Add --show-dependencies option to dump external dependencies

[bhargavg]

Dump the external dependencies (along with their dependencies) to console.

Sample output for Vapor (v0.7.0):

$ swift-build --show-dependencies
.
├── C7<https://github.com/open-swift/C7.git@0.5.0>
├── S4<https://github.com/open-swift/S4.git@0.4.0>
│   └── C7<https://github.com/open-swift/C7.git@0.5.0>
├── String<https://github.com/Zewo/String.git@0.5.1>
├── StructuredData<https://github.com/Zewo/StructuredData.git@0.5.0>
│   └── C7<https://github.com/open-swift/C7.git@0.5.0>
├── JSON<https://github.com/Zewo/JSON.git@0.5.0>
│   └── StructuredData<https://github.com/Zewo/StructuredData.git@0.5.0>
│       └── C7<https://github.com/open-swift/C7.git@0.5.0>
├── Strand<https://github.com/ketzusaka/Strand.git@1.2.3>
├── Hummingbird<https://github.com/ketzusaka/Hummingbird.git@1.4.0>
│   ├── Strand<https://github.com/ketzusaka/Strand.git@1.2.3>
│   └── C7<https://github.com/open-swift/C7.git@0.5.0>
├── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>
├── HMAC<https://github.com/CryptoKitten/HMAC.git@0.5.2>
│   └── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>
├── SHA2<https://github.com/CryptoKitten/SHA2.git@0.5.1>
│   └── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>
└── Vapor<https://github.com/qutheory/vapor@0.7.0>
    ├── S4<https://github.com/open-swift/S4.git@0.4.0>
    │   └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── String<https://github.com/Zewo/String.git@0.5.1>
    ├── JSON<https://github.com/Zewo/JSON.git@0.5.0>
    │   └── StructuredData<https://github.com/Zewo/StructuredData.git@0.5.0>
    │       └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── Hummingbird<https://github.com/ketzusaka/Hummingbird.git@1.4.0>
    │   ├── Strand<https://github.com/ketzusaka/Strand.git@1.2.3>
    │   └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── HMAC<https://github.com/CryptoKitten/HMAC.git@0.5.2>
    │   └── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>
    └── SHA2<https://github.com/CryptoKitten/SHA2.git@0.5.1>
        └── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>

Only plain text option is supported as of now. Code is extensible to support additional formats like Dot and JSON.

Will add support for other formats in my next PRs.

[czechboy0]

Hi @bhargavg, great stuff!

In the example, I would only expect the Vapor dependency and its dependency tree to be shown. AFAI understand the output, you're actually printing the dependency tree of all the leaf dependencies. So I'd only expect this to be output:

─── Vapor<https://github.com/qutheory/vapor@0.7.0>
    ├── S4<https://github.com/open-swift/S4.git@0.4.0>
    │   └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── String<https://github.com/Zewo/String.git@0.5.1>
    ├── JSON<https://github.com/Zewo/JSON.git@0.5.0>
    │   └── StructuredData<https://github.com/Zewo/StructuredData.git@0.5.0>
    │       └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── Hummingbird<https://github.com/ketzusaka/Hummingbird.git@1.4.0>
    │   ├── Strand<https://github.com/ketzusaka/Strand.git@1.2.3>
    │   └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── HMAC<https://github.com/CryptoKitten/HMAC.git@0.5.2>
    │   └── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>
    └── SHA2<https://github.com/CryptoKitten/SHA2.git@0.5.1>
        └── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>

Or what was the Package.swift of the example above?

[czechboy0]

Also, I think it would be valuable to print the allowed version range, instead of the resolved version in each dependency. That's so that if there's a version conflict, it'd be obvious which two versions are clashing. Does that make sense?

[ddunbar]

Would it be too "magic" to hide the URL string if a package is already depended upon by something earlier in the graph? I think this would make it easier to read and see shared dependencies.

[czechboy0]

@ddunbar I actually wanted to see the full URLs so that I can easily spot conflicting forks of the same project.

[kostiakoval]

how about small code simplification?

let pkgVersion = package.version?.description ?? "unspecified"

[bhargavg]

AFAI understand the output, you're actually printing the dependency tree of all the leaf dependencies.

Good catch, I was actually printing all the leaf dependencies, which is wrong. Modified it to start the graph from root external dependencies.

