Command Line

Prior to the command line tool (CLI) existing, the only way to interact with the system was through the RESTful API. It helps obfuscate the specifics about each endpoint by encapsulating them behind a target. Currently, this tool provides read only access to API.

$ deps get -h
Retrieve information from the graph

Usage:
  deps get [command]

Available Commands:
  dependencies Get the list of modules the given module depends on
  dependents   Get the list of modules that depend on the given module
  modules      Get a list of modules from the service
  sources      Get a list of source repositories from the service

Flags:
  -h, --help   help for get

Use "deps get [command] --help" for more information about a command.

Installation

You can install our CLI a few different ways. On Ubuntu, you can tap our apt repository.

$ echo "deb [trusted=yes] https://apt.fury.io/depscloud/ /" | sudo tee /etc/apt/sources.list.d/depscloud.list
$ sudo apt-get update
$ sudo apt-get install depscloud-cli

$ deps version
deps {version: 0.0.13, commit: a99e9a737103b7b79294b3b754e005c49267cdbd, date: 2020-06-27T22:21:27Z}

On OSX, you can tap our Homebrew repository.

$ brew tap depscloud/tap
$ brew install depscloud-cli

$ deps version
deps {version: 0.0.13, commit: a99e9a737103b7b79294b3b754e005c49267cdbd, date: 2020-06-27T22:21:27Z}

Finally, you can download the latest deps binary from GitHub releases.

https://github.com/depscloud/depscloud/releases/latest

Configuration

The deps can be configured to point at a custom deployment of the deps.cloud ecosystem. This is done using the DEPSCLOUD_BASE_URL environment variable. Here’s an example of how to configure it to use the public API (default behavior)

export DEPSCLOUD_BASE_URL="https://api.deps.cloud"

If you’re trying things out locally, you can also point it at an instance running in docker.

export DEPSCLOUD_BASE_URL="http://localhost:8080"

Use Cases

There are many use cases that this tool supports. This section details several sample queries to help get folks started.

Modules

Modules represent both libraries and applications in the dependency graph. These can be queried for in one of two ways. The first option is to list all modules the service knows about.

$ deps get modules
...

The second option is to list all modules produced by a given repository. To query for this information, simply add the --url or -u flag.

$ deps get modules -u https://github.com/depscloud/api.git
{"manages":{"language":"node","system":"npm","version":"0.1.16"},"module":{"language":"node","organization":"depscloud","module":"api","name":"@depscloud/api"}}
{"manages":{"language":"go","system":"vgo","version":"latest"},"module":{"language":"go","organization":"github.com","module":"depscloud/api","name":"github.com/depscloud/api"}}

Sources

Currently, a source represents a repository. It can later be used to represent other sources of dependency information (like Nexus and other artifact repositories). Similar to modules, sources can queried multiple ways. The first option is to list all sources the service knowns about.

$ deps get sources
...

The second option is to list all sources for a given module. To query or this information, the --language and --name flags must be provided. Alternatively, the corresponding shorthands -l and -n can be used respectively.

$ deps get sources -l go -n github.com/depscloud/api
{"source":{"url":"https://github.com/depscloud/api.git","ref":"refs/heads/main","kind":"repository"},"manages":{"language":"go","system":"vgo","version":"latest"}}

Dependents

Dependent modules are those who consume the module you’re querying for. That is, modules who list your module as a dependency.

$ deps get dependents -l go -n github.com/depscloud/api
{"depends":{"language":"go","version_constraint":"v0.1.15","scopes":["direct"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"github.com","module":"depscloud/hacktoberfest","name":"github.com/depscloud/hacktoberfest"}}
{"depends":{"language":"go","version_constraint":"v0.1.16","scopes":["direct"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"github.com","module":"depscloud/depscloud","name":"github.com/depscloud/depscloud"}}

Dependencies

Dependencies are the modules that your module requires. This should rarely differ from the modules you list in your appropriate manifest file (package.json, go.mod, etc.)

