marcoeidinger / swift-package-dependencies-check Goto Github PK
View Code? Open in Web Editor NEWCatch up with outdated versions based on your package dependency requirements
Catch up with outdated versions based on your package dependency requirements
This looks like a great thing, but would be even better if it can be configured for a repository which is containing an .xcodeproj and uses swift packages as dependencies. I am not familiar enough to see what is needed, but I assume there will be a requirement that xcodebuild
should be able to update the dependencies from the command line.
This looks to be not possible at the moment. The only swift package manager related option is:
xcodebuild -resolvePackageDependencies [-project <projectname>|-workspace <workspacename>] -clonedSourcePackagesDirPath <path>
Any ideas?
Thanks for doing this, Martin
I'm not sure if I'm configuring this wrong but I just noticed that we're pulling in 2.1.3 when 2.1.4 is the latest:
Here's our config:
uses: MarcoEidinger/swift-package-dependencies-check/.github/workflows/reusableWorkflow.yml@v2
I've picked this config up from the last snippet in the README.
Is our config wrong or is there perhaps an update missing in reusableWorkflow.yml
?
I'm seeing a number of warnings in our logs:
I suspect it's an upstream dependency but I don't know GH actions well enough to spot the issue straight away and didn't dig deeper.
You probably know how to address it immediately, otherwise I'll poke around a bit when I have a minute :)
Hi Marco,
tried your updated swift:5.7
action today and it failed with missing make
. I think your Dockerfile
needs another step as make
does not ship by default with swift 5.7 docker image.
€ docker run -it swift:5.7 bash
root@b8e408a7032b:/# which make
root@b8e408a7032b:/# apt-get update && apt-get install make
...
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB]
...
Unpacking make (4.3-4.1build1) ...
Setting up make (4.3-4.1build1) ...
root@b8e408a7032b:/# which make
/usr/bin/make
We've bumped our tools-version to Swift 5.6 last week and now the updater is failing (silently, btw!):
### Current Package Dependencies (swift package show-dependencies)
[9](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/actions/runs/3172042531/jobs/5166091062#step:4:10)
/github/workspace: error: package at '/github/workspace' is using Swift tools version 5.6.0 but the installed version is 5.5.3
[10](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/actions/runs/3172042531/jobs/5166091062#step:4:11)
It would be great if the Swift version was configurable for users of the action.
Also, I don't think the action should pass when it encounters this error :)
Action default behavior is to fail if outdated dependencies were detected. Reasoning was to raise awareness of outdated dependencies without the need to explicitly check an action output parameter.
A failed step results in a failed workflow. GitHub does not allow to suppress or change status of workflow. actions/runner#2347
Showing a failed workflow is not desired for a workflow to create a pull request updating Package.resolved
. See https://twitter.com/_sa_s/status/1486679901361090562 for discussion with @finestructure
Hence the feature request to override default behavior (failOnOutdated: false
)
Packages created with Swift 5.7 have a different Package.resolved
format and This leads to a blank PR using swift-package-dependencies-check
workflow.
The underlying tool ReleaseNotes
got fixed with new version 0.0.7 (SwiftPackageIndex/ReleaseNotes#9) and needs to be picked up by swift-package-dependencies-check
workflow 2.3.x
Hi Marco,
we've updated our repo to be "tools-version 5.8" and that made our dependency check task fail:
Changing current directory...
### Current Package Dependencies (swift package show-dependencies)
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3
### Check and Update Packages Dependencies if they are outdated (swift package update)
#### run swift-release-notes to get details about changes
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3
Error: error: unexpected input
--> input:1:1
1 |
| ^ expected integer
### Run swift package update
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3
I think it's just a matter of bumping the version in the Dockerfile
, I'll open up a PR.
However, the task also passed all the steps, which I feel it shouldn't in this case:
hey! just setting this up with my repo and i get this error while it's running.
here are the last couple lines of output, any idea what might be going wrong?
