Is there a way to add to that weekly report the new dependencies that were introduced in the week before, or that have changed?
We are not addressing another important problem: Leaking of dependencies. I am not aware of the gradle equivalent of the maven dependency plugin that helps to determine missing dependencies (non explicitly defined) or unused dependencies. Is there any way to achieve this too? (Note this should probably be enforced at Jenkins not part of the report but just curious) On Wed, May 30, 2018 at 5:16 AM Yifan Zou <yifan...@google.com> wrote: > > Thanks everyone for making comments and suggestions. I modified the proposal > that added dependency release time as the major criteria for outdated package > determination. > The revised doc is here: > https://docs.google.com/document/d/1rqr_8a9NYZCgeiXpTIwWLCL7X8amPAVfRXsO72BpBwA. > Any comments are welcome. > > -Yifan > > On Thu, May 24, 2018 at 5:25 PM Chamikara Jayalath <chamik...@google.com> > wrote: >> >> Thanks Yifan. Added some comments. I think having regularly generated human >> reports on outdated decencies of Beam SDKs will be extremely helpful in >> keeping Beam in a healthy state. >> >> - Cham >> >> On Thu, May 24, 2018 at 7:08 AM Yifan Zou <yifan...@google.com> wrote: >>> >>> Hello, >>> >>> I have a proposal to automate Beam dependency check. Since some Beam >>> dependent packages are out-of-date, we want to identify them and check for >>> dependency updates regularly in the future. Generally, we have couple >>> options to do it: >>> 1. Implementing a Jenkins job that check dependency versions and create >>> reports. >>> 2. Using the Github App Dependabot to automate dependency updates. >>> 3. Combination of those two solutions. >>> >>> I am looking forward to hearing feedback from you :) >>> >>> https://docs.google.com/document/d/1rqr_8a9NYZCgeiXpTIwWLCL7X8amPAVfRXsO72BpBwA/ >>> >>> Thanks. >>> >>> Best. >>> Yifan Zou
