marcoeidinger / swift-package-dependencies-check Goto Github PK
View Code? Open in Web Editor NEWCatch up with outdated versions based on your package dependency requirements
swift-package-dependencies-check's Issues
Please add support for .xcodeproj files
This looks like a great thing, but would be even better if it can be configured for a repository which is containing an .xcodeproj and uses swift packages as dependencies. I am not familiar enough to see what is needed, but I assume there will be a requirement that xcodebuild should be able to update the dependencies from the command line.
This looks to be not possible at the moment. The only swift package manager related option is:
xcodebuild -resolvePackageDependencies [-project <projectname>|-workspace <workspacename>] -clonedSourcePackagesDirPath <path>
Any ideas?
Thanks for doing this, Martin
Using `reusableWorkflow.yml@v2` doesn't use latest release
I'm not sure if I'm configuring this wrong but I just noticed that we're pulling in 2.1.3 when 2.1.4 is the latest:
Here's our config:
uses: MarcoEidinger/swift-package-dependencies-check/.github/workflows/reusableWorkflow.yml@v2
I've picked this config up from the last snippet in the README.
Is our config wrong or is there perhaps an update missing in reusableWorkflow.yml?
Warnings
I'm seeing a number of warnings in our logs:
I suspect it's an upstream dependency but I don't know GH actions well enough to spot the issue straight away and didn't dig deeper.
You probably know how to address it immediately, otherwise I'll poke around a bit when I have a minute :)
Version 2.3.0 does not work because swift:5.7 docker image does not ship make by default
Hi Marco,
tried your updated swift:5.7 action today and it failed with missing make. I think your Dockerfile needs another step as make does not ship by default with swift 5.7 docker image.
€ docker run -it swift:5.7 bash
root@b8e408a7032b:/# which make
root@b8e408a7032b:/# apt-get update && apt-get install make
...
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB]
...
Unpacking make (4.3-4.1build1) ...
Setting up make (4.3-4.1build1) ...
root@b8e408a7032b:/# which make
/usr/bin/make
Action shall fail if it uses an insufficient swift-tools-version
We've bumped our tools-version to Swift 5.6 last week and now the updater is failing (silently, btw!):
### Current Package Dependencies (swift package show-dependencies)
[9](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/actions/runs/3172042531/jobs/5166091062#step:4:10)
/github/workspace: error: package at '/github/workspace' is using Swift tools version 5.6.0 but the installed version is 5.5.3
[10](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/actions/runs/3172042531/jobs/5166091062#step:4:11)
It would be great if the Swift version was configurable for users of the action.
Also, I don't think the action should pass when it encounters this error :)
override default behavior that action fails when detecting outdated dependencies
Action default behavior is to fail if outdated dependencies were detected. Reasoning was to raise awareness of outdated dependencies without the need to explicitly check an action output parameter.
A failed step results in a failed workflow. GitHub does not allow to suppress or change status of workflow. actions/runner#2347
Showing a failed workflow is not desired for a workflow to create a pull request updating Package.resolved. See https://twitter.com/_sa_s/status/1486679901361090562 for discussion with @finestructure
Hence the feature request to override default behavior (failOnOutdated: false)
Use SwiftPackageIndex/[email protected] in [email protected]
Packages created with Swift 5.7 have a different Package.resolved format and This leads to a blank PR using swift-package-dependencies-check workflow.
The underlying tool ReleaseNotes got fixed with new version 0.0.7 (SwiftPackageIndex/ReleaseNotes#9) and needs to be picked up by swift-package-dependencies-check workflow 2.3.x
tools version 5.8 package fails dependency check
Hi Marco,
we've updated our repo to be "tools-version 5.8" and that made our dependency check task fail:
Changing current directory...
### Current Package Dependencies (swift package show-dependencies)
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3
### Check and Update Packages Dependencies if they are outdated (swift package update)
#### run swift-release-notes to get details about changes
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3
Error: error: unexpected input
--> input:1:1
1 |
| ^ expected integer
### Run swift package update
error: 'workspace': package 'workspace' is using Swift tools version 5.8.0 but the installed version is 5.7.3
I think it's just a matter of bumping the version in the Dockerfile, I'll open up a PR.
However, the task also passed all the steps, which I feel it shouldn't in this case:
Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=libcurl.Easy Code=43
hey! just setting this up with my repo and i get this error while it's running.
here are the last couple lines of output, any idea what might be going wrong?