$ cat Package.swift
import PackageDescription

let package = Package(
    name: "testvapor",
    dependencies: [
        .Package(url: "https://github.com/qutheory/vapor", Version(0,7,0))
    ]
)

$ swift-build --show-dependencies
.
└── Vapor<https://github.com/qutheory/vapor@0.7.0>
    ├── S4<https://github.com/open-swift/S4.git@0.4.0>
    │   └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── String<https://github.com/Zewo/String.git@0.5.1>
    ├── JSON<https://github.com/Zewo/JSON.git@0.5.0>
    │   └── StructuredData<https://github.com/Zewo/StructuredData.git@0.5.0>
    │       └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── Hummingbird<https://github.com/ketzusaka/Hummingbird.git@1.4.0>
    │   ├── Strand<https://github.com/ketzusaka/Strand.git@1.2.3>
    │   └── C7<https://github.com/open-swift/C7.git@0.5.0>
    ├── HMAC<https://github.com/CryptoKitten/HMAC.git@0.5.2>
    │   └── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>
    └── SHA2<https://github.com/CryptoKitten/SHA2.git@0.5.1>
        └── CryptoEssentials<https://github.com/CryptoKitten/CryptoEssentials.git@0.5.2>

Now for the second point you mentioned:

Also, I think it would be valuable to print the allowed version range, instead of the resolved version in each dependency. That's so that if there's a version conflict, it'd be obvious which two versions are clashing.

I think, there are few issues with this approach:

• Indicating version range doesn't tell you which version SwiftPM picked up
• Incase of dependency hell, user has to manually scan through all the dependencies looking for a version clash

IMHO, indicating the version conflicts can be handled differently.

When there are unsolvable version requirements, we show an error message as follows:

error: The dependency graph could not be satisfied (url/of/dependency)

This error doesn't give enough info as to which all dependencies caused the failure.

If we can modify the error as follows, I think it will better help user in finding the problematic dependencies:

error: The dependency graph could not be satisfied
DepC(@v0.1.0) requires DepA(@v0.1.0)
DepB(@v0.1.0) requires DepA(@v0.2.0)

So, I suggest, we modify error reporting code rather than modifying --show-dependencies to handle this.

@ddunbar @mxcl thoughts?

[czechboy0]

@bhargavg Awesome! Yeah you make a good point, better diagnostics in the dependency clashes would probably solve the problem even better. On the other hand, the dependency range is what each package requires, not a specific version. As I see it the dependencies should represent what the packages "want" (version range), not what they "get" (resolved version).

[kostiakoval]

Do we need ShowDependencies class here? I think we can make dumpDependenciesOf a free function. It would be nicer to call it. ShowDependencies.dumpDependenciesOf( vs dumpDependenciesOf(

[bhargavg]

Done

[bhargavg]

On the other hand, the dependency range is what each package requires, not a specific version. As I see it the dependencies should represent what the packages "want" (version range), not what they "get" (resolved version).

@czechboy0 If i understand you correctly, you are talking about the modified error output I proposed right? Yeah, that error message should have the range or explicit version specified in Package.swift file.

[czechboy0]

@bhargavg I actually meant in the dump dependencies function. That I'd expect the representation of the wanted version range instead of the resolved function. But it's definitely something to discuss, we can change that later.

[ddunbar]

@czechboy0 I don't think you should be allowed to have two versions of the same package name in a graph, so conflicting forks shouldn't be possible (unless someone renamed it in the fork, which would then show up). I thought we currently enforced this (pretty sure it will fail to build, even if we don't).

[mxcl]

Lovely!

[mxcl]

If we'd like it to be more readable already (IMO this is fine to merge and we can tweak the usability after we've used it in real world settings), then I'd go with hiding the URLs unless there is a flag specified, same for ranges.

But this is a really great addition, thanks.

[mxcl]

Will merge unless there are objections.

I may change the mode to --print-dependencies, maybe, don't know.

[bhargavg]

@mxcl, the reason why this is not yet merged is, there is no decision made on whether this option should print resolved dependencies -or- the dependent ranges for each dependency as mentioned in their Package.swift

Also, @czechboy0 brought up a case when the graph is unresolvable, how best this option helps the user in identifying the conflicting dependencies.

[mxcl]

I don't think it is necessary to solve those issues before merging this PR. We will learn better what we need with this base functionality there to guide us.

[bhargavg]

Cool...!!! Can't wait to see this get merged.

[aciidgh]

Huh. I think swift ci only available for me on my PRs?
@modocache @shahmishal Do you have any info about this?

[aciidgh]

@swift-ci please test

[bhargavg]

Seems like CI is not started, @mxcl Could you please start CI on this and merge if no modifications are needed?

[mxcl]

@swift-ci Please test

[shahmishal]

@aciidb0mb3r Can you please try again when you get a chance? Thanks!

[aciidgh]

@swift-ci please test

[aciidgh]

@shahmishal tried again, din work

[ddunbar]

The test failures were unrelated, merging.