Skip to content
lock

GitHub Action

Enforce Package Dependency Version

v2.1.0 Latest version

Enforce Package Dependency Version

lock

Enforce Package Dependency Version

Enforce a package version for a dependency or dev-dependency

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Enforce Package Dependency Version

uses: sharesight/[email protected]

Learn more about this action in sharesight/enforce-package-dependency-version

Choose a version

enforce-package-dependency-version

This Github Actions helps enforce that a specific package version, range, prerelease, etc exists in your package.json and yarn.lock.

⚠️ Uses yarn why …, so only yarn is supported for now.

Example Workflow

This action runs itself here.

name: Enforce Package

on: push

jobs:
  typescript:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - name: "Enforce Version"
        id: enforce
        uses: sharesight/enforce-package-dependency-version@v2
        with:
          package: "typescript"
          range: ">=4.2.0"

      - name: Debug
        if: always()
        run: |
          echo target_version: ${{ steps.enforce.outputs.target_version }}
          echo resolved_version: ${{ steps.enforce.outputs.resolved_version }}

Inputs

Name Description Example Default Value
package The name of the dependency to check. '@sharesight/package ' [required]
directory Directory where your package.json can be found. '../packages/static-site' env.GITHUB_WORKSPACE
range A semver range '^1.2.3' [required]
version_prerelease An optional prerelease target (read more) 'alpha', true, false false
allow_multiple_versions Allow multiple versions to be resolved? (read more) true, false false

version_prerelease

  • false – requires there is no prerelease.
  • true – allows a prerelease—but it is not required! 1.2.3-prerelease and 1.2.3 are both valid
  • 'prerelease' – means it must match that prerelease.
  • 'prerelease.#' – means it must match that prerelease and identifier.

allow_multiple_versions

Example: you may have Typescript at ^4.2.0 in your codebase, but another package points to 3.x

  • false – means this should only ever resolve to a single version (and that should match our range)
  • true – does not fail if there are multiple versions
    • ⚠️ NOTE: we only look at the first resolved version, assuming this is your version..

Outputs

Name Description Type or Example Value
resolved_version The resolved version of that dependency, eg. in yarn.lock '1.2.3', '1.2.3-prerelease.1', etc…
target_version The target version of that dependency, eg. version in package.json '^1.2.3'

Development of this Action

Start Development

yarn install
code .
yarn jest:tdd

Build & Release

Prepare Build

  1. Deicde on a semver, eg. 1.2.3.
  2. Bump this version in package.json file.
  3. Bump this version in README.md example.
  4. Run yarn build and commit that dist/index.js change.
  5. Version bumps should go via a PR and be merged into master before releasing.

Create the Release

Manually build a New Release: here

  1. Enter your tag based on the semver.
    • Your tag should be prepended with a v, eg. v1.2.3.
    • Do not use @latest tag.
  2. ⚠️ Point the release to the correct commit (not main)! This should be the PR Merge commit.
  3. Enter a title naming the release (eg. v1.2.3: Brief description of changes)
  4. Enter a fuller description—link to commits, PRs, etc.
  5. Release!