First, thank you so much for creating and maintaining bpkg. It is the shell script package manager I've been waiting for my whole life.
Second, this is meant as a humble request for enhancement, not a demand. If this isn't a thing bpkg wants to build or own, that's totally cool.
Generally speaking, these tools will:
- based on a configuration, look at a repo for lists of packages, modules, dependencies, etc. (e.g.,
requirements.txt for python, package-lock.json for npm, etc.) and figure out what a repo is using
- query an endpoint to determine if there are updates for any of those dependencies
- if there's an update for a thing, generate a PR that includes a patched version of that file with the new version
The tool runs on some kind of schedule (e.g., weekly), and handles the PR generation and such. The requirement is really mostly providing an "endpoint" to query. In terms of a minimal viable process, think one could dump a JSON file somewhere with a list of packages and their latest versions and call it done.
I was thinking that at the simplest, one could iterate across all of the packages and do something like this to create JSON objects from bpkg show listings:
(
echo '['
for item in $(bpkg list) ; do
(
echo "{" ; bpkg show "$item" | sed -Ene 's/^([^:]+)\s*:\s*(.*)$/"\1":"\2",/p' ; echo "},"
) | sed -Eze 's/,\s*}/}/'
done ; echo ']'
) | sed -Eze 's/,\s*\]/]/' > all_packages.json(it's ugly, I know. apologies. I also know it could be made simpler with jq with --slurp and --arg but I just wanted to get something down)
I'm kinda thinking that a better case would be if it would be possible to have bpkg show support --json flag to get around having to construct JSON with echo and sed (known anti-patterns). It seems like that could be a separate issue.
Anyways, point is, all_packages.json here would be updated regularly (daily?), possibly via GitHub Action so that at least Renovate would have an endpoint to query so that it could do its thing.
What do you all think?
First, thank you so much for creating and maintaining bpkg. It is the shell script package manager I've been waiting for my whole life.
Second, this is meant as a humble request for enhancement, not a demand. If this isn't a thing bpkg wants to build or own, that's totally cool.
Generally speaking, these tools will:
requirements.txtfor python,package-lock.jsonfor npm, etc.) and figure out what a repo is usingThe tool runs on some kind of schedule (e.g., weekly), and handles the PR generation and such. The requirement is really mostly providing an "endpoint" to query. In terms of a minimal viable process, think one could dump a JSON file somewhere with a list of packages and their latest versions and call it done.
I was thinking that at the simplest, one could iterate across all of the packages and do something like this to create JSON objects from
bpkg showlistings:(it's ugly, I know. apologies. I also know it could be made simpler with
jqwith--slurpand--argbut I just wanted to get something down)I'm kinda thinking that a better case would be if it would be possible to have
bpkg showsupport--jsonflag to get around having to construct JSON withechoandsed(known anti-patterns). It seems like that could be a separate issue.Anyways, point is,
all_packages.jsonhere would be updated regularly (daily?), possibly via GitHub Action so that at least Renovate would have an endpoint to query so that it could do its thing.What do you all think?