Skip to content
/ deps-diff Public
forked from namenu/deps-diff

A tool for comparing transitive dependencies in two deps.edn files.

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

danielcompton/deps-diff

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
src/namenu
src/namenu
 
 
test-resources
test-resources
 
 
test/namenu/deps_diff
test/namenu/deps_diff
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
deps.edn
deps.edn
 
 
example.png
example.png
 
 

Repository files navigation

deps-diff

A tool for comparing transitive dependencies in two deps.edn files.

Certainly, the Clojure ecosystem does not strictly follow SemVer (Spec-ulation), and if there are no concrete benefits, it is recommended not to update dependencies. However, when it becomes necessary to replace an artifact, you need to be extremely careful, especially when implicit transitive dependencies change, as compatibility issues may arise.

For example, consider the following dependency tree:

+-----+     +--------+     +--------+
|  A  | --> | B(1.0) | --> | C(1.0) |
+-----+     +--------+     +--------+
      \     +--------+     +--------+
       +--> | D(1.0) | --> | C(1.0) |
            +--------+     +--------+

Let's assume a situation where we need to update dependency B:

+-----+     +--------+     +--------+
|  A  | --> | B(2.0) | --> | C(2.0) |
+-----+     +--------+     +--------+
      \     +--------+     +--------+
       +--> | D(1.0) | --> | C(1.0) |
            +--------+     +--------+

In this scenario, B internally updated C to 2.0. If we haven't explicitly specified the version of C, there is no way to guarantee that D will work correctly (See Dep selection).

But it's good to know that such potential risks can be detected in advance. deps-diff is a GitHub Action created for this purpose.

Example

Just create a .github/workflows/deps-diff.yml file as follows.

name: Notify dependency diff

on:
  pull_request:
    paths:
      - 'deps.edn' # only watch this

jobs:
  notify:
    runs-on: ubuntu-latest
    steps:
      - name: Diff dependencies
        id: diff
        uses: namenu/deps-diff@main
        with:
          format: markdown
          aliases: "[:test]"

      - uses: marocchino/sticky-pull-request-comment@v2
        if: ${{ steps.diff.outputs.exit_code != 0 }}
        with:
          header: deps-diff # Creates a collapsed comment with the report
          message: |
            ### `deps.edn` dependency changes

            ${{ steps.diff.outputs.deps_diff }}

This workflow will comment on your PR as shown below.

Inputs

Name Description Default Value
base The git sha before the change being referenced. The default value is the git ref of the base branch of the PR. Git ref of PR's base branch
format Determines the format of the output. You can specify edn, markdown, or cli. The default value is edn edn
aliases Specifies the aliases to be used when forming the basis. It must be expressed as a quoted sequence (e.g., '[:dev :test]'). nil

Outputs

  • deps_diff - The name of the outlet where the execution result is output. Use it along with the action's id in your workflow.
  • exit_code - 0 if equal or else 1.

About

A tool for comparing transitive dependencies in two deps.edn files.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages

  • Clojure 100.0%