dependency

package

v0.3.0 Latest Latest Go to latest Published: Mar 13, 2026 License: AGPL-3.0, AGPL-3.0-only Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/PrPlanIT/StageFreight

Links

Open Source Insights

Documentation ¶

Index ¶

func EnrichDependencies(deps []freshness.Dependency, advisories []security.Advisory) int
func FetchAdvisories(ctx context.Context, fc forge.Forge, ref, rootDir string) ([]security.Advisory, error)
func GenerateArtifacts(ctx context.Context, repoRoot, outputDir string, result *UpdateResult, ...) ([]string, error)
func LoadAdvisories(rootDir string) ([]security.Advisory, error)
func Verify(ctx context.Context, moduleDirs []string, repoRoot string, ...) (string, error)
type AppliedUpdate
type SkippedDep
- func FilterUpdateCandidates(deps []freshness.Dependency, cfg UpdateConfig, trackedFiles map[string]bool) (candidates []freshness.Dependency, skipped []SkippedDep)
type ToolchainDependency
type UpdateConfig
type UpdateResult
- func Update(ctx context.Context, cfg UpdateConfig, deps []freshness.Dependency) (*UpdateResult, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EnrichDependencies ¶

func EnrichDependencies(deps []freshness.Dependency, advisories []security.Advisory) int

EnrichDependencies merges scanner advisories into resolved dependencies. Conservative matching: requires both ecosystem AND normalized package name match. Skips advisories with ecosystem "unknown" — no guessing. Returns count of enrichments added.

func FetchAdvisories ¶

func FetchAdvisories(ctx context.Context, fc forge.Forge, ref, rootDir string) ([]security.Advisory, error)

FetchAdvisories attempts to download advisories from the latest successful security-scan job via the forge API. Writes the file to the standard location so subsequent LoadAdvisories calls find it. Returns the advisories, or nil+nil if unavailable (not an error).

func GenerateArtifacts ¶

func GenerateArtifacts(ctx context.Context, repoRoot, outputDir string, result *UpdateResult, bundle bool) ([]string, error)

GenerateArtifacts creates output files in the specified directory. Uses repoRoot for all git operations (git diff, git apply --check).

func LoadAdvisories ¶

func LoadAdvisories(rootDir string) ([]security.Advisory, error)

LoadAdvisories reads the security advisory bridge file. Returns empty slice + nil error if file doesn't exist (no advisories = normal).

func Verify ¶

func Verify(ctx context.Context, moduleDirs []string, repoRoot string, runTests, runVulncheck bool) (string, error)

Verify runs post-update verification (go test + govulncheck) on the given module directories. moduleDirs should be absolute paths — only dirs where updates were actually applied.

Types ¶

type AppliedUpdate ¶

type AppliedUpdate struct {
	Dep        freshness.Dependency
	OldVer     string
	NewVer     string
	UpdateType string // "major", "minor", "patch", "tag"
	CVEsFixed  []string
}

AppliedUpdate records a single dependency that was successfully updated.

type SkippedDep ¶

type SkippedDep struct {
	Dep    freshness.Dependency
	Reason string
}

SkippedDep records a dependency that was not updated, with a reason.

func FilterUpdateCandidates ¶

func FilterUpdateCandidates(deps []freshness.Dependency, cfg UpdateConfig, trackedFiles map[string]bool) (candidates []freshness.Dependency, skipped []SkippedDep)

FilterUpdateCandidates separates deps into actionable candidates and skipped. Each skipped dep gets an explicit reason string.

type ToolchainDependency ¶

type ToolchainDependency struct {
	Ecosystem    string // "golang"
	Name         string // "go"
	Version      string // "1.26.1"
	BuilderImage string // "docker.io/library/golang:1.26.1-alpine3.23"
	Dockerfile   string // repo-relative Dockerfile path
	ModuleDir    string // repo-relative module dir
}

ToolchainDependency records a resolved build toolchain for reporting and SBOM.

type UpdateConfig ¶

type UpdateConfig struct {
	RootDir    string
	OutputDir  string // default ".stagefreight/deps/" — overwrites existing artifacts
	DryRun     bool
	Bundle     bool     // generate .tgz
	Verify     bool     // run tests after update (default true)
	Vulncheck  bool     // run govulncheck after update (default true)
	Ecosystems []string // filter by ecosystem (empty = all)
	Policy     string   // "all" (default), "security"
}

UpdateConfig holds configuration for the dependency update command.

type UpdateResult ¶

type UpdateResult struct {
	Applied           []AppliedUpdate
	Skipped           []SkippedDep
	Toolchains        []ToolchainDependency // resolved build toolchains for SBOM/reporting
	Verified          bool
	VerifyLog         string
	VerifyErr         error
	Artifacts         []string
	ArtifactErr       error    // non-nil if artifact generation failed (non-fatal)
	TouchedModuleDirs []string // repoRoot-relative Go module dirs that were updated
	FilesChanged      []string // files modified by updates (go.mod, go.sum, Dockerfiles)
}

UpdateResult holds the outcome of a dependency update run.

func Update ¶

func Update(ctx context.Context, cfg UpdateConfig, deps []freshness.Dependency) (*UpdateResult, error)

Update resolves, filters, applies, verifies, and generates artifacts for dependency updates.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL