lockdelta 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -5
- package/action.yml +18 -2
- package/dist/{action.js → action.cjs} +722 -571
- package/dist/action.cjs.map +1 -0
- package/dist/cli.js +130 -37
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +8 -2
- package/dist/index.js +130 -37
- package/dist/index.js.map +1 -1
- package/package.json +17 -13
- package/dist/action.js.map +0 -1
package/README.md
CHANGED
|
@@ -72,7 +72,7 @@ No inputs are required on `pull_request` or `push` events. The action reads the
|
|
|
72
72
|
|
|
73
73
|
### Markdown summary
|
|
74
74
|
|
|
75
|
-
When `markdown: 'true'` or `post-comment` is not `'false'`, lockdelta generates a three-section markdown summary. Direct production dependencies are **bold**, dev dependencies are *italic*, and transitive deps are plain. Package names link to their registry (PyPI, npmjs, jsr.io).
|
|
75
|
+
When `markdown: 'true'` or `post-comment` is not `'false'`, lockdelta generates a three-section markdown summary. Direct production dependencies are **bold**, dev dependencies are *italic*, and transitive deps are plain. Package names link to their public registry (PyPI, npmjs, jsr.io). Packages sourced from a private registry are shown without a link; GitHub Packages scoped packages link to their GitHub repository page instead.
|
|
76
76
|
|
|
77
77
|
```yaml
|
|
78
78
|
- name: Diff dependencies
|
|
@@ -234,14 +234,17 @@ console.log(report.summary);
|
|
|
234
234
|
|
|
235
235
|
```ts
|
|
236
236
|
import { registerEcosystem } from 'lockdelta';
|
|
237
|
-
import type { Ecosystem, DirectDeps } from 'lockdelta';
|
|
237
|
+
import type { Ecosystem, DirectDeps, PackageEntry } from 'lockdelta';
|
|
238
238
|
|
|
239
239
|
const rubyEcosystem: Ecosystem = {
|
|
240
240
|
name: 'ruby',
|
|
241
241
|
supportedLockfiles: [{ filename: 'Gemfile.lock', type: 'bundler' }],
|
|
242
242
|
manifestName: 'Gemfile',
|
|
243
243
|
getLockfileType: (filename) => filename === 'Gemfile.lock' ? 'bundler' : undefined,
|
|
244
|
-
parseLockfile: (content, _type)
|
|
244
|
+
parseLockfile: (content, _type): Record<string, PackageEntry> => {
|
|
245
|
+
// parse and return { packageName: { version, registryUrl? } }
|
|
246
|
+
return {};
|
|
247
|
+
},
|
|
245
248
|
parseDirectDeps: (content): DirectDeps => ({ prod: new Set(), dev: new Set() }),
|
|
246
249
|
normalizeName: (name) => name.toLowerCase(),
|
|
247
250
|
};
|
|
@@ -259,8 +262,11 @@ interface PackageChange {
|
|
|
259
262
|
change_type: 'added' | 'removed' | 'updated';
|
|
260
263
|
old_version: string | null;
|
|
261
264
|
new_version: string | null;
|
|
262
|
-
is_direct: boolean;
|
|
263
|
-
is_dev: boolean;
|
|
265
|
+
is_direct: boolean; // declared in the project manifest
|
|
266
|
+
is_dev: boolean; // declared in a dev/optional dependency section
|
|
267
|
+
old_registry_url?: string; // registry origin of the old version (e.g. 'https://npm.pkg.github.com')
|
|
268
|
+
new_registry_url?: string; // registry origin of the new version
|
|
269
|
+
// Both fields present on 'updated' changes: a mismatch signals a potential registry switch
|
|
264
270
|
}
|
|
265
271
|
|
|
266
272
|
interface DiffReport {
|
package/action.yml
CHANGED
|
@@ -40,7 +40,8 @@ inputs:
|
|
|
40
40
|
description: >
|
|
41
41
|
YAML map of named package groups. Each group produces a boolean output named after
|
|
42
42
|
the group, set to 'true' if any package in the group changed. Inspired by
|
|
43
|
-
dorny/paths-filter.
|
|
43
|
+
dorny/paths-filter. May be combined with filters-from; inline definitions take
|
|
44
|
+
precedence over the file on key collision. Example:
|
|
44
45
|
auth:
|
|
45
46
|
- pyjwt
|
|
46
47
|
- cryptography
|
|
@@ -48,6 +49,12 @@ inputs:
|
|
|
48
49
|
- httpx
|
|
49
50
|
- requests
|
|
50
51
|
required: false
|
|
52
|
+
filters-from:
|
|
53
|
+
description: >
|
|
54
|
+
Path to a YAML file containing named package group filters (same format as the
|
|
55
|
+
filters input). Merged with any inline filters; the inline filters input takes
|
|
56
|
+
precedence on key collision. Inspired by dorny/paths-filter's filters-from.
|
|
57
|
+
required: false
|
|
51
58
|
markdown:
|
|
52
59
|
description: >
|
|
53
60
|
Set to 'true' to generate a markdown summary of changes. The summary has three
|
|
@@ -80,6 +87,15 @@ outputs:
|
|
|
80
87
|
description: >
|
|
81
88
|
JSON diff report. Schema matches DiffReport in the TypeScript types.
|
|
82
89
|
Contains schema_version, generated_at, base_ref, head_ref, summary, and lockfiles[].
|
|
90
|
+
has-changes:
|
|
91
|
+
description: >
|
|
92
|
+
'true' if at least one dependency changed, 'false' otherwise.
|
|
93
|
+
Useful for conditionally running downstream steps.
|
|
94
|
+
changed-groups:
|
|
95
|
+
description: >
|
|
96
|
+
JSON array of filter group names that had at least one changed package.
|
|
97
|
+
Only set when the filters or filters-from input is used.
|
|
98
|
+
Example: '["auth","http-client"]'
|
|
83
99
|
markdown:
|
|
84
100
|
description: >
|
|
85
101
|
Markdown summary of dependency changes (Added/Changed/Removed sections).
|
|
@@ -87,4 +103,4 @@ outputs:
|
|
|
87
103
|
|
|
88
104
|
runs:
|
|
89
105
|
using: 'node24'
|
|
90
|
-
main: 'dist/action.
|
|
106
|
+
main: 'dist/action.cjs'
|