Check dependency constraints for puppet modules

[bastelfreak]

Every puppet module has a metadata.json file. This file may list dependencies to other puppet modules. Dependencies need to be available on https://forge.puppet.com and they have an upper and lower version constraint. Each of our modules can be visualized as an individual tree. Sometimes the tree isn't valid anymore. It's possible to have two transitive dependencies to the same puppet module, but with non-matching version constraints. We need to create a graph of each module and check if it's still valid.

---

We often need to update our upper version constraints. This increases the user satisfaction and lowers the risk of a broken dependency tree. It's helpful when we get informed about possible updates. (same applies for the Puppet version/operating system, but that might be better handled in a new issue).

[bastelfreak]

There is a related tool from Ben: https://github.com/puppetlabs/puppet-community-rangefinder
It's available as a github app. It does things like this: voxpupuli/puppet-nginx#1325 (comment)

[bastelfreak]

Also the awesome ewoud just created a python script: https://github.com/theforeman/foreman-installer-modulesync/pull/103/files#diff-d122a21cff8c9e871f6287a8fb385db2R1

To generate dependencies and create a list of different tiers. tiers are the different levels in a dependency tree

[bastelfreak]

If we add the label backwards-incompatile to a module, we know that the next release is a major one. That can already trigger a reverse dependency check