The metadata-json-deps tool validates dependencies in metadata.json files in Puppet modules against the latest published versions on the Puppet Forge.
metadata-json-deps is compatible with Ruby versions 3.1 and newer.
via gem command:
gem install metadata_json_depsvia Gemfile:
gem 'metadata_json_deps'On the command line, run metadata-json-deps with the path(s) of your metadata.json file(s):
metadata-json-deps /path/to/metadata.jsonExample output:
$ metadata-json-deps modules/*/*/metadata.json
Checking modules/theforeman/puppet-candlepin/metadata.json
puppetlabs/stdlib (>= 4.2.0 < 8.0.0) doesn't match 8.1.0
puppet/extlib (>= 3.0.0 < 6.0.0) doesn't match 6.0.0
Checking modules/theforeman/puppet-certs/metadata.json
puppetlabs-stdlib (>= 4.25.0 < 8.0.0) doesn't match 8.1.0
puppet-extlib (>= 3.0.0 < 6.0.0) doesn't match 6.0.0
Checking modules/theforeman/puppet-dhcp/metadata.json
Checking modules/theforeman/puppet-dns/metadata.jsonIt can also be run verbosely to show valid dependencies:
metadata-json-deps -v modules/*/metadata.jsonYou can also integrate metadata-json-deps checks into your tests using a Rake task:
require 'metadata_json_deps'
desc 'Run metadata-json-deps'
task :metadata_deps do
files = FileList['modules/*/metadata.json']
abort if MetadataJsonDeps::run(files)
endAfter detecting outdated dependencies, it's important to do something about this. Taking the earlier example, you can see some modules should allow newer dependencies (candlepin and certs) while others are up to date (dhcp and dns).
The next step is to look into the newer dependencies. In this case stdlib and extlib had a major version bump. It is then important to look at the changes and see if it does affect modules. Sometimes it doesn't, like when a module drops support for Puppet 5 but our modules already dropped Puppet 5. In that case, it's safe to raise the upper version bound.
To update the upper bounds, bump-dependency-upper-bound can be used. For example, to allow puppetlabs/stdlib 8.x, the new upper bound is 9.0.0:
$ bump-dependency-upper-bound puppetlabs/stdlib 9.0.0 modules/*/*/metadata.json
Updated modules/theforeman/puppet-candlepin/metadata.json: '>= 4.2.0 < 8.0.0' to '>= 4.2.0 < 9.0.0'
Updated modules/theforeman/puppet-certs/metadata.json: '>= 4.25.0 < 8.0.0' to '>= 4.25.0 < 9.0.0'
modules/theforeman/puppet-dhcp/metadata.json already matches 9.0.0
modules/theforeman/puppet-dns/metadata.json already matches 9.0.0