Marco Eidinger
Swifty Tech by Marco Eidinger

Swifty Tech by Marco Eidinger

How to catch up with outdated dependencies in your Swift Package with GitHub actions

How to catch up with outdated dependencies in your Swift Package with GitHub actions

Marco Eidinger's photo
Marco Eidinger
Β·Oct 12, 2020Β·

2 min read

Subscribe to my newsletter and never miss my upcoming articles

If you develop a Swift package then most likely you have declared one or more dependencies in your Package.swift manifest.

The Swift Package Manager performs a process called dependency resolution to figure out the exact version of the package dependencies that can be used in your package. The results of the dependency resolution are recorded in the Package.resolved file which will be placed in the top-level drectory of your package

Challenge

If you have version-based requirements and your Package.resolved is under source control management then you might face the challenge to catch up with new versions and update the file.

Goal

Automate the process to

  • periodically check for outdated versions and

  • create a pull request to update Package.resolved file with new versions based on my package dependency requirements

Which GitHub actions to use?

There is already a great GitHub action to create a pull request from modified content within your workflow.

I looked into reusing existing GitHub actions to check for outdated dependencies but all of them required to run on macOS which might cause minor problems as GitHub imposes usage limitations on macOS runner.

Therefore I created a new, Docker-based GitHub Action swift-package-dependencies-check

The new kid in town

Internally the action utilizes Swift Package Manager by using

  • swift package show-dependencies

  • swift package update (either with or without the β€” dry-run option)

Solution

These two actions easily allow creating a workflow to periodically check for outdated dependencies and then create a pull request to update those

name: Swift Package Dependencies

on: 
  schedule:
    - cron: '0 8 * * 1' # every monday AM 8:00
jobs:
  spm-dep-check:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Check Swift package dependencies
      uses: MarcoEidinger/swift-package-dependencies-check@1.0.0
      with:
        isMutating: true
    - name: Create Pull Request
      if: failure()
      uses: peter-evans/create-pull-request@v3
      with:
        commit-message: 'chore: update package dependencies'
        branch: updatePackageDepedencies
        delete-branch: true
        title: 'chore: update package dependencies'
        body: ''

Conclusion

πŸ’š Feel free to use the new GitHub action and if you see any problems then go ahead and open a issue on GitHub.

ℹ️ I deliberately chose that the action fails in case there are outdated dependencies. From my perspective this makes it pretty easy to use the action as a single step in a workflow. If you rather would get the status information and pass them along then you might be happier with one of the other existing GitHub actions like swiftpm-update-checker or spm-dependencies-checker

πŸŽ‰ Happy version checking! πŸ˜ƒ

Did you find this article valuable?

Support Marco Eidinger by becoming a sponsor. Any amount is appreciated!

See recent sponsors |Β Learn more about Hashnode Sponsors
Β 
Share this