[63849/63849] Downloading https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip
[14284606/14284606] Downloading https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip, https://dl.google.com/firebase/ios/swiftpm/10.4.0/GoogleAppMeasurementOnDeviceConversion.zip
Downloaded https://dl.google.com/firebase/ios/swiftpm/10.9.0/GoogleAppMeasurementIdentitySupport.zip (5.43s)
[14220757/14220757] Downloading https://dl.google.com/firebase/ios/swiftpm/10.4.0/GoogleAppMeasurementOnDeviceConversion.zip
Downloaded https://dl.google.com/firebase/ios/bin/abseil/1.2021110200.0/abseil.zip (6.48s)
[5478304/5478304] Downloading https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignal.xcframework.zip
[5608158/5983830] Downloading https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignal.xcframework.zip, https://github.com/OneSignal/OneSignal-iOS-SDK/releases/download/3.12.5/OneSignalExtension.xcframework.zip
FoundationNetworking/EasyHandle.swift:223: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=libcurl.Easy Code=43 "(null)"
Current stack trace:
0 libswiftCore.so 0x00007f544d476b10 _swift_stdlib_reportFatalErrorInFile + 112
1 libswiftCore.so 0x00007f544d16840f <unavailable> + 1442831
2 libswiftCore.so 0x00007f544d168227 <unavailable> + 1442343
3 libswiftCore.so 0x00007f544d167030 _assertionFailure(_:_:file:line:flags:) + 364
4 libswiftCore.so 0x00007f544d1af84b <unavailable> + 1734731
5 libFoundationNetworking.so 0x00007f544db10229 <unavailable> + 938537
6 libFoundationNetworking.so 0x00007f544dad89ca <unavailable> + 7[1111](https://github.com/reclipapp/reclip-ios/actions/runs/4995388466/jobs/8947357604#step:4:1112)4
7 libFoundationNetworking.so 0x00007f544dae9d93 <unavailable> + 781715
8 libFoundationNetworking.so 0x00007f544daf9ab0 URLSessionTask.getBody(completion:) + 55
9 libFoundationNetworking.so 0x00007f544dae7751 <unavailable> + 771921
10 libFoundationNetworking.so 0x00007f544dae01ec <unavailable> + 741868
11 libFoundationNetworking.so 0x00007f544dab23a6 <unavailable> + 553894
12 libdispatch.so 0x00007f544db7f2b7 <unavailable> + 148151
13 libdispatch.so 0x00007f544db89f45 <unavailable> + 192325
14 libdispatch.so 0x00007f544db8abbd <unavailable> + 195517
15 libdispatch.so 0x00007f544db89e04 <unavailable> + 192004
16 libdispatch.so 0x00007f544db8abbd <unavailable> + 195517
17 libdispatch.so 0x00007f544db92002 <unavailable> + 225282
18 libc.so.6 0x00007f544cbceb43 <unavailable> + 609091
19 libc.so.6 0x00007f544cc5fb70 clone + 68
FoundationNetworking/EasyHandle.swift:223: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=libcurl.Easy Code=43 "(null)"
my config is
- name: Check Swift package dependencies
id: spm-dep-check
uses: MarcoEidinger/[email protected]
with:
isMutating: true
failWhenOutdated: false
directory: "Modules"
How to use swift-package-dependencies-check with dependencies in private repos?
Hi Marco,
I have many packages that use private SPM dependencies via github.
Common method to allow github workflows to support private dependencies in any form (could be submodule, could be private package via [email protected]:username/repo) is to use old school trick of mapping ssh deploy keys and virtual ssh hostnames along with .gitconfig url...insteadOf to your private repositories.
This can be automated via great action from shaunco: https://github.com/shaunco/ssh-agent/tree/git-repo-mapping.
Here is an example swift build && swift test workflow that uses private swift dependencies that I am using:
name: Swift Build & Test
on: [workflow_dispatch, push]
jobs:
swift:
name: Swift ${{ matrix.swift }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
swift: ["5.5", "5.6"]
steps:
- uses: shaunco/ssh-agent@git-repo-mapping
with:
ssh-private-key: |
${{ secrets.REPO1_SSH_PRIVATE_KEY}}
${{ secrets.REPO2_SSH_PRIVATE_KEY}}
repo-mappings: |
github.com/mman/repo1.git
github.com/mman/repo2.git
- uses: fwal/[email protected]
with:
swift-version: ${{ matrix.swift }}
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Build
run: swift build
- name: Test
run: swift test
I have tried to use the same approach with your action, but it does not work properly. I have also tried with https://github.com/getsidetrack/action-xcodeproj-spm-update and there it works nicely.
So I started investigating what is the issue and I think I have found it:
The shaunco/ssh-agent@git-repo-mapping will populate ~/.gitconfig and ~/.ssh/* of the workflow job with private keys and hostname aliases for all the private dependencies that you may have. The ~/.ssh/* private keys are then added to the workflow internal ssh-agent and used by the subsequent steps. So for example xcodebuild used by the https://github.com/getsidetrack/action-xcodeproj-spm-update will pick up the new config nicely and will happily check dependencies and create a PR.
But your action will fail because it uses a step to invoke swift-release-notes via nested docker and the ~/.ssh/config and ~/.gitconfig are not properly passed to the docker step.
I have been able to overcome this limitation by somehow (hard copy, volume mount in case of docker build) pushing the ~/.ssh and ~/.gitconfig to the docker step so that it can properly access the private dependencies, but I have not found an easy way to do this with your workflow without forking and modifying it heavily.
I am not necessarily suggesting I know how to fix this properly, but I just want the issue to exist here for anybody hitting the same limitation.
I will probably try to work around this limitation by skipping the swift-release-notes binary invocation, and by simply invoking swift package update directly and comparing the md5sum before/after the same way action-xcodeproj-spm-update does it.
Another option could be to build swift-release-notes directly inside the job, and thus avoiding jumping to another nested docker step, which will help inherit the job environment.
Thoughts?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.