Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Big distribution size of sentry-go (~ 8MB) #75

Closed
lozenko opened this issue Oct 30, 2019 · 11 comments
Closed

Big distribution size of sentry-go (~ 8MB) #75

lozenko opened this issue Oct 30, 2019 · 11 comments

Comments

@lozenko
Copy link

lozenko commented Oct 30, 2019

Hi,

Sentry-go has almost 40 indirect dependencies
https://github.com/getsentry/sentry-go/blob/master/go.mod

which makes a binary package for primitive < 5MB applications quite big

is there a way to work around this, (some sort of lightweight minimal client ?) or do we have HTTP client for Sentry that we can use? thanks

@kamilogorek
Copy link
Contributor

Hey, these dependencies shouldn't be bundled in the binary unless their respective integrations (http packages) are imported. Can you provide a minimal example of a build where I can repro this?

@lozenko
Copy link
Author

lozenko commented Oct 30, 2019

Hi, kamilogorek

Thanks for watching this. Reproduce steps:

  1. add sentry-go to hello world app with go.mod
  2. go mod download && go build the app itself
  3. observe the package size

It's super visible when you do it in docker when go mod downloadы all direct & indirect packages and build the executable file.

@kamilogorek
Copy link
Contributor

Whoops! I can confirm that's an issue. I'll take a look at it as early as next week. I'll keep you posted, thanks!

@kamilogorek
Copy link
Contributor

I verified that and the size is not caused by the external package, but by the number of built-in packages we use.

without

Unless you are using specific integration, it won't be included in the build.

If you'll create an empty project without any external dependency, and build it with the same built-in packages, you'll get almost the same size:

package main

import (
	_ "bufio"
	_ "bytes"
	_ "context"
	_ "crypto/rand"
	_ "crypto/tls"
	_ "crypto/x509"
	_ "encoding/hex"
	_ "encoding/json"
	_ "fmt"
	_ "go/build"
	_ "io"
	_ "io/ioutil"
	_ "log"
	_ "math/rand"
	_ "net"
	_ "net/http"
	_ "net/url"
	_ "os"
	_ "path/filepath"
	_ "reflect"
	_ "regexp"
	_ "runtime"
	_ "sort"
	_ "strconv"
	_ "strings"
	_ "sync"
	_ "time"
)

func main() {}
-rwxr-xr-x  1 kamilogorek  staff   8.9M Nov 12 16:05 hello-world

@rur
Copy link

rur commented Nov 13, 2019

Overhead may or may not end up in the artifact but it will spam my project dependencies, which I care about.

