All: I'd like to run go mod verify as part of the CI/CD. If the verify fails, the build fails. However, the amount of time it takes to run for a small project is making me question whether that's viable. I don't actually know of any documentation that explains how slow or fast one should expect a go mod verify to take to run nor how much time it will increase as you add packages (e.g as you add packages is the increase linear or is it more complicated than that?).
I have a project with a go.mod with 113 require statements. Here's the file. https://gist.github.com/jaloren/564d55145699c2a933798aec334d7ee9 I am go 1.11.1 on Mac OS. I've already run go build and primed the local cache. When I run go mod verify, it completes in 25 seconds. I have no way to know if that's slow or fast since I don't understand what the the internals are doing. All I found on modules FAQs is this: "In addition, go mod verify checks that the on-disk cached copies of module downloads still match the entries in go.sum." But I'd like to find out is if this is going to get pathologically worse as packages are added. A minute or two is an easy sell. Past 5 minutes becomes a much harder one. Joe -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
