When adding new dependencies using dep ensure -add <package> I see dep adding the complete repository of the package, instead of just the parts I require.
For example I added aws-sdk-go and dep ensure put 87MB of files into my vendors folder, even though I only use the AWS Secrets Manager service.
To resolve this you need to define [prune] settings which determine what files and directories can be deemed unnecessary, and thus automatically removed from vendor/.
The following options are currently available:
unused-packages indicates that files from directories that do not appear in the package import graph should be prunednon-go prunes files that are not used by Gogo-tests prunes Go test filesOut of an abundance of caution, dep non-optionally preserves files that may have legal significance.
Pruning options are disabled by default. However, generating a Gopkg.toml via dep init will add lines to enable go-tests and unused-packages prune options at the root level.
[prune]
go-tests = true
unused-packages = true
The same prune options can be defined per-project. An additional name field is required and, as with [[constraint]] and [[override]], should be a source root, not just any import path.
[prune]
non-go = true
[[prune.project]]
name = "github.com/project/name"
go-tests = true
non-go = false
Almost all projects will be fine without setting any project-specific rules, and enabling the following pruning rules globally:
[prune]
unused-packages = true
go-tests = true
It is usually safe to set non-go = true, as well. However, as dep only has a clear model for the role played by Go files, and non-Go files necessarily fall outside that model, there can be no comparable general definition of safety.