Skip to content

feat(ci): go list check versions available for untagged dependencies #8

feat(ci): go list check versions available for untagged dependencies

feat(ci): go list check versions available for untagged dependencies #8

name: Dependency Check
on:
pull_request:
paths:
- 'go.mod'
- 'go.sum'
- '.github/workflows/dependency-check.yml'
jobs:
dependency-check:
runs-on: ubuntu-latest
name: Dependency Check
env:
V0_PATTERN: 'v0\.0\.0-[0-9]{14}-[0-9a-f]{7,}$'
RELEASE_PATTERN: 'v[0-9]+\.[0-9]+\.[0-9]+(\+incompatible)?$'
IGNORE_PATTERN: 'dependency-check-ignore:\s'
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: ./.github/actions/install-go
- name: Extract dependencies
id: all
run: |
echo "dependencies<<EOF" >> $GITHUB_OUTPUT
# Extract all dependencies from go.mod (include indirect dependencies and comments)
sed -n '/require (/,/)/{/require (/!{/)/!p;};}' go.mod | sed 's/^[[:space:]]*//' | tee -a $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Extract unreleased dependencies
id: unreleased
env:
DEPENDENCIES: ${{ steps.all.outputs.dependencies }}
run: |
echo "dependencies<<EOF" >> $GITHUB_OUTPUT
# Strip '// indirect' so we all dependencies the same
sed 's/\/\/\s*indirect//' <<< "$DEPENDENCIES" | grep -Pv "$V0_PATTERN|$RELEASE_PATTERN" | tee -a $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Extract unexplained dependencies
id: unexplained
env:
DEPENDENCIES: ${{ steps.unreleased.outputs.dependencies }}
run: |
echo "dependencies<<EOF" >> $GITHUB_OUTPUT
grep -Pv "$IGNORE_PATTERN" <<< "$DEPENDENCIES" | tee -a $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Check v0.0.0 dependencies for available tags
id: v0check
run: |
echo "tagged<<EOF" >> $GITHUB_OUTPUT
# Only check direct dependencies - exclude indirect ones entirely
grep -P "$V0_PATTERN" go.mod | grep -Pv "$IGNORE_PATTERN" | grep -Pv "\/\/\s*indirect/" | while read -r line; do
dep=$(echo "$line" | cut -d' ' -f1)
if [ ! -z "$(go list -m -versions $dep 2>/dev/null | awk 'NF>1')" ]; then
echo "$dep"
fi
done | tee -a $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Set outputs, if any
if: steps.unexplained.outputs.dependencies != '' || steps.v0check.outputs.tagged != ''
env:
MESSAGE: |
Dependencies requiring attention found in this PR. Please follow the [dependency management conventions](https://github.com/filecoin-project/lotus/blob/master/CONTRIBUTING.md#dependency-management)
${{ steps.unexplained.outputs.dependencies != '' && 'Unreleased dependencies:' || '' }}
${{ steps.unexplained.outputs.dependencies }}
${{ steps.v0check.outputs.tagged != '' && 'v0.0.0 dependencies with available tags:' || '' }}
${{ steps.v0check.outputs.tagged }}
run: |
echo "::error::${MESSAGE//$'\n'/%0A}"
exit 1