marcoeidinger / swift-package-dependencies-check Goto Github PK

View Code? Open in Web Editor NEW

83.0 4.0 6.0 33 KB

Catch up with outdated versions based on your package dependency requirements

Dockerfile 32.31% Shell 67.69%

swift spm github-actions dependency-management

swift-package-dependencies-check's Introduction

Swift Package Dependencies Checker

This action process your Package.swift file to detect outdated versions based on your package dependency requirements.

This action requires actions/checkout in order to function correctly.

  spm-dep-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: MarcoEidinger/swift-package-dependencies-check@v2

Action will fail in case there are outdated dependencies. This can be suppressed by setting input parameter failWhenOutdated to false. Then use output parameter outdatedDependencies to know if action detected any outdated dependencies.

  spm-dep-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: MarcoEidinger/[email protected]
        with:
          failWhenOutdated: false # or 'false'

By setting isMutating you declare the intention to update Package.resolved (if present). Please note that the action itself does not commit/push changes.

  spm-dep-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: MarcoEidinger/swift-package-dependencies-check@v2
        with:
          isMutating: 'true' # or true

When setting isMutating the tool SwiftPackageIndex/ReleaseNotes is used to return release notes URLs for detected, necessary updates.

The GitHub action is looking in the current directory (.) for the package manifest but you can pass a different path with input parameter directory. Helpful for Monorepos where the Package.swift may not be at the root of the project.

  - name: Check Swift Package dependencies
    id: spm-dep-check
    uses: Sherlouk/swift-package-dependencies-check@main
    with:
      isMutating: true
      failWhenOutdated: false
      directory: 'Ingest'

A possible workflow to periodically check for outdated dependencies and then create a pull request to update them:

name: Swift Package Dependencies

on: 
  schedule:
    - cron: '0 8 * * 1' # every monday AM 8:00
jobs:
  spm-dep-check:
    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v3
    - name: Check Swift package dependencies
      id: spm-dep-check
      uses: MarcoEidinger/[email protected]
      with:
         isMutating: true
         failWhenOutdated: false
    - name: Create Pull Request
      if: steps.spm-dep-check.outputs.outdatedDependencies  == 'true'
      uses: peter-evans/create-pull-request@v3
      with:
        commit-message: 'chore: update package dependencies'
        branch: updatePackageDepedencies
        delete-branch: true
        title: 'chore: update package dependencies'
        body: ${{ steps.spm-dep-check.outputs.releaseNotes }}

For your convenience I created a workflow which can reuse like this.

name: Swift Package Dependencies

on: 
  schedule:
    - cron: '0 8 * * 1' # every monday AM 8:00 
jobs:
  dependencies:
    uses: MarcoEidinger/swift-package-dependencies-check/.github/workflows/reusableWorkflow.yml@v2
    with:
      commit-message: 'chore: update package dependencies'

Internally the action utilizes swift package show-dependencies and swift package update (either with or without the --dry-run option). Per default it runs as non-modifying, i.e. with --dry-run.

You can also pin to a specific release version in the format @2.x.x

Version 2.5.x is using Swift 5.9
Version 2.4.x is using Swift 5.8
Version 2.3.x is using Swift 5.7
Version 2.2.x is using Swift 5.6
Version 2.1.x is using Swift 5.5
Version 2.0.x is using Swift 5.5
Version 1.1.x is using Swift 5.3
Version 1.0.x is using Swift 5.2

The action will fail if swift package update (--dry-run) reports an error. This can occur if your package requires a Swift tools version different from the one used by this GitHub action.

For example, if your package needs swift-tools-version: 5.7 then you have to use MarcoEidinger/[email protected] or higher.

The action will fail when using MarcoEidinger/[email protected] because the action uses Swift 5.6.

Similar Packages

action-xcodeproj-spm-update is a GitHub Action which helps to resolve the Swift Package Manager dependencies within your Xcode project (as opposed to dependencies in Swift Packages).

swift-package-dependencies-check's People

Contributors

Stargazers

Watchers

Forkers

sherlouk shahzadmajeed finestructure programming086 digbostatbo thanhdolong

swift-package-dependencies-check's Issues

How to use swift-package-dependencies-check with dependencies in private repos?

Hi Marco,

I have many packages that use private SPM dependencies via github.

Common method to allow github workflows to support private dependencies in any form (could be submodule, could be private package via [email protected]:username/repo) is to use old school trick of mapping ssh deploy keys and virtual ssh hostnames along with .gitconfig url...insteadOf to your private repositories.

This can be automated via great action from shaunco: https://github.com/shaunco/ssh-agent/tree/git-repo-mapping.

