Imagine a situation when you're following best practices, splitting your code on different parts, and ... facing an issue to collect them.
Unfortunately, go does not support private packages well.
I'll describe the situation I faced. Private go mod packages, located in the GitLab subgroup (let's say
gitlab.com/org/department/repo1.git just for example)
First, go not actually supports GitLab subgroups. To bypass that issue, we need to set GOPRIVATE env variable and add .git in the end:
$ GOPRIVATE="gitlab.com/org/department" go get gitlab.com/org/department/repo1.git
Second barrier is access to that repo. SSH key must be added to the platform, I didn't found a way to fetch with https.
- Native experience (go get, which handles
- SSH key must be set
- go.mod package name must fully correspond that naming (with
.gitin the end)
The first problem was faced in just after half an hour. It's a CI/CD, or just building step.
As we understood from previous "summary", SSH key must be added. We are using Docker to build our project, and passing SSH key to the Dockerfile build actually is a security problem.
I found a solution in git submodules and replace feature for the
Just add needed repo as a project submodule with
git submodule add and add naming replacement in the
$ git submodule add ../repo1
Pulling newly added repo
$ git submodule update --init
replace gitlab.com/org/department/repo1.git => ./repo1
And that's all! Handling package as a submodule is much easier than go package.
P.S. Don't forget to add submodules pulling in your CI! In case of GitLab it's
GIT_SUBMODULE_STRATEGY: recursive variable.
Thank you for reading!