cargo_check.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

#!/usr/bin/env python3
"""
Checks if a Cargo.toml file of a Rust Cargo package has
dependencies that could be updated. This is different from
'cargo update' which only performs updates that aren't
breaking according to semantic versioning.

Written by Martin Fischer <martin@push-f.com> and licensed under MIT.
"""
from multiprocessing.dummy import Pool
import toml
import requests

sess = requests.session()
sess.headers['user-agent'] = 'cargo_check.py'

tasks = []

with open('Cargo.toml') as f:
    data = toml.load(f)
    for name, info in data['dependencies'].items():
        version = info if isinstance(info, str) else info.get('version')
        tasks.append((name, version))


def check_package(info):
    name, version = info
    res = sess.get('https://crates.io/api/v1/crates/{}'.format(name))
    all_versions = res.json()['versions']

    # filter semantic versioning pre-releases
    releases = [v for v in all_versions if not '-' in v['num']]

    if len(releases) == 0:
        print('[error] {}: all versions are pre-releases'.format(name))
        return

    latest_release = releases[0]

    if latest_release['yanked']:
        print('[error] {}: latest release was yanked'.format(name))
    elif not latest_release['num'].startswith(version):
        if not any([1 for v in all_versions if v['num'].startswith(version)]):
            print('[error] {}: version {} does not exist'.format(name, version))

        print(
            '[outdated] {} ({}): {} is available'.format(
                name, version, latest_release['num']
            )
        )


pool = Pool()
pool.map(check_package, tasks)