Here is an example swift build && swift test workflow that uses private swift dependencies that I am using:

name: Swift Build & Test

on: [workflow_dispatch, push]

jobs:
  swift:
    name: Swift ${{ matrix.swift }} on ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
        swift: ["5.5", "5.6"]
    steps:
      - uses: shaunco/ssh-agent@git-repo-mapping
        with:
          ssh-private-key: |
            ${{ secrets.REPO1_SSH_PRIVATE_KEY}}
            ${{ secrets.REPO2_SSH_PRIVATE_KEY}}
          repo-mappings: |
            github.com/mman/repo1.git
            github.com/mman/repo2.git
      - uses: fwal/[email protected]
        with:
          swift-version: ${{ matrix.swift }}
      - uses: actions/checkout@v3
        with:
          submodules: recursive
      - name: Build
        run: swift build
      - name: Test
        run: swift test

I have tried to use the same approach with your action, but it does not work properly. I have also tried with https://github.com/getsidetrack/action-xcodeproj-spm-update and there it works nicely.

So I started investigating what is the issue and I think I have found it:

The shaunco/ssh-agent@git-repo-mapping will populate ~/.gitconfig and ~/.ssh/* of the workflow job with private keys and hostname aliases for all the private dependencies that you may have. The ~/.ssh/* private keys are then added to the workflow internal ssh-agent and used by the subsequent steps. So for example xcodebuild used by the https://github.com/getsidetrack/action-xcodeproj-spm-update will pick up the new config nicely and will happily check dependencies and create a PR.

But your action will fail because it uses a step to invoke swift-release-notes via nested docker and the ~/.ssh/config and ~/.gitconfig are not properly passed to the docker step.

I have been able to overcome this limitation by somehow (hard copy, volume mount in case of docker build) pushing the ~/.ssh and ~/.gitconfig to the docker step so that it can properly access the private dependencies, but I have not found an easy way to do this with your workflow without forking and modifying it heavily.

I am not necessarily suggesting I know how to fix this properly, but I just want the issue to exist here for anybody hitting the same limitation.

I will probably try to work around this limitation by skipping the swift-release-notes binary invocation, and by simply invoking swift package update directly and comparing the md5sum before/after the same way action-xcodeproj-spm-update does it.

Another option could be to build swift-release-notes directly inside the job, and thus avoiding jumping to another nested docker step, which will help inherit the job environment.

Thoughts?

Using `reusableWorkflow.yml@v2` doesn't use latest release

I'm not sure if I'm configuring this wrong but I just noticed that we're pulling in 2.1.3 when 2.1.4 is the latest:

Here's our config:

    uses: MarcoEidinger/swift-package-dependencies-check/.github/workflows/reusableWorkflow.yml@v2

I've picked this config up from the last snippet in the README.

Is our config wrong or is there perhaps an update missing in reusableWorkflow.yml?

Warnings

I'm seeing a number of warnings in our logs:

I suspect it's an upstream dependency but I don't know GH actions well enough to spot the issue straight away and didn't dig deeper.

You probably know how to address it immediately, otherwise I'll poke around a bit when I have a minute :)

Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=libcurl.Easy Code=43

hey! just setting this up with my repo and i get this error while it's running.

here are the last couple lines of output, any idea what might be going wrong?

[63849/63849] Downloading https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip
[14284606/14284606] Downloading https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip, https://dl.google.com/firebase/ios/swiftpm/10.4.0/GoogleAppMeasurementOnDeviceConversion.zip
Downloaded https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip (5.43s)
[14220757/14220757] Downloading https://dl.google.com/firebase/ios/swiftpm/10.4.0/GoogleAppMeasurementOnDeviceConversion.zip
Downloaded https://dl.google.com/firebase/ios/bin/abseil/1.2021110200.0/abseil.zip (6.48s)
[5478304/5478304] Downloading https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignal.xcframework.zip
[5608158/5983830] Downloading https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignal.xcframework.zip, https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignalExtension.xcframework.zip
FoundationNetworking/EasyHandle.swift:223: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=libcurl.Easy Code=43 "(null)"
Current stack trace:
0    libswiftCore.so                    0x00007f544d476b10 _swift_stdlib_reportFatalErrorInFile + 112
1    libswiftCore.so                    0x00007f544d16840f <unavailable> + 1442831
2    libswiftCore.so                    0x00007f544d168227 <unavailable> + 1442343
3    libswiftCore.so                    0x00007f544d167030 _assertionFailure(_:_:file:line:flags:) + 364
4    libswiftCore.so                    0x00007f544d1af84b <unavailable> + 1734731
5    libFoundationNetworking.so         0x00007f544db10229 <unavailable> + 938537
6    libFoundationNetworking.so         0x00007f544dad89ca <unavailable> + 7[1111](https://github.com/reclipapp/reclip-ios/actions/runs/4995388466/jobs/8947357604#step:4:1112)4
7    libFoundationNetworking.so         0x00007f544dae9d93 <unavailable> + 781715
8    libFoundationNetworking.so         0x00007f544daf9ab0 URLSessionTask.getBody(completion:) + 55
9    libFoundationNetworking.so         0x00007f544dae7751 <unavailable> + 771921
10   libFoundationNetworking.so         0x00007f544dae01ec <unavailable> + 741868
11   libFoundationNetworking.so         0x00007f544dab23a6 <unavailable> + 553894
12   libdispatch.so                     0x00007f544db7f2b7 <unavailable> + 148151
13   libdispatch.so                     0x00007f544db89f45 <unavailable> + 192325
14   libdispatch.so                     0x00007f544db8abbd <unavailable> + 195517
15   libdispatch.so                     0x00007f544db89e04 <unavailable> + 192004
16   libdispatch.so                     0x00007f544db8abbd <unavailable> + 195517
17   libdispatch.so                     0x00007f544db92002 <unavailable> + 225282
18   libc.so.6                          0x00007f544cbceb43 <unavailable> + 609091
19   libc.so.6                          0x00007f544cc5fb70 clone + 68
FoundationNetworking/EasyHandle.swift:223: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=libcurl.Easy Code=43 "(null)"

