If you develop a Swift package then most likely you have declared one or more dependencies in your Package.swift manifest.
The Swift Package Manager performs a process called dependency resolution to figure out the exact version of the package dependencies that can be used in your package. The results of the dependency resolution are recorded in the
Package.resolvedfile which will be placed in the top-level drectory of your package
If you have version-based requirements and your
Package.resolved is under source control management then you might face the challenge to catch up with new versions and update the file.
Automate the process to
periodically check for outdated versions and
create a pull request to update
Package.resolvedfile with new versions based on my package dependency requirements
Which GitHub actions to use?
There is already a great GitHub action to create a pull request from modified content within your workflow.
I looked into reusing existing GitHub actions to check for outdated dependencies but all of them required to run on macOS which might cause minor problems as GitHub imposes usage limitations on macOS runner.
Therefore I created a new, Docker-based GitHub Action swift-package-dependencies-check
Internally the action utilizes Swift Package Manager by using
swift package show-dependencies
swift package update (either with or without the — dry-run option)
These two actions easily allow creating a workflow to periodically check for outdated dependencies and then create a pull request to update those
name: Swift Package Dependencies on: schedule: - cron: '0 8 * * 1' # every monday AM 8:00 jobs: spm-dep-check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Check Swift package dependencies uses: MarcoEidingerfirstname.lastname@example.org with: isMutating: true - name: Create Pull Request if: failure() uses: peter-evans/create-pull-request@v3 with: commit-message: 'chore: update package dependencies' branch: updatePackageDepedencies delete-branch: true title: 'chore: update package dependencies' body: ''
💚 Feel free to use the new GitHub action and if you see any problems then go ahead and open a issue on GitHub.
ℹ️ I deliberately chose that the action fails in case there are outdated dependencies. From my perspective this makes it pretty easy to use the action as a single step in a workflow. If you rather would get the status information and pass them along then you might be happier with one of the other existing GitHub actions like swiftpm-update-checker or spm-dependencies-checker
🎉 Happy version checking! 😃