Fork me on GitHub
#tools-deps
<
2020-11-02
>
Oliver George04:11:18

Not sure if this is important/interesting but I hit what seems to be a gitmodules related problem. https://gist.github.com/olivergeorge/abc428669538622b88dd13cd876aceae happened with this deps.edn file:

{:deps {clj-statecharts {:sha "942eb942594cdd6876556cf212d59cff245fa9fe" :git/url ""}}}

alexmiller14:11:34

we have a ticket for git submodules actually https://clojure.atlassian.net/browse/TDEPS-126

alexmiller14:11:54

have been through a few rounds on the patch, but I haven't looked at it recently

borkdude11:11:46

Got part 1 working of clj-kondo deps.edn linting:

3
❤️ 3
🔥 2
🚀 2
clj-kondo 1
alexmiller22:11:29

when you look at a deps tree (`clj -Stree` , lein deps :tree , mvn dependency:tree ), what question are you trying to answer? 1. what are the set of deps I'm using? 2. what version of a particular dep am I using? 3. what are the transitive deps of a particular library? 4. is a particular dep version out of date? 5. is some dep I'm expecting not on my classpath? 6. why is some dep on my classpath?

andy.fingerhut22:11:59

You should give higher weight to the answers of others than me (I'm not using Clojure in production myself), but usually 1 3 6 and sometimes 2.

andy.fingerhut22:11:36

Seems like a question you could reasonably put on State of Clojure Survey 2021 if you were so inclined 🙂

alexmiller22:11:04

so, interestingly you can't answer #3 or to some extent #6 correctly based on the result of any of those tools

alexmiller22:11:25

in many cases deps show up at multiple places in the "tree" (really, a graph) and all print it only at one location (trivial example, clojure is usually included N times but only shows up once)

nate23:11:59

I don't know if this falls into 5 or 6, but I most often: what is forcing dep x to be version y?

nate23:11:26

sometimes I use it for 1, but more often that's -Spath with a grep to find a particular dep

dorab23:11:22

Mostly 6 and 2 for me. 5 and 3 sometimes.

dharrigan07:11:00

6 3 5 1 and lesser 4 2 since I use antq regularly to ensure my deps are up-to-date.

vlaaad08:11:43

I guess that might be a variation of 6, but “what deps depend on this dep?”

dominicm08:11:23

1 2 5 6. With the additional use case of chasing "which dependencies transitively depend on A, and need to have exclusions added." That's particularly annoying in clj as it only shows the dependency that was retained.

rickmoynihan09:11:32

I’d say all of them to some extent, but mainly 5, 6 and 2… 1 is more often asked as a general high-level question; so I’d normally just look at the deps.edn to get a rough overview, and overview of the intention. I usually use -Stree etc to help answer a slightly different question, which is “What deps are being chosen and why”. This usually being a combination of the above options. I think the distinction is often when I’m running -Stree it’s as a debugging tool, and I don’t know what the problem is yet (i.e. it could be 1 because I’ve started with the wrong aliases, it could be 2 because the wrong version of a transitive dep is being selected, it could be 3 if we’re accidentally explicitly depending on a transitive dep which has been removed or isn’t available in the alias combination. Similarly for 5 sometimes 6 if an unused dep is causing a transitive dep to be a different version). For example all of those questions might uncover the reason behind a ClassNotFoundException, or perhaps a method being called with the wrong arguments etc. But until you run -Stree you don’t know which it’s going to be.

rickmoynihan09:11:50

Ahh just seen @U04V70XH6 said essentially the same thing in the main channel

alexmiller22:11:59

some possible answers there, but that's an open set

dpsutton22:11:48

wanting other use cases or to chime in with which of the above are most useful?

alexmiller22:11:18

just what it says above - when you reach for this, what question are you usually trying to answer?

alexmiller22:11:13

or separately, what are some dep tree related questions you would like to be able to answer?

dpsutton22:11:17

used it today to diagnose a bad release of piggieback. it had some extra junk tucked in the jar and the cleanest repo was to clj -Sdeps '{:deps {cider/piggieback {:mvn/version "0.5.1"}}}' -Stree. then rebuilt the jar locally and checked with clj -Sdeps '{:deps {cider/piggieback {:local/root "target/piggieback-0.5.1.jar"}}}' -Stree that the resultant jar was clean so it was just a deploy problem

alexmiller22:11:10

so this is really #1 in a diff scenario

dpsutton22:11:36

yes. 1 and 3

alexmiller22:11:01

well it doesn't really answer #3 - that's often a lie as it's thinning a graph into a tree

ghadi22:11:20

Usually 1 & 3 for me

seancorfield23:11:08

My two scenarios are: 1. trying to debug a problem that turns out to either be an unexpected transitive dependency or an unexpected version of one of them (which is a combination of several of those six things to one degree or another) and 2. as part of my script that attempts to determine #4 above (by synthesizing a new project from the output of clojure -Stree and then running clojure -Stree on that and seeing what versions changed -- but only because none of the "outdated deps" tools out there work properly in our monorepo setup at work).

seancorfield23:11:13

I'd say scenario 1 is a mix of #3, #5, and #6 primarily (and I realize that the tree isn't a full/accurate representation of the actual graph, but it's "close enough" and can always be used selectively with -Sdeps to select specific top-level deps to examine further).

☝️ 1