Skip to content

A tool to update swift package manager dependencies

License

Notifications You must be signed in to change notification settings

Nef10/swift-dependency-updater

Repository files navigation

swift-dependency-updater

CI Status License: MIT Latest version platforms supported: linux | macOS

The Swift Dependency Updater is a tool to automatically update dependencies of your swift package manager projects. Unlike swift package update it also checks if there are updates which require adjustments for the versions specified in the Package.swift file.

Installation

mint install Nef10/swift-dependency-updater

Swift Package Manager

git clone https://github.com/Nef10/swift-dependency-updater.git
cd swift-dependency-updater
swift run swift-dependency-updater

Usage

Locally

Update dependencies:

swift-dependency-updater [update] [<folder>] [--keep-requirements]

List all dependencies and possible updates:

swift-dependency-updater list [<folder>] [--exclude-indirect] [--updates-only]

Help

Run swift-dependency-updater --help for a full list of supported commands, and swift-dependency-updater help <subcommand> for detailed help on a specific command.

Completion

Thanks to the swift-argument-parser you can generate autocompletion scripts via swift-dependency-updater --generate-completion-script {zsh|bash|fish}. The exact command for your shell may vary, but for example for zsh with ~/.zfunctions in your fpath you can use:

swift-dependency-updater --generate-completion-script zsh > ~/.zfunctions/_swift-dependency-updater

GitHub

The swift-dependency-updater can automatically create pull requests on GitHub for each outdated dependency by running swift-dependency-updater github [<folder>] [--keep-requirements]. This requires that a valid GitHub token is in the TOKEN environment variable as well as that git in checked out folder is authenticated (meaning git push will run sucessfully).

While this can be ran locally, it is mostly intended to run via GitHub Actions. The only problem is that a push or a pull request created by an action will not trigger action runs itself, meaning that your CI will not run on a PR created by this command by default. There are certain workarounds available. I recommend creating a GitHub App to create tokens as it provides the best security.

Once this is done, you can create the action by using the following actions file and place it for example under .github/workflows/swift-dependency-updater.yml in your repository:

name: Swift Dependency Updater

on:
  schedule:
    - cron:  '17 10 * * 5' # Run every Friday at 10:17 UTC
  workflow_dispatch: # Allows to manually trigger the script

permissions: # The workflow does not need specific permissions as we use a different token
  contents: read

jobs:
  test:
    name: Update Swift Dependencies
    runs-on: ubuntu-latest # The action supports macOS-latest as well
    steps:
    - name: Generate token
      id: generate_token
      uses: tibdex/[email protected]
      with:
        app_id: ${{ secrets.APP_ID }} # These two secrets need to be added
        private_key: ${{ secrets.APP_PRIVATE_KEY }} # to your repository settings
    - name: Checkout code
      uses: actions/checkout@v2
      with:
        path: repo
        fetch-depth: 0 # Fetching the whole repo is required to check if branches already exist
        token: ${{ steps.generate_token.outputs.token }} # Checkout repo pre-configured with right token
    - name: Install Swift
      uses: swift-actions/setup-swift@v1
    - name: Checkout swift-dependency-updater
      uses: actions/checkout@v2
      with:
        repository: Nef10/swift-dependency-updater
        path: swift-dependency-updater
        ref: main # specify a version tag or use main to always use the latest code
    - name: Run swift-dependency-updater
      run: cd swift-dependency-updater && swift run swift-dependency-updater github ../repo
      env:
        TOKEN: ${{ steps.generate_token.outputs.token }} # Required to open the Pull Requests

Limitation

Currently dependencies specified with either .branch(_ name:) or .revision(_ ref:) are not supported.

Inspiration

The tool was inspired by vintage, spm-dependencies-checker, and swift-package-dependencies-check.