my config is

      - name: Check Swift package dependencies
        id: spm-dep-check
        uses: MarcoEidinger/[email protected]
        with:
          isMutating: true
          failWhenOutdated: false
          directory: "Modules"

Action shall fail if it uses an insufficient swift-tools-version

We've bumped our tools-version to Swift 5.6 last week and now the updater is failing (silently, btw!):

### Current Package Dependencies (swift package show-dependencies)
[9](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/actions/runs/3172042531/jobs/5166091062#step:4:10)
/github/workspace: error: package at '/github/workspace' is using Swift tools version 5.6.0 but the installed version is 5.5.3
[10](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/actions/runs/3172042531/jobs/5166091062#step:4:11)

It would be great if the Swift version was configurable for users of the action.

Also, I don't think the action should pass when it encounters this error :)

Version 2.3.0 does not work because swift:5.7 docker image does not ship make by default

Hi Marco,

tried your updated swift:5.7 action today and it failed with missing make. I think your Dockerfile needs another step as make does not ship by default with swift 5.7 docker image.

€ docker run -it swift:5.7 bash
root@b8e408a7032b:/# which make

root@b8e408a7032b:/# apt-get update && apt-get install make
...
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB]
...
Unpacking make (4.3-4.1build1) ...
Setting up make (4.3-4.1build1) ...

root@b8e408a7032b:/# which make
/usr/bin/make

Use SwiftPackageIndex/[email protected] in [email protected]

Packages created with Swift 5.7 have a different Package.resolved format and This leads to a blank PR using swift-package-dependencies-check workflow.

The underlying tool ReleaseNotes got fixed with new version 0.0.7 (SwiftPackageIndex/ReleaseNotes#9) and needs to be picked up by swift-package-dependencies-check workflow 2.3.x

tools version 5.8 package fails dependency check

Hi Marco,

we've updated our repo to be "tools-version 5.8" and that made our dependency check task fail:

Changing current directory...
### Current Package Dependencies (swift package show-dependencies)
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3
### Check and Update Packages Dependencies if they are outdated (swift package update)
#### run swift-release-notes to get details about changes
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3
Error: error: unexpected input
 --> input:1:1
1 |
  | ^ expected integer
### Run swift package update
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3

I think it's just a matter of bumping the version in the Dockerfile, I'll open up a PR.

However, the task also passed all the steps, which I feel it shouldn't in this case:

override default behavior that action fails when detecting outdated dependencies

Action default behavior is to fail if outdated dependencies were detected. Reasoning was to raise awareness of outdated dependencies without the need to explicitly check an action output parameter.

A failed step results in a failed workflow. GitHub does not allow to suppress or change status of workflow. actions/runner#2347

Showing a failed workflow is not desired for a workflow to create a pull request updating Package.resolved. See https://twitter.com/_sa_s/status/1486679901361090562 for discussion with @finestructure

Hence the feature request to override default behavior (failOnOutdated: false)

Please add support for .xcodeproj files

This looks like a great thing, but would be even better if it can be configured for a repository which is containing an .xcodeproj and uses swift packages as dependencies. I am not familiar enough to see what is needed, but I assume there will be a requirement that xcodebuild should be able to update the dependencies from the command line.

This looks to be not possible at the moment. The only swift package manager related option is:

xcodebuild -resolvePackageDependencies [-project <projectname>|-workspace <workspacename>] -clonedSourcePackagesDirPath <path>

Any ideas?
Thanks for doing this, Martin

marcoeidinger / swift-package-dependencies-check Goto Github PK

swift-package-dependencies-check's Introduction

Swift Package Dependencies Checker

Similar Packages

swift-package-dependencies-check's People

Contributors

Stargazers

Watchers

Forkers

swift-package-dependencies-check's Issues

Recommend Projects

Recommend Topics

Recommend Org