Please read https://research.swtch.com/deps

+github.com/Joker/hpp v0.0.0-20180418125244-6893e659854a/go.mod h1:MzD2WMdSxvbHw5fM/OXOFily/lipJWRc9C1px0Mt0ZE=
+github.com/Joker/jade v1.0.0/go.mod h1:efZIdO0py/LtcJRSa/j2WEklMSAw84WV0zZVMxNToB8=
+github.com/Shopify/goreferrer v0.0.0-20181106222321-ec9c9a553398/go.mod h1:a1uqRtAwp2Xwc6WNPJEufxJ7fx3npB4UV/JOLmbu5I0=
+github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
+github.com/aymerick/raymond v2.0.2+incompatible/go.mod h1:osfaiScAUVup+UC9Nfq76eWqDhXlp+4UYaA8uhTBO6g=
+github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZifjYj7uP3BG/gKcuzL9xWVV/Y+cK33KM=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4/go.mod h1:T9YF2M40nIgbVgp3rreNmTged+9HrbNTIQf1PsaIiTA=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/gavv/monotime v0.0.0-20190418164738-30dba4353424/go.mod h1:vmp8DIyckQMXOPl0AQVHt+7n5h7Gb7hS6CUydiV8QeA=
+github.com/getsentry/sentry-go v0.3.0 h1:6E+Oxq9CbT1kQrBPJ/RmWPqFBVS4CqU25RaMqeKnbs8=
+github.com/getsentry/sentry-go v0.3.0/go.mod h1:Mrvr9TRhClLixedDiyFeucydQGOv4o7YQcW+Ry5vDdU=
+github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s=
+github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM=
+github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/schema v1.1.0/go.mod h1:kgLaKoK1FELgZqMAVxx/5cbj0kT+57qxUrAlIO2eleU=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA=
+github.com/iris-contrib/blackfriday v2.0.0+incompatible/go.mod h1:UzZ2bDEoaSGPbkg6SAB4att1aAwTmVIx/5gCVqeyUdI=
+github.com/iris-contrib/formBinder v5.0.0+incompatible/go.mod h1:i8kTYUOEstd/S8TG0ChTXQdf4ermA/e8vJX0+QruD9w=
+github.com/iris-contrib/go.uuid v2.0.0+incompatible/go.mod h1:iz2lgM/1UnEf1kP0L/+fafWORmlnuysV2EMP8MW+qe0=
+github.com/iris-contrib/httpexpect v0.0.0-20180314041918-ebe99fcebbce/go.mod h1:VER17o2JZqquOx41avolD/wMGQSFEFBKWmhag9/RQRY=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/juju/errors v0.0.0-20181118221551-089d3ea4e4d5/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q=
+github.com/juju/loggo v0.0.0-20180524022052-584905176618/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
+github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA=
+github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
+github.com/kataras/golog v0.0.0-20190624001437-99c81de45f40/go.mod h1:PcaEvfvhGsqwXZ6S3CgCbmjcp+4UDUh2MIfF2ZEul8M=
+github.com/kataras/iris v11.1.1+incompatible/go.mod h1:ki9XPua5SyAJbIxDdsssxevgGrbpBmmvoQmo/A0IodY=
+github.com/kataras/pio v0.0.0-20190103105442-ea782b38602d/go.mod h1:NV88laa9UiiDuX9AhMbDPkGYSPugBOV6yTZB1l2K9Z0=
+github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
+github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/labstack/echo/v4 v4.1.10/go.mod h1:i541M3Fj6f76NZtHSj7TXnyM8n2gaodfvfxNnFqi74g=
+github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
+github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
+github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/pingcap/errors v0.11.1/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v0.0.0-20190731233626-505e41936337/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.4.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s=
+github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
+github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
+github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI=
+github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
+github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
+github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
+gopkg.in/go-playground/validator.v8 v8.18.2/go.mod h1:RX2a/7Ha8BgOhfk7j780h4/u/RRjR0eouCJSH80/M2Y=
+gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

@kamilogorek
Copy link
Contributor

@rur got it. We'll sort that out (have to somehow manage sub-packages with their own go.mod file) and fix the issue as soon as we can.

@leighmcculloch
Copy link

👋 The large dependency list of this SDK is a burden in other ways beyond binary size. For engineering teams that review or audit dependencies the huge number of dependencies that this SDK imports directly and indirectly is overwhelming. This isn't a one-time cost since the list changes between releases.

As an example this is a summary of the changes to a Go project upgrading the Sentry SDK to the latest version showing dependencies removed, added, and changed. An importer of the Sentry SDK who wishes to review and test dependencies would have to review 23 new dependencies and changes to 15 existing dependencies.

This scale of dependency changes is more similar to the cost in upgrading from one version of a completely encompassing multi-feature web framework rather than a utility or integration SDK. It'd be great if the dependency list could be greatly reduced ❤️.

