach like `dep` uses, which picks the latest available version, the problematic `C 1.8` and `D. 1.6` combo will be exposed to users. So, to deal with this emergency situation, the author of `C` had to release another `C 1.9` with the upper bound verson of `D`.

The reasoning of the policy

Packages should support backward minor-version compatibility.
When there is a conflict, pick the minimum available version.
Unless there is a version inconsistency, like cyclic dependencies or a situation in which the program cannot determine the minimum common version, even when some dependencies are updated, the compatibility and repeatability are maintained.

https://youtu.be/F8nrpe0XWRg