x/pkgsite: Excluding private packages from external site lookups

[mikesep]

Running golang.org/x/pkgsite/cmd/pkgsite locally to see documentation for a package I'm working on has been a generally great experience, but I've noticed that pkgsite is trying to fetch information from https://deps.dev for my private packages, and I'd like to avoid those requests.

For example, if I make go.mod

module example.com/demomodule

go 1.19

and demo.go

package demomodule

func ThisIsAFunction() {}

When I run golang.org/x/pkgsite/cmd/pkgsite from that directory, I can see rendered docs when I go to http://localhost:8080/example.com/demomodule in my browser, but I also see failed requests to deps.dev:

$ pkgsite
2022/09/16 09:17:27 Info: Listening on addr http://localhost:8080
2022/09/16 09:17:33 Info: FetchDataSource: fetching example.com/demomodule@latest
2022/09/16 09:17:33 Info: FetchDataSource: fetched example.com/demomodule@latest in 4.04575ms with error <nil>
2022/09/16 09:17:33 Warning: fetching url from deps.dev: Get "https://deps.dev/_/s/go/p/example.com%2Fdemomodule/v/v0.0.0/exists": context deadline exceeded

#47463 suggests other external sources might be called in the future, so would it make sense to have a configurable pattern (similar to how GOPRIVATE/GONOPROXY/GONOSUMDB work?) to exclude certain packages from being looked up in external resources?