It would be nice to have a summary printed below the tree, for example:

12 dependencies (8 internal, 4 external).

If the -test flag is set it would also show test-only dependencies:

15 dependencies (8 internal, 4 external, 3 testing).

Hi @KyleBanks,

An issue has been reported recently in a downstream tool, swaggo/swag, which uses depth to calculate required dependencies in order to build valid OpenAPI 2.0 output as a result of parsing code comments in a given folder structure.

Under https://github.com/swaggo/swag/issues/1032 the user @matrixik has exquisitely pointed out, there seems to be a performance issue in swag, which I have narrowed down, with the help of @sdghchj to be a problem with depth.

1. Could you give a look at the flamegraphs provided under the issue linked and verify the assumption the problem lies in this tool is correct?
2. Would you be able and willing to help fixing it?

We use swaggo throughout our platform at Compensate in order to build the documentation for all our services.

Thank you,

-Manuel

Little modification of deps tree printing.

Before:

strings
  ├ errors
  ├ internal/bytealg
    ├ internal/cpu
    └ unsafe
  ├ io
    ├ errors
    ├ sync
      ├ internal/race
        └ unsafe
      ├ runtime
        ├ internal/bytealg
        ├ internal/cpu
        ├ runtime/internal/atomic
          └ unsafe
        ├ runtime/internal/sys
        └ unsafe
      ├ sync/atomic
        └ unsafe
      └ unsafe
    └ sync/atomic
  ├ unicode
  ├ unicode/utf8
  └ unsafe

After:

strings
  ├ errors
  ├ internal/bytealg
  │ ├ internal/cpu
  │ └ unsafe
  ├ io
  │ ├ errors
  │ ├ sync
  │ │ ├ internal/race
  │ │ │ └ unsafe
  │ │ ├ runtime
  │ │ │ ├ internal/bytealg
  │ │ │ ├ internal/cpu
  │ │ │ ├ runtime/internal/atomic
  │ │ │ │ └ unsafe
  │ │ │ ├ runtime/internal/sys
  │ │ │ └ unsafe
  │ │ ├ sync/atomic
  │ │ │ └ unsafe
  │ │ └ unsafe
  │ └ sync/atomic
  ├ unicode
  ├ unicode/utf8
  └ unsafe

I tried to run from source and depth simply exited with no output. Here's what I saw, compared to the output from the last release for my system:

dgarrick@dgarrick-desktop:~/go/src/drive/drive$ go get github.com/KyleBanks/depth/cmd/depth
dgarrick@dgarrick-desktop:~/go/src/drive/drive$ go version
go version go1.8 linux/amd64
dgarrick@dgarrick-desktop:~/go/src/drive/drive$ depth github.com/KyleBanks/depth/cmd/depth
dgarrick@dgarrick-desktop:~/go/src/drive/drive$ ~/Downloads/depth_1.1.1_linux_amd64 github.com/KyleBanks/depth/cmd/depth
github.com/KyleBanks/depth/cmd/depth
  ├ encoding/json
  ├ flag
  ├ fmt
  ├ io
  ├ os
  ├ strings
  └ github.com/KyleBanks/depth
    ├ bytes
    ├ errors
    ├ go/build
    ├ os
    ├ path
    ├ sort
    └ strings

For reference, I'm running Ubuntu 16.04 LTS.

Currently depth resolves all dependencies synchronously, which can be slightly time consuming on larger projects or when using -internal and/or -test flags, taking several seconds for large enough dependency trees. This would likely be improved by resolving dependencies concurrently and merging the results at the end.

Will need to add some benchmarks prior to implementing this.

This change updates output provided by depth to align with reality.

Throughout this tool, string package from Go's standard library is used as test subject and for documentation purposes. This change aligns tests the output that the tool gives corresponding with current dependencies. It does not carry any change in behavior.

I had the same problem, but it worked when it called it from the cmd folder (where main.go is)

Originally posted by @ghohmann-asapp in https://github.com/KyleBanks/depth/issues/18#issuecomment-540127086

This may be fine for typical use, but for testing package imports it's particularly troubling. Consider the following:

mypkg 
    - vendoredpkg
         - testdep

When resolving dependencies most package managers do not resolve secondary dependencies that are only required for testing. If mypkg depends on vendoredpkg that's fine, but running depth with -test will try to resolve it's testdep, which likely won't exist.

I think in the case of test packages only, depth could output something like so:

mypkg 
    - vendoredpkg
         - testdep (UNRESOLVED)

Currently you have to type the full import path of a package, for example github.com/KyleBanks/depth.

It would be nice to use relative paths like so:

$ pwd 
$GOPATH/src/github.com/KyleBanks/depth
$ depth .
github.com/KyleBanks/dept
...
$ depth ./cmd/depth
github.com/KyleBanks/depth/CMD/depth

Error logging helps to track down issues. For example, I was investigating why swaggo failed in my project and found the package name is not in GOROOT error after I modified depth/pkg.go. It wasn't an obvious thing in my project.

This PR adds error logging in the pkg.go file when it fails to import.

[~] % depth github.com/KyleBanks/conways-gol
'github.com/KyleBanks/conways-gol': FATAL: unable to resolve root package
[~]!% depth github.com/KyleBanks/goggles
'github.com/KyleBanks/goggles': FATAL: unable to resolve root package

It doesn't work on any KyleBanks packages other than "depth" itself, as far as I have tried.

I tried this on a server program where I want to see the dependency tree starting from the main package. I cd'ed into the same directory where main.go is found and ran depth main. This returned 'main': FATAL: unable to resolve root package.

Of note is that I have many 'local' packages under main, and that is the tree that I would like to see.

Thanks.

Hi there!

We've been using depth as a library as a part of https://github.com/fossas/fossa-cli to power our Go dependency discovery. We recently ran into an interesting bug where using a copy of depth compiled with a different (newer?) version of Go than the local Go caused tree.Resolve to fail with cryptic errors like could not resolve package: fmt or could not resolve package: bytes. My suspicion is that this is related to depth's usage of go/build, and some weirdness is going on with importing standard library packages when the Go version changes. See fossas/fossa-cli#63 for our downstream tracking issue.

We're working around this issue by switching to go list parsing instead, but I wonder if this can be resolved within depth itself (maybe by special-casing the standard library packages?). If not, it may be possible to at least give a less cryptic error message by detecting when a resolution error occurs on a known standard library package.