  0     github.com/AndreasBriese/bbloom                                 +       e2d15f34fcf9    https://github.com/AndreasBriese/bbloom
  1     github.com/CloudyKit/fastprinter                                +       74b38d55f37a    https://github.com/CloudyKit/fastprinter
  2     github.com/CloudyKit/jet                                        +       62edd43e4f88    https://github.com/CloudyKit/jet
  3     github.com/Joker/hpp                            6893e659854a    >       v1.0.0          https://github.com/Joker/hpp/compare/6893e659854a...v1.0.0
  4     github.com/Joker/jade                           v1.0.0          >       d475f43051e7    https://github.com/Joker/jade/compare/v1.0.0...d475f43051e7
  5     github.com/aymerick/raymond                     v2.0.2          >       b565731e1464    https://github.com/aymerick/raymond/compare/v2.0.2...b565731e1464
  6     github.com/dgraph-io/badger                                     +       v1.6.0          https://github.com/dgraph-io/badger
  7     github.com/dgryski/go-farm                                      +       6a90982ecee2    https://github.com/dgryski/go-farm
  8     github.com/dustin/go-humanize                                   +       v1.0.0          https://github.com/dustin/go-humanize
  9     github.com/etcd-io/bbolt                                        +       v1.3.3          https://github.com/etcd-io/bbolt
 10     github.com/fasthttp-contrib/websocket                           +       1f3b11f56072    https://github.com/fasthttp-contrib/websocket
 11     github.com/gavv/httpexpect                                      +       v2.0.0          https://github.com/gavv/httpexpect
 12     github.com/getsentry/sentry-go                  v0.3.0          >       v0.3.1          https://github.com/getsentry/sentry-go/compare/v0.3.0...v0.3.1
 13     github.com/gobwas/httphead                                      +       2c6c146eadee    https://github.com/gobwas/httphead
 14     github.com/gobwas/pool                                          +       v0.2.0          https://github.com/gobwas/pool
 15     github.com/gobwas/ws                                            +       v1.0.2          https://github.com/gobwas/ws
 16     github.com/gorilla/schema                       v1.1.0          -
 17     github.com/gorilla/websocket                                    +       v1.4.0          https://github.com/gorilla/websocket
 18     github.com/hashicorp/go-version                                 +       v1.2.0          https://github.com/hashicorp/go-version
 19     github.com/iris-contrib/formBinder              v5.0.0          -
 20     github.com/iris-contrib/httpexpect              ebe99fcebbce    -
 21     github.com/iris-contrib/i18n                                    +       987a633949d0    https://github.com/iris-contrib/i18n
 22     github.com/iris-contrib/schema                                  +       v0.0.1          https://github.com/iris-contrib/schema
 23     github.com/kataras/golog                        99c81de45f40    >       v0.0.9          https://github.com/kataras/golog/compare/99c81de45f40...v0.0.9
 24     github.com/kataras/iris                         v11.1.1         -
 25     github.com/kataras/iris/v12                                     +       v12.0.1         https://github.com/kataras/iris/v12
 26     github.com/kataras/neffos                                       +       v0.0.10         https://github.com/kataras/neffos
 27     github.com/klauspost/compress                   v1.4.0          >       v1.9.0          https://github.com/klauspost/compress/compare/v1.4.0...v1.9.0
 28     github.com/klauspost/cpuid                      e7e905edc00e    >       v1.2.1          https://github.com/klauspost/cpuid/compare/e7e905edc00e...v1.2.1
 29     github.com/labstack/echo/v4                     v4.1.10         >       v4.1.11         https://github.com/labstack/echo/v4/compare/v4.1.10...v4.1.11
 30     github.com/mediocregopher/mediocre-go-lib                       +       cb65787f37ed    https://github.com/mediocregopher/mediocre-go-lib
 31     github.com/mediocregopher/radix/v3                              +       v3.3.0          https://github.com/mediocregopher/radix/v3
 32     github.com/nats-io/nats.go                                      +       v1.8.1          https://github.com/nats-io/nats.go
 33     github.com/nats-io/nkeys                                        +       v0.0.2          https://github.com/nats-io/nkeys
 34     github.com/nats-io/nuid                                         +       v1.0.1          https://github.com/nats-io/nuid
 35     github.com/onsi/ginkgo                          v1.10.1         >       v1.10.3         https://github.com/onsi/ginkgo/compare/v1.10.1...v1.10.3
 36     github.com/onsi/gomega                          v1.7.0          >       v1.7.1          https://github.com/onsi/gomega/compare/v1.7.0...v1.7.1
 37     github.com/pingcap/errors                       v0.11.1         >       v0.11.4         https://github.com/pingcap/errors/compare/v0.11.1...v0.11.4
 38     github.com/smartystreets/goconvey               505e41936337    >       v1.6.4          https://github.com/smartystreets/goconvey/compare/505e41936337...v1.6.4
 39     github.com/valyala/fasthttp                     v1.4.0          >       v1.6.0          https://github.com/valyala/fasthttp/compare/v1.4.0...v1.6.0
 40     github.com/xeipuuv/gojsonschema                 v1.1.0          >       v1.2.0          https://github.com/xeipuuv/gojsonschema/compare/v1.1.0...v1.2.0
 41     gopkg.in/yaml.v2                                v2.2.2          >       v2.2.4

