Go proxy for GitLab
- Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
- Status: Experiment
The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use. See epic 3043.
With the Go proxy for GitLab, every project in GitLab can be fetched with the Go proxy protocol.
The Go proxy for GitLab is an experiment, and isn’t ready for production use due to potential performance issues with large repositories. See issue 218083.
GitLab doesn’t display Go modules in the package registry, even if the Go proxy is enabled. See issue 213770.
For documentation of the specific API endpoints that the Go Proxy uses, see the Go Proxy API documentation.
Add GitLab as a Go proxy
To use GitLab as a Go proxy, you must be using Go 1.13 or later.
The available proxy endpoint is for fetching modules by project: /api/v4/projects/:id/packages/go
To fetch Go modules from GitLab, add the project-specific endpoint to GOPROXY
.
Go queries the endpoint and falls back to the default behavior:
go env -w GOPROXY='https://gitlab.example.com/api/v4/projects/1234/packages/go,https://proxy.golang.org,direct'
With this configuration, Go fetches dependencies in this order:
- Go attempts to fetch from the project-specific Go proxy.
- Go attempts to fetch from
proxy.golang.org
. - Go fetches directly with version control system operations (like
git clone
,svn checkout
, and so on).
If GOPROXY
isn’t specified, Go follows steps 2 and 3, which corresponds to
setting GOPROXY
to https://proxy.golang.org,direct
. If GOPROXY
contains only the project-specific endpoint, Go queries only that endpoint.
For details about how to set Go environment variables, see Set environment variables.
For details about configuring GOPROXY
, see
Dependency Management in Go > Proxies.
Fetch modules from private projects
go
doesn’t support transmitting credentials over insecure connections. The
following steps work only if GitLab is configured for HTTPS:
- Configure Go to include HTTP basic authentication credentials when fetching from the Go proxy for GitLab.
- Configure Go to skip downloading of checksums for private GitLab projects from the public checksum database.
Enable request authentication
Create a personal access token with
the scope set to api
or read_api
.
Open your ~/.netrc
file
and add the following text. Replace the variables in < >
with your values.
If you make a go get
request with invalid HTTP credentials, you receive a 404 error.
If you use an environment variable called NETRC
, Go uses its value
as a filename and ignores ~/.netrc
. If you intend to use ~/.netrc
in
the GitLab CI do not use NETRC
as an environment variable name.
machine <url> login <username> password <token>
<url>
: The GitLab URL, for examplegitlab.com
.<username>
: Your username.<token>
: Your personal access token.
Disable checksum database queries
When downloading dependencies with Go 1.13 and later, fetched sources are
validated against the checksum database sum.golang.org
.
If the checksum of the fetched sources doesn’t match the checksum from the database, Go doesn’t build the dependency.
Private modules fail to build because sum.golang.org
can’t fetch the source
of private modules, and so it cannot provide a checksum.
To resolve this issue, set GONOSUMDB
to a comma-separated list of private
projects. For details about setting Go environment variables, see
Set environment variables. For more details about
disabling this feature of Go, see
Dependency Management in Go > Checksums.
For example, to disable checksum queries for gitlab.com/my/project
, set
GONOSUMDB
:
go env -w GONOSUMDB='gitlab.com/my/project,<previous value>'
Working with Go
If you’re unfamiliar with managing dependencies in Go, or Go in general, review the following documentation:
Set environment variables
Go uses environment variables to control various features. You can manage these
variables in all the usual ways. However, Go 1.14 reads and writes Go
environment variables to and from a special Go environment file, ~/.go/env
by
default.
- If
GOENV
is set to a file, Go reads and writes to and from that file instead. - If
GOENV
is not set butGOPATH
is set, Go reads and writes$GOPATH/env
.
Go environment variables can be read with go env <var>
and, in Go 1.14 and
later, can be written with go env -w <var>=<value>
. For example,
go env GOPATH
or go env -w GOPATH=/go
.
Release a module
Go modules and module versions are defined by source repositories, such as Git,
SVN, and Mercurial. A module is a repository that contains go.mod
and Go
files. Module versions are defined by version control system (VCS) tags.
To publish a module, push go.mod
and source files to a VCS repository. To
publish a module version, push a VCS tag.
See Dependency Management in Go > Versioning for more details about what constitutes a valid module or module version.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support