search

dart-lang / pub-dev

The pub.dev website
https://pub.dev
BSD 3-Clause "New" or "Revised" License
789 stars 146 forks source link

Provide a way to get packages uploaded within a timeframe #1320

Closed donny-dont closed 8 months ago

donny-dont commented 6 years ago

It would be nice to have an API you could query that would give the packages uploaded within a certain time frame. This would allow some interesting 3rd party integrations for pub.

As an example within the NPM community there's Greenkeeper. For those unfamiliar Greenkeeper is a GitHub app that connects to Node repositories. It keeps a record of the package.json in the repository. It queries a NPM server looking for recent updates. If the repository has this package in it it goes ahead and checks if there is any breakage on it with the new revision through the result of a status check from the CI and notifies the developer of any updates and if there are any breakages with packages both in and outside the range specified in the package.json.

With this sort of 3rd party integration it would be possible to do something like Greenkeeper in Dart land as well as enable further integrations.

donny-dont commented 6 years ago

Here's an example of a PR that Greenkeeper creates to update dependencies out of range https://github.com/donny-dont/drone-greenkeeper-test/pull/5 to drive home what its doing and how something along those lines would be beneficial especially considering what pana analyzes.

In the package.json its updating to a newer revision outside of the original package ranges.

isoos commented 6 years ago

Thanks @donny-dont for the pointers!

Some of it we have already: we can detect when a package's dependency has a newer version that is not covered by its (transient) constraints. We do this periodically and we expose it as part of the analysis tab. I think here the priority is to raise awareness of it by notifying the author, and later on we may venture into the git branching and automatic PR territory.

Checking whether the code is able to run in a non-breaking way (e.g. tests and examples) is on our radar, cc @mit-mit for this example.

I'm also wondering if we could bake the version-upgrader functionality into the command-line pub client, e.g. as part of its dependency graph analysis. I remember some related discussions but unaware if there is any plans. cc: @nex3 That way first the developer can auto-upgrade its dependencies, run the tests and commit if they are happy with it. If that tool works, pub server could also run the same and open a PR when needed.

sigurdm commented 8 months ago

I think now that we have dependabot integration, and greenkeeper is shutting down, we'll close this issue.