Output is generated by golistcmp.

@leighmcculloch
Copy link

leighmcculloch commented Nov 22, 2019

Another example output, the total number of dependencies for the SDK is 129 (one line in the output below is the module name itself, so one less than 130):

$ git clone https://github.com/getsentry/sentry-go
$ cd sentry-go
$ go list -m all | wc -l
130

@leighmcculloch
Copy link

Most of the dependencies arises from the module containing handlers for lots of different servers, e.g. fasthttp, gin, iris, martini, negroni, and also contains an examples directory that exercises them all.

Most applications are going to use a single type of http server, and so many of the dependencies being imported will be unused in an importing application. Applications that use only net/http as the server will use even less of the dependencies. e.g. If I remove all of the directories listed above the dependency list goes from 130 to 20.

💡Could each server specific handler become it's own Go Module, i.e. create a go.mod file in each handler directory, and in the example directory. This would reduce the dependency graph for each server type, and the native net/http handler could be used with 20 dependencies instead of 130. 🙏

@kamilogorek
Copy link
Contributor

Could each server specific handler become it's own Go Module, i.e. create a go.mod file in each handler directory, and in the example directory.

This is exactly what we want to do. We are just kinda swamped right now, but will try to solve it asap.

Thanks for the feedback and great writeup @leighmcculloch

@rhcarvalho
Copy link
Contributor

Hi there! I see that the conversation detoured from binary sizes to go.mod.

I suggest we move the go.mod conversation to a new issue #156. I'll re-post some comments there.


With regards to binary size, I consider this to be resolved. Smaller binaries depend on improvements in the Go toolchain. I'm following golang/go#6853 for that.

The github.com/getsentry/sentry-go package (not to be confused with the module) only depends on reasonable standard library packages.

Other packages with specific integrations, for example github.com/getsentry/sentry-go/echo, do depend on external packages, the targets of those integrations. Please note that unless you use an integration package, your program does not depend on any of those extra packages.

Note also that the Go tool will not download the source code for packages you don't ever import and use. In Module mode, it does download module metadata to resolve build dependencies.

These are the direct dependencies of github.com/getsentry/sentry-go, all in the Go standard library:

$ go list -f '{{range .Imports}}{{printf "%s\n" .}}{{end}}' github.com/getsentry/sentry-go
bufio
bytes
context
crypto/rand
crypto/tls
crypto/x509
encoding/hex
encoding/json
fmt
go/build
io
io/ioutil
log
math/rand
net
net/http
net/url
os
path/filepath
reflect
regexp
runtime
sort
strconv
strings
sync
time
$ go list -f '{{range .Imports}}{{printf "%s\n" .}}{{end}}' github.com/getsentry/sentry-go | wc -l
27

The reality is that adding github.com/getsentry/sentry-go to a non-trivial program has no meaningful impact to final binary size. If your program needs to send data over the network it will invariably depend on the standard library packages sentry-go depends on.

I'm open to make improvements if we can, but I'm afraid there's no low-hanging fruit here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants