Go - go.work, go.mod, go.sum

zzh@ZZHPC:~/zd/Github/RepoGo$ go work init
zzh@ZZHPC:~/zd/Github/RepoGo$ cd web-service-gin/
zzh@ZZHPC:~/zd/Github/RepoGo/web-service-gin$ go mod init github.com/ZhangZhihuiAAA/RepoGo/web-service-gin
zzh@ZZHPC:~/zd/Github/RepoGo/web-service-gin$ cd ..
zzh@ZZHPC:~/zd/Github/RepoGo$ go work use ./web-service-gin

go.mod names the module name. 

go.work uses the names of the directories of the modules.

zzh@ZZHPC:/zdata/Github$ go work init
zzh@ZZHPC:/zdata/Github$ go work use ./zimplebank
zzh@ZZHPC:/zdata/Github$ go work use ./orders-api
zzh@ZZHPC:/zdata/Github$ code .

 

This go.sum file contains the cryptographic checksums representing the content of the required packages.

The go.sum file isn’t designed to be human-editable and generally you won’t need to open it. But it serves two useful functions:

• If you run the go mod verify command from your terminal, this will verify that the checksums of the downloaded packages on your machine match the entries in go.sum, so you can be confident that they haven’t been altered.

$ go mod verify
all modules verified

• If someone else needs to download all the dependencies for the project — which they can do by running go mod download — they will get an error if there is any mismatch between the packages they are downloading and the checksums in the file.

 

So, in summary:

• You (or someone else in the future) can run go mod download to download the exact versions of all the packages that your project needs.
• You can run go mod verify to ensure that nothing in those downloaded packages has been changed unexpectedly.
• Whenever you run go run , go test or go build , the exact package versions listed in go.mod will always be used.