Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kubernetes-sigs/depstat

depstat is a dependency analyzer for Go modules enabled projects. It runs as part of the Kubernetes CI pipeline to help evaluate dependency updates to Kubernetes.
https://github.com/kubernetes-sigs/depstat

cli cobra dependency dependency-analyzer golang k8s-sig-architecture kubernetes kubernetes-ci-pipeline

Last synced: 7 days ago
JSON representation

depstat is a dependency analyzer for Go modules enabled projects. It runs as part of the Kubernetes CI pipeline to help evaluate dependency updates to Kubernetes.

Host: GitHub
URL: https://github.com/kubernetes-sigs/depstat
Owner: kubernetes-sigs
License: apache-2.0
Created: 2021-02-11T14:23:46.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2022-10-31T19:12:30.000Z (almost 2 years ago)
Last Synced: 2024-09-23T12:32:54.451Z (10 days ago)
Topics: cli, cobra, dependency, dependency-analyzer, golang, k8s-sig-architecture, kubernetes, kubernetes-ci-pipeline
Language: Go
Homepage:
Size: 37.6 MB
Stars: 33
Watchers: 5
Forks: 16
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: code-of-conduct.md
- Security: SECURITY.md

Awesome Lists containing this project

README

# depstat

`depstat` is a command-line tool for analyzing dependencies of Go modules enabled projects.

![depstat demo with k8s repo](./depstat-demo.gif)

## Installation
To install depstat you can run

```
go install github.com/kubernetes-sigs/depstat@latest
```

## Usage

- `depstat` can be used as a standalone command-line application. You can use `depstat` to produce metrics about the dependencies of your Go modules enabled project.

- Another common way to run `depstat` is in the CI pipeline of your project. This would help you analyze the dependency changes which come with PRs.
You can look at how this is done for the [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repo using [prow](https://github.com/kubernetes/test-infra/tree/master/prow) [here](https://github.com/kubernetes/test-infra/blob/master/config/jobs/kubernetes/sig-arch/kubernetes-depstat.yaml).

## Commands

To see the list of commands `depstat` offers you can run `depstat help`. `depstat` currently supports the following commands:

### cycles

`depstat cycles` shows all the cycles present in the dependencies of the project.

An example of a cycle in project dependenies is:
`golang.org/x/net -> golang.org/x/crypto -> golang.org/x/net`

`--json` prints the output of the cycles command in JSON format. For the above example the JSON output would look like this:
```
{
"cycles": [
[
"golang.org/x/net",
"golang.org/x/crypto",
"golang.org/x/net"
]
]
}
```

### graph

`depstat graph` will generate a `graph.dot` file which can be used with [Graphviz](https://graphviz.org)'s dot command to visualize the dependencies of a project.

For example, after running `depstat graph`, an SVG can be created using:
`twopi -Tsvg -o dag.svg graph.dot`

By default, the graph would be created around the main module (first module in the `go mod graph` output), but you can choose to create a graph around a particular dependency using the `--dep` flag.

### list

`depstat list` shows a sorted list of all project dependencies. These include both direct and transitive dependencies.

1. Direct dependencies: Dependencies that are directly used in the code of the project. These do not include standard go packages like `fmt`, etc. These are dependencies that appear on the right side of the main module in the `go mod graph` output.

2. Transitive dependencies: These are dependencies that get imported because they are needed by some direct dependency of the project. These are dependencies that appear on the right side of a dependency that isn't the main module in the `go mod graph` output.

### stats

`depstat stats` will provide the following metrics about the dependencies of the project:

1. Direct Dependencies: Total number of dependencies required by the [main module(s)](#main-module) directly.

2. Transitive Dependencies: Total number of transitive dependencies (dependencies which are further needed by direct dependencies of the project).

3. Total Dependencies: Total number of dependencies of the [main module(s)](#main-module).

4. Max Depth of Dependencies: Length of the longest chain starting from the first [main module](#main-module); defaults to length from the first module encountered in "go mod graph" output.

- The `--json` flag gives this output in a JSON format.
- `--verbose` mode will help provide you with the list of all the dependencies and will also print the longest dependency chain.

#### main module
By default, the first module encountered in "go mod graph" output is treated as the main module by `depstat`. Depstat uses this main module to determine the direct and transitive dependencies. This behavior can be changed by specifying the main module manually using the `--mainModules` flag with the stats command. The flag takes a list of modules names, for example:

```
depstat stats --mainModules="k8s.io/kubernetes,k8s.io/kubectl"
```

## Project Goals
`depstat` is being developed under the code organization sub-project under [SIG Architecture](https://github.com/kubernetes/community/tree/master/sig-architecture). The goal is to make it easy to evaluate dependency updates to Kubernetes. This is done by running `depstat` as part of the Kubernetes CI pipeline.

## Community Contact Information
You can reach the maintainers of this project at:

[#k8s-code-organization](https://kubernetes.slack.com/messages/k8s-code-organization) on the [Kubernetes slack](http://slack.k8s.io).

### Code of conduct

Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md).