Low commit activity in last 3 years
A long-lived project that still receives updates
Verify all your dependencies allow the latest versions on Puppet Forge
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 13.0
~> 3.0

Runtime

>= 2.2, < 6
>= 0.3.0, < 5
 Project Readme

metadata-json-deps

The metadata-json-deps tool validates dependencies in metadata.json files in Puppet modules against the latest published versions on the Puppet Forge.

Compatibility

metadata-json-deps is compatible with Ruby versions 2.4.0 and newer.

Installation

via gem command:

gem install metadata_json_deps

via Gemfile:

gem 'metadata_json_deps'

Usage

Testing with metadata-json-deps

On the command line, run metadata-json-deps with the path(s) of your metadata.json file(s):

metadata-json-deps /path/to/metadata.json

Example output:

$ metadata-json-deps modules/*/*/metadata.json
Checking modules/theforeman/puppet-candlepin/metadata.json
  puppetlabs/stdlib (>= 4.2.0 < 8.0.0) doesn't match 8.1.0
  puppet/extlib (>= 3.0.0 < 6.0.0) doesn't match 6.0.0
Checking modules/theforeman/puppet-certs/metadata.json
  puppetlabs-stdlib (>= 4.25.0 < 8.0.0) doesn't match 8.1.0
  puppet-extlib (>= 3.0.0 < 6.0.0) doesn't match 6.0.0
Checking modules/theforeman/puppet-dhcp/metadata.json
Checking modules/theforeman/puppet-dns/metadata.json

It can also be run verbosely to show valid dependencies:

metadata-json-deps -v modules/*/metadata.json

Testing with metadata-json-deps as a Rake task

You can also integrate metadata-json-deps checks into your tests using a Rake task:

require 'metadata_json_deps'

desc 'Run metadata-json-deps'
task :metadata_deps do
  files = FileList['modules/*/metadata.json']
  abort if MetadataJsonDeps::run(files)
end

Bumping dependency upper bounds

After detecting outdated dependencies, it's important to do something about this. Taking the earlier example, you can see some modules should allow newer dependencies (candlepin and certs) while others are up to date (dhcp and dns).

The next step is to look into the newer dependencies. In this case stdlib and extlib had a major version bump. It is then important to look at the changes and see if it does affect modules. Sometimes it doesn't, like when a module drops support for Puppet 5 but our modules already dropped Puppet 5. In that case, it's safe to raise the upper version bound.

To update the upper bounds, bump-dependency-upper-bound can be used. For example, to allow puppetlabs/stdlib 8.x, the new upper bound is 9.0.0:

$ bump-dependency-upper-bound puppetlabs/stdlib 9.0.0 modules/*/*/metadata.json
Updated modules/theforeman/puppet-candlepin/metadata.json: '>= 4.2.0 < 8.0.0' to '>= 4.2.0 < 9.0.0'
Updated modules/theforeman/puppet-certs/metadata.json: '>= 4.25.0 < 8.0.0' to '>= 4.25.0 < 9.0.0'
modules/theforeman/puppet-dhcp/metadata.json already matches 9.0.0
modules/theforeman/puppet-dns/metadata.json already matches 9.0.0