How to catch up with outdated dependencies in your Swift Package with GitHub actions
If you develop a Swift package then most likely you have declared one or more dependencies in your Package.swift manifest.
The Swift Package Manager performs a process called dependency resolution to figure out the exact version of the package dependencies that can be used in your package. The results of the dependency resolution are recorded in the
Package.resolved
file which will be placed in the top-level drectory of your package
Challenge
If you have version-based requirements and your Package.resolved
is under source control management then you might face the challenge to catch up with new versions and update the file.
Goal
Automate the process to
periodically check for outdated versions and
create a pull request to update
Package.resolved
file with new versions based on my package dependency requirements
Which GitHub actions to use?
There is already a great GitHub action to create a pull request from modified content within your workflow.
I looked into reusing existing GitHub actions to check for outdated dependencies but all of them required to run on macOS which might cause minor problems as GitHub imposes usage limitations on macOS runner.
Therefore I created a new, Docker-based GitHub Action swift-package-dependencies-check
Internally the action utilizes Swift Package Manager by using
swift package show-dependencies
swift package update (either with or without the β dry-run option)
Solution
These two actions easily allow creating a workflow to periodically check for outdated dependencies and then create a pull request to update those
name: Swift Package Dependencies
on:
schedule:
- cron: '0 8 * * 1' # every monday AM 8:00
jobs:
spm-dep-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check Swift package dependencies
uses: MarcoEidinger/swift-package-dependencies-check@1.0.0
with:
isMutating: true
- name: Create Pull Request
if: failure()
uses: peter-evans/create-pull-request@v3
with:
commit-message: 'chore: update package dependencies'
branch: updatePackageDepedencies
delete-branch: true
title: 'chore: update package dependencies'
body: ''
Conclusion
π Feel free to use the new GitHub action and if you see any problems then go ahead and open a issue on GitHub.
βΉοΈ I deliberately chose that the action fails in case there are outdated dependencies. From my perspective this makes it pretty easy to use the action as a single step in a workflow. If you rather would get the status information and pass them along then you might be happier with one of the other existing GitHub actions like swiftpm-update-checker or spm-dependencies-checker
π Happy version checking! π