Skip to content
package

GitHub Action

deps-diff

v1.1 Latest version

deps-diff

package

deps-diff

Clojure dependencies differ

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: deps-diff

              
  uses: namenu/deps-diff@v1.1
Learn more about this action in namenu/deps-diff

Choose a version

deps-diff

A tool for comparing transitive dependencies in two deps.edn files.

Certainly, the Clojure ecosystem does not strictly follow SemVer (Spec-ulation), and if there are no concrete benefits, it is recommended not to update dependencies. However, when it becomes necessary to replace an artifact, you need to be extremely careful, especially when implicit transitive dependencies change, as compatibility issues may arise.

For example, consider the following dependency tree:

+-----+     +--------+     +--------+
|  A  | --> | B(1.0) | --> | C(1.0) |
+-----+     +--------+     +--------+
      \     +--------+     +--------+
       +--> | D(1.0) | --> | C(1.0) |
            +--------+     +--------+

Let's assume a situation where we need to update dependency B:

+-----+     +--------+     +--------+
|  A  | --> | B(2.0) | --> | C(2.0) |
+-----+     +--------+     +--------+
      \     +--------+     +--------+
       +--> | D(1.0) | --> | C(1.0) |
            +--------+     +--------+

In this scenario, B internally updated C to 2.0. If we haven't explicitly specified the version of C, there is no way to guarantee that D will work correctly (See Dep selection).

But it's good to know that such potential risks can be detected in advance. deps-diff is a GitHub Action created for this purpose.

Example

Just create a .github/workflows/deps-diff.yml file as follows.

name: Notify dependency diff

on:
  pull_request:
    paths:
      - 'deps.edn' # only watch this

jobs:
  notify:
    runs-on: ubuntu-latest
    steps:
      - name: Diff dependencies
        id: diff
        uses: namenu/deps-diff@main
        with:
          format: markdown
          aliases: "[:test]"

      - uses: marocchino/sticky-pull-request-comment@v2
        if: ${{ steps.diff.outputs.exit_code != 0 }}
        with:
          header: deps-diff # Creates a collapsed comment with the report
          message: |
            ### `deps.edn` dependency changes

            ${{ steps.diff.outputs.deps_diff }}

This workflow will comment on your PR as shown below.

Inputs

Name Description Default Value
base The git sha before the change being referenced. The default value is the git ref of the base branch of the PR. Git ref of PR's base branch
format Determines the format of the output. You can specify edn, markdown, or cli. The default value is edn edn
aliases Specifies the aliases to be used when forming the basis. It must be expressed as a quoted sequence (e.g., '[:dev :test]'). nil
project Specifies the path of the deps.edn file. deps.edn

Outputs

  • deps_diff - The name of the outlet where the execution result is output. Use it along with the action's id in your workflow.
  • exit_code - 0 if equal or else 1.

Run as a tool

# install
clojure -Ttools install-latest :lib io.github.namenu/deps-diff :as deps-diff`

# resolve deps before changes
clojure -X:deps tree :dir '"./before"' > __before.edn
# resolve deps after changes
clojure -X:deps tree :dir '"./after"' > __after.edn

# then compare
clojure -Tdeps-diff diff :base '"__before.edn"' :target '"__after.edn"' :format :cli

# output will be like this

  Modified  org.clojure/spec.alpha                                      0.2.194 -> 0.3.218
  Modified  com.github.seancorfield/next.jdbc                           1.2.796 -> 1.3.847
  Modified  org.clojure/core.specs.alpha                                0.2.56 -> 0.2.62
  Modified  camel-snake-kebab/camel-snake-kebab                         0.4.2 -> 0.4.3
  Modified  org.clojure/clojure                                         1.10.3 -> 1.11.1