$ deps get dependencies -l go -n github.com/depscloud/api
{"depends":{"language":"go","version_constraint":"v0.0.0-20190626221950-04f50cda93cb","scopes":["indirect"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"golang.org","module":"x/sys","name":"golang.org/x/sys"}}
{"depends":{"language":"go","version_constraint":"v0.0.0-20201012135029-0c95dc0d88e8","scopes":["direct"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"google.golang.org","module":"genproto","name":"google.golang.org/genproto"}}
{"depends":{"language":"go","version_constraint":"v0.3.2","scopes":["indirect"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"golang.org","module":"x/text","name":"golang.org/x/text"}}
{"depends":{"language":"go","version_constraint":"v1.3.1","scopes":["direct"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"github.com","module":"gogo/protobuf","name":"github.com/gogo/protobuf"}}
{"depends":{"language":"go","version_constraint":"v1.32.0","scopes":["direct"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"google.golang.org","module":"grpc","name":"google.golang.org/grpc"}}
{"depends":{"language":"go","version_constraint":"v1.4.2","scopes":["direct"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"github.com","module":"golang/protobuf","name":"github.com/golang/protobuf"}}
{"depends":{"language":"go","version_constraint":"v1.15.2","scopes":["direct"],"ref":"refs/heads/main"},"module":{"language":"go","organization":"github.com","module":"grpc-ecosystem/grpc-gateway","name":"github.com/grpc-ecosystem/grpc-gateway"}}

Topology

Topologies are one of the most useful elements of a dependency graph. They can provide you with the full set of transitive modules, build orders, and notions of parallelism.

This is largely because topological queries can be resource intensive. This is due to the fact that the subgraph needs to be buffered before any results can be returned. By implementing this as a client-side feature, we defer the memory/disk cost to clients, allowing them to buffer as they see fit while allowing the tracker to be light weight.

Topologies can be queried in both the dependencies and dependents direction.

$ deps get dependencies topology -l go -n github.com/depscloud/api
{"language":"go","organization":"github.com","module":"depscloud/api","name":"github.com/depscloud/api"}
{"language":"go","organization":"golang.org","module":"x/sys","name":"golang.org/x/sys"}
{"language":"go","organization":"google.golang.org","module":"genproto","name":"google.golang.org/genproto"}
{"language":"go","organization":"golang.org","module":"x/text","name":"golang.org/x/text"}
{"language":"go","organization":"github.com","module":"gogo/protobuf","name":"github.com/gogo/protobuf"}
{"language":"go","organization":"google.golang.org","module":"grpc","name":"google.golang.org/grpc"}
{"language":"go","organization":"github.com","module":"golang/protobuf","name":"github.com/golang/protobuf"}
{"language":"go","organization":"github.com","module":"grpc-ecosystem/grpc-gateway","name":"github.com/grpc-ecosystem/grpc-gateway"}
$ deps get dependents topology -l go -n github.com/depscloud/api
{"language":"go","organization":"github.com","module":"depscloud/api","name":"github.com/depscloud/api"}
{"language":"go","organization":"github.com","module":"depscloud/hacktoberfest","name":"github.com/depscloud/hacktoberfest"}
{"language":"go","organization":"github.com","module":"depscloud/depscloud","name":"github.com/depscloud/depscloud"}

By adding the --tiered flag, you will get a structured set of results back. This is great for building automation around your source code as it not only identifies the order in which things should be built, but it also provides tiers where parallel builds can occur. Consider the following simple example.

$ deps get dependents topology -l go -n github.com/depscloud/api --tiered
[{"language":"go","organization":"github.com","module":"depscloud/api","name":"github.com/depscloud/api"}]
[{"language":"go","organization":"github.com","module":"depscloud/hacktoberfest","name":"github.com/depscloud/hacktoberfest"},{"language":"go","organization":"github.com","module":"depscloud/depscloud","name":"github.com/depscloud/depscloud"}]

In this case, we only have two tiers. Each tier contains a list of modules that can be built in parallel. When one tier is complete, the next tier can be processed safely without worrying about transitive dependency issues.


Last modified October 26, 2020: darken up lines (141fe72)