[63849/63849] Downloading https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip
[14284606/14284606] Downloading https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip, https://dl.google.com/firebase/ios/swiftpm/10.4.0/GoogleAppMeasurementOnDeviceConversion.zip
Downloaded https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip (5.43s)
[14220757/14220757] Downloading https://dl.google.com/firebase/ios/swiftpm/10.4.0/GoogleAppMeasurementOnDeviceConversion.zip
Downloaded https://dl.google.com/firebase/ios/bin/abseil/1.2021110200.0/abseil.zip (6.48s)
[5478304/5478304] Downloading https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignal.xcframework.zip
[5608158/5983830] Downloading https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignal.xcframework.zip, https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignalExtension.xcframework.zip
FoundationNetworking/EasyHandle.swift:223: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=libcurl.Easy Code=43 "(null)"
Current stack trace:
0 libswiftCore.so 0x00007f544d476b10 _swift_stdlib_reportFatalErrorInFile + 112
1 libswiftCore.so 0x00007f544d16840f <unavailable> + 1442831
2 libswiftCore.so 0x00007f544d168227 <unavailable> + 1442343
3 libswiftCore.so 0x00007f544d167030 _assertionFailure(_:_:file:line:flags:) + 364
4 libswiftCore.so 0x00007f544d1af84b <unavailable> + 1734731
5 libFoundationNetworking.so 0x00007f544db10229 <unavailable> + 938537
6 libFoundationNetworking.so 0x00007f544dad89ca <unavailable> + 7[1111](https://github.com/reclipapp/reclip-ios/actions/runs/4995388466/jobs/8947357604#step:4:1112)4
7 libFoundationNetworking.so 0x00007f544dae9d93 <unavailable> + 781715
8 libFoundationNetworking.so 0x00007f544daf9ab0 URLSessionTask.getBody(completion:) + 55
9 libFoundationNetworking.so 0x00007f544dae7751 <unavailable> + 771921
10 libFoundationNetworking.so 0x00007f544dae01ec <unavailable> + 741868
11 libFoundationNetworking.so 0x00007f544dab23a6 <unavailable> + 553894
12 libdispatch.so 0x00007f544db7f2b7 <unavailable> + 148151
13 libdispatch.so 0x00007f544db89f45 <unavailable> + 192325
14 libdispatch.so 0x00007f544db8abbd <unavailable> + 195517
15 libdispatch.so 0x00007f544db89e04 <unavailable> + 192004
16 libdispatch.so 0x00007f544db8abbd <unavailable> + 195517
17 libdispatch.so 0x00007f544db92002 <unavailable> + 225282
18 libc.so.6 0x00007f544cbceb43 <unavailable> + 609091
19 libc.so.6 0x00007f544cc5fb70 clone + 68
FoundationNetworking/EasyHandle.swift:223: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=libcurl.Easy Code=43 "(null)"
my config is
- name: Check Swift package dependencies
id: spm-dep-check
uses: MarcoEidinger/[email protected]
with:
isMutating: true
failWhenOutdated: false
directory: "Modules"
Hi Marco,
I have many packages that use private SPM dependencies via github.
Common method to allow github workflows to support private dependencies in any form (could be submodule, could be private package via [email protected]:username/repo
) is to use old school trick of mapping ssh deploy keys and virtual ssh hostnames along with .gitconfig
url...insteadOf
to your private repositories.
This can be automated via great action from shaunco: https://github.com/shaunco/ssh-agent/tree/git-repo-mapping.
Here is an example swift build && swift test
workflow that uses private swift dependencies that I am using:
name: Swift Build & Test
on: [workflow_dispatch, push]
jobs:
swift:
name: Swift ${{ matrix.swift }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
swift: ["5.5", "5.6"]
steps:
- uses: shaunco/ssh-agent@git-repo-mapping
with:
ssh-private-key: |
${{ secrets.REPO1_SSH_PRIVATE_KEY}}
${{ secrets.REPO2_SSH_PRIVATE_KEY}}
repo-mappings: |
github.com/mman/repo1.git
github.com/mman/repo2.git
- uses: fwal/[email protected]
with:
swift-version: ${{ matrix.swift }}
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Build
run: swift build
- name: Test
run: swift test
I have tried to use the same approach with your action, but it does not work properly. I have also tried with https://github.com/getsidetrack/action-xcodeproj-spm-update and there it works nicely.
So I started investigating what is the issue and I think I have found it:
The shaunco/ssh-agent@git-repo-mapping
will populate ~/.gitconfig
and ~/.ssh/*
of the workflow job with private keys and hostname aliases for all the private dependencies that you may have. The ~/.ssh/*
private keys are then added to the workflow internal ssh-agent
and used by the subsequent steps. So for example xcodebuild
used by the https://github.com/getsidetrack/action-xcodeproj-spm-update will pick up the new config nicely and will happily check dependencies and create a PR.
But your action will fail because it uses a step to invoke swift-release-notes
via nested docker
and the ~/.ssh/config
and ~/.gitconfig
are not properly passed to the docker step.
I have been able to overcome this limitation by somehow (hard copy, volume mount in case of docker build
) pushing the ~/.ssh
and ~/.gitconfig
to the docker step so that it can properly access the private dependencies, but I have not found an easy way to do this with your workflow without forking and modifying it heavily.
I am not necessarily suggesting I know how to fix this properly, but I just want the issue to exist here for anybody hitting the same limitation.
I will probably try to work around this limitation by skipping the swift-release-notes
binary invocation, and by simply invoking swift package update
directly and comparing the md5sum before/after the same way action-xcodeproj-spm-update
does it.
Another option could be to build swift-release-notes
directly inside the job, and thus avoiding jumping to another nested docker step, which will help inherit the job environment.
Thoughts?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.