Documentation
¶
Overview ¶
Package upgrade applies dependency bumps on behalf of codefly Builder agents. Each language has an Apply(ctx, dir, opts) entry point that invokes the canonical "update lockfile" command and reports what changed.
Defaults are semver-safe (patch+minor only). IncludeMajor opts in to breaking bumps. DryRun reports the changes without writing the lockfile (where the upstream tool supports it).
Index ¶
- type Options
- type Result
- func Docker(ctx context.Context, image string, opts Options) (*Result, error)
- func Golang(ctx context.Context, dir string, opts Options) (*Result, error)
- func Node(ctx context.Context, dir string, opts Options) (*Result, error)
- func Python(ctx context.Context, dir string, opts Options) (*Result, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Options ¶
type Options struct {
IncludeMajor bool
DryRun bool
// Only restricts the upgrade to these packages. Empty = all eligible.
Only []string
}
Options is shared across language adapters.
type Result ¶
type Result struct {
Changes []*builderv0.UpgradeChange
LockfileDiff string
}
Result is what every Apply* function returns. LockfileDiff is a human-facing summary (e.g. truncated `git diff` of go.sum) for the CLI to print; it's allowed to be empty.
func Docker ¶
Docker reports a tag bump for a stock image (e.g. postgres:16 → 16.4) by querying the Docker Hub registry for available tags. No actual pull or rebuild — Docker-only agents (postgres, redis, etc.) read the chosen tag from settings, so the only state to update is the agent settings file. This function returns the change set; the caller (the agent's Builder.Upgrade) is responsible for persisting the new tag in service settings.
Strategy: if the current tag looks like a major (e.g. "16"), bump to the latest minor within that major. If it looks like a full semver (e.g. "16.2.1"), bump within the same major unless IncludeMajor.
curl is used directly so we don't pull in a Docker registry SDK; missing curl → return empty result.
func Golang ¶
Golang bumps Go module dependencies in dir.
Strategy:
- patch+minor (default): `go get -u=patch ./...` for individual deps in the main module; this is the conservative semver-safe bump.
- include_major: `go get -u ./...` (still respects semantic import versioning — module v2+ requires `/v2` in the path, so true major bumps need explicit re-import; this just picks up the latest minor within the current major).
Then `go mod tidy` to align go.sum. Changes are computed by snapshotting `go list -m -json all` before and after.
dry_run snapshots before, runs the bump in a copy via go.work overlay — too invasive — so for now we just compute the bump preview by reading `go list -m -u -json all` (which knows the available updates) and skip the write.
func Node ¶
Node bumps Node packages in dir.
Strategy:
- default (patch+minor): `npm update --save` — respects the semver range in package.json (caret/tilde), so it picks up the latest within the allowed range.
- include_major: `npm install <pkg>@latest` per package, computed from `npm outdated --json`. This crosses major boundaries.
Changes are computed from the diff of `npm ls --json` snapshots. dry_run uses `npm outdated --json` (no writes).
func Python ¶
Python bumps Python deps in dir.
Strategy: parse requirements.txt, query `pip install --dry-run <pkg>==` to find the latest version pip considers installable (respecting already-installed constraints). For include_major=false we filter out version jumps that cross the major component.
dry_run: report what would change but never invoke pip install. non-dry: rewrite requirements.txt with pinned versions and run `pip install -r requirements.txt --upgrade` so the venv is also updated.
Source Files