Managing external dependencies¶
Go dependencies are managed as Go modules.
Dependencies are controlled by the
go.mod file, and cryptographic hashes of
the dependencies are stored in the
When building with Bazel, all external dependencies are managed as “remote
repositories” defined in the
WORKSPACE file, we load the file
go_deps.bzl which lists all
external dependencies (including transitive dependencies) with exact version
go_deps.bzl file is generated by gazelle from the
Workflow to modify dependencies¶
To add/remove or update dependencies:
go.mod, manually or using e.g.
go mod tidy
make licenses, to update the licenses with the new dependency
make gazelle, to update the build files that depend on the newly added dependency
The Go rules for Bazel (rules_go) declare some internally used dependencies.
These may silently shadow the dependency versions declared in
To explicitly override such a dependency version, the corresponding
go_repository rule can be moved from
go_deps.bzl to the
WORKSPACE file, before the call to
See the go_rules documentation on overriding dependencies.
The python dependencies are listed in
requirements.txt files. They are generated with bazel from the
The python dependencies are listed in tools/env/pip3/requirements.txt
These files is generated from the adjoining
requirements.in by bazel. Only
direct dependencies have to be listed, the transitive dependencies are inferred.
The exact command to update
requirements.txt is described in a comment in
the header of the file.