Is it best-practice to commit the `vendor` directory?

Question

I am using dep to handle my Go dependencies. Is it best practice to also commit the vendor directory into version control? Or is best practice to a

Answer 1

imagine what would happen to your project if a dependency was taken offline by the author. Until Go has a central server to hold all packages which are unable to be deleted a lot of people will always see the need to commit the vendor folder

Answer 2

The dep tool's FAQ answers this:

Should I commit my vendor directory?

It's up to you:

Pros

• It's the only way to get truly reproducible builds, as it guards against upstream renames, deletes and commit history overwrites. * You don't need an extra dep ensure step to sync vendor/ with Gopkg.lock after most operations, such as go get, cloning, getting latest, merging, etc.

Cons

• Your repo will be bigger, potentially a lot bigger, though dep prune can help minimize this problem. * PR diffs will include changes for files under vendor/ when Gopkg.lock is modified, however files in vendor/ are hidden by default on Github.

Answer 3

I don’t commit for well available sources. Because on this case many commit messages are bloated with changes in vendors. When I want update then I do it and then commit updated Gopkg.*.