Go Registry

To deploy Go packages to a local Go registry and enable calculation of Go package metadata, select Repositories | Repositories | Local and set Go to be the Package Type when you create your local repository.

A remote Go repository in Artifactory serves as a caching proxy for golang.org, GitHub.com or a Go repository in a different Artifactory instance.

Artifacts (such as zip files) requested from a remote Go registry are cached on demand. You can remove downloaded artifacts from the remote repository cache, however you can not manually deploy artifacts to a remote repository.

Proxying GitHub

To create a Remote Repository which serves as a caching proxy for github.com, follow the steps below:

1. Create a new remote repository and set Go to be its Package Type.

2. Set the Repository Key value, and enter https://github.com/ in the URL field as displayed below.

3. In the Go Settings set the Git Provider as GitHub.

   Note

   When using a remote repository that implements Go API Specification, use Artifactory as the Git provider. For example, to set up a remote registry opposite proxy.golang.org, use Artifactory as the Git provider.

4. In the Advanced tab, enter the username and password of your GitHub account. This is required due to a rate limit imposed by GitHub when access is anonymous.

   From November 2020, GitHub no longer accepts account passwords when authenticating via the REST API

   As per the latest GitHub update, basic authentication is no longer supported via REST API. Your password must be replaced with a GitHub private access token.

5. Also in the Advanced tab, check Lenient Host Authentication.

6. Click Save & Finish.

Working with GOSUMDB

Go Client 1.13 introduced support for checksum verifications of modules against a central server. Artifactory is able to act as the central checksum server for the Go clients using it as the Go proxy. This will work without any additional configurations for remote sites pointing to GitHub or another Artifactory server.

It is possible to override the default central server used by Artifactory to provide the checksums by adding the property artifactory.go.sumdb.url.override= https://... to your Artifactory's system properties.Artifactory Configuration Files

This feature can be disabled by adding the property artifactory.go.sumdb.enabled=false to your Artifactory's system properties.Artifactory Configuration Files

Private GitHub repositories and some remote sites do not provide checksums. The Go client in those cases will complain about missing the checksum. You can control this feature on the client side with the GOPRIVATE and GONOSUMDB environment variables. See the Go 1.13 Modules environment variables for full details.

A Virtual Repository defined in Artifactory aggregates packages from both local and remote repositories.

This allows you to access both locally hosted Go packages and packages from remote proxied Go registries from a single URL defined for the virtual repository.

To create a virtual repository as a Go registry, in the Administration module, under Repositories | Repositories | Virtual, click New Virtual Repository and set Go to be its Package Type, and select the underlying local and remote repositories to include under the Repositories section.

Advanced Configuration

Some Remote Import Paths may use go-import meta tags on the remote repository response body to declare the location of a remote VCS root to follow. By default, this behavior is enabled, and Artifactory will follow these tags to download remote modules. To disable this uncheck the Follow 'go-import' Meta Tags checkbox.

Field	Description
Follow 'go-import' Meta Tags	When checked (default), Artifactory will automatically follow remote VCS roots in go-import meta tags to download remote modules.
'go-import' Allow List	An Allow List of Ant-style path patterns that determine which remote VCS roots Artifactory will follow to download remote modules from when presented with go-import meta tags in the remote repository response. By default, this is set to ** which means that remote modules may be downloaded from any external VCS source. For example, if you wish to limit remote go-import modules to only be downloaded from github.com, you should remove the default ** pattern and replace it with **/ github.com/**.

go.mod is a metadata file that describes a Go package. It contains the package's module name and a list of its dependencies.

To allow successful resolution of a package, the Go client requires a corresponding go.mod file to be found in the same folder.

For example, in this Hello Worlds Go project, the go.mod file specifies a module github.com/you/hello, with a single dependency, rsc.io/quote v1.5.2.

go.mod

module github.com/you/hello
require rsc.io/quote v1.5.2

To build your Go projects, use JFrog CLI. JFrog CLI downloads the dependencies needed for the project from the internet and creates the corresponding go.mod file. When you later use JFrog CLI to publish your package to Artifactory, the go.mod file is uploaded alongside the package to Artifactory.

For details, please refer to the JFrog CLI documentation.

The Go client works through a Git repository which hosts the Go package source code, and does not provide a way to directly publish packages to Artifactory.

To publish your package to Artifactory, use JFrog CLI as described in the JFrog CLI documentation.