Three months ago I started working on a tool for generating a report of dependencies from different repositories, specifically those using Go modules, with the whole purpose of indicating exactly how those dependencies are interconnected and what versions each repository uses. Keep in mind that this is aplicable to our workflow where each repository, or Go module, indicates an independent microservice and all the required internal tools and public APIs; so using this tool would make little to no sense when using monorepos.
I’m calling this tool
versions, probably not a SEO-friendly name for sure but I do like keeping names consistent to what the project is supposed to do. At the moment this tool generates a static markdown but I’m working on adding support to generate outputs in different formats, like JSON for making it more tool friendly.
Few months ago we added
versions' to our documentation using a downstream pipeline in Gitlab that is triggered after any projecf is released, with this we can easily visualize the Go package versions used by each project with the end goal of knowng what we should be updating if needed.
Besides generating different formats, I have a few ideas regarding integrating it with other Go projects, specifically:
- effrit to include the efferent and afferent metrics in the final report,
- diligent to indicate licenses used by each package,
- godepgraph to generate a global dependency diagram, and
- goup to determine if the package has new updates.
Another goal I have is to add support for creating Merge/Pull Requests for upgrading modules across all projects at the same time, that should make that monotonous task a little more easier to digest.
To install the current version you can run:
go get github.com/MarioCarrion/versions/cmd/versions
The doing something like:
versions <full path to 1 go.mod> <full path to 2 go.mod> <full path to N go.mod>
Will print out the report as markdown including all projects, packages being used and how the versions relate to each other.