Running an In-house Go Registry with Artifactory

goproxy with Artifactory Go registries

Updated on January 31, 2019 to reflect the current state of the technology and JFrog support for Go.

The need for a Go registry

Since its inception over eight years ago at Google, Go has emerged as one of the most popular languages used by developers and DevOps today, so much so that it was used to design and write both Helm and Kubernetes. The project’s 2017 survey of over 6,000 respondents showed that 67% of developers program with Go at work. Most of them rank their expertise in Go higher than their expertise in Javascript, Python, Java, C, Bash or C++, and they also prefer programming in Go compared to any other language. But for all this popularity and usage, facilities to work with Go packages lagged behind.

What was missing in the Go ecosystem was standardization – there wasn’t a standard tool for dependency management, and there wasn’t a standard package format or compatible registry specification. This meant that developers could not create reproducible builds with Go which was quite an issue. Over the years, tools such as dep, godep, glide and govendor entered the scene to handle Go dependency management, but none of these offered an acceptable solution for managing immutable Go packages in an internal Go registry or for setting up a go proxy for remote Go packages. The good news is that Google eventually stepped in and solved the issue once and for all by adding versioning support for Go.

Artifactory Go Registries and go proxy

The release of Artifactory 5.11 added support for Go registries  giving the community a variety of capabilities when developing with Go.

JFrog Artifactory is the only universal artifact repository that supports Go registries giving the community a variety of capabilities when developing with Go Click To Tweet

Here are just a few of them:

  • Local repositories in Artifactory let you set up secure, private Go registries with fine-grained access control to packages according to projects or development teams.
  • A remote repository in Artifactory is a caching proxy for remote Go resources such as a GitHub project. Accessing a go proxy through Artifactory removes your dependency on the network, or on GitHub since all dependencies needed for your Go builds are cached in Artifactory and are therefore locally available. This also removes the risk of someone mutating or removing a dependency from version control, or worse, force-pushing changes to a remote Git tag thus changing what should be an immutable version which can create a lot of confusion and instability for dependant projects.
  • A virtual repository aggregates both local and remote Go registries giving you access to all Go resources needed for your builds from a single URL, hiding the complexity of using a combination of both local and remote resources.
  • Enterprise-grade features
    • Multiple layers of security to manage authentication, access control and data privacy
    • Support for massive scalability, both in terms of number of users and volume of Go packages being stored
    • High-availability for extremely robust installations
    • Support for any multi-site topology through a variety of repository replication capabilities

Building Go projects with JFrog CLI

To work with Go repositories, you first need to install and configure the Go client. Then, to deploy Go packages into an Artifactory Go registry, you need to install JFrog CLI and configure it as described in the go example below which you can run by  following 5 easy steps:

Step 1: Clone the project

$ git clone

Step 2: Configure JFrog CLI

Use the JFrog rt config command to configure JFrog CLI with the parameters needed to access Artifactory by running

$ jfrog rt config

… and follow the prompts.

 Step 3: Build the project

Once JFrog CLI is correctly configured to access Artifactory, you can build your project. Since the package’s modules are not yet available in Artifactory, to resolve dependencies through Artifactory, you need to use the ‘no-registry’ flag in order to get the dependencies sources from GitHub and let Go create modules from them.

$ jfrog rt go build --no-registry

Step 4: Create the modules and push them to Artifactory

After fetching the project dependency sources from GitHub you can create the modules and push them to Artifactory. Once modules are published to Artifactory, they are available for other developers to use:

$ jfrog rt go-publish go --self=false --deps=ALL

The dependencies are now available in Artifactory under the go-local repository.

Go Dependencies in Artifactory

Step 5: Build the project and resolve uncached dependencies

Build the project with go and resolve uncached dependencies from Artifactory. This will also declare the dependencies used in the build-info metadata:

$ jfrog rt go build go --build-name=my-first-go-build --build-number=1

Step 6: Publish the Go module with build-info

Now you can publish the package you just built to Artifactory along with the relevant build-info that includes the uploaded module as an artifact as well as all the environment variables.

$ jfrog rt go-publish go v1.0.0 --build-name=my-first-go-build --build-number=1

To collect the environment variables, run the following command:

$ jfrog rt build-collect-env my-first-go-build 1

Then you can publish the build info:

$ jfrog rt build-publish my-first-go-build 1

Now you can see the build info in Artifactory:


Did you know?
Here at JFrog we are great believers in Go, and both JFrog CLI and JFrog Xray are written in Go. Click To Tweet

Get Going with Go and Artifactory. Start your Free Trial.