dependencies.io is a product of Dropseed

Where to Start

Dependencies.io is made up of two types of components. We call them “collectors” and “actors”. Understanding what role each plays, and how they work together is the key to building new components which run on our platform. In the end, collectors and actors are just docker containers that follow an established pattern.

Overview diagram

Collectors

The role of a collector is to figure out which packages are installed. Depending on the tools available, this can be straightforward or take a little extra work.

More about collectors

Actors

An actor is given a JSON of collected dependencies, and does something with them! Most often this means performing an update and using git + pullrequest to send it back to the user (that’s what the majority of our actors do).

More about actors

JSON schema

Collectors and actors communicate to each other, and the rest of the dependencies.io system, using a JSON schema. Our JSON schema describes a format for listing “dependencies” with their location in the repo, the version that is installed, and the versions that are available. It can also contain version “content” which usually consists of release notes or changelogs that pertain to a particular release.

When a collector reports what it found, it does that using the JSON schema. An actor is given dependencies in that same schema, and once it has acted on them, it reports that by outputting the same JSON schema.

More about our JSON schema

dependencies-cli

In order to bring all these concepts together and make the development process as easy as possible, we built dependencies-cli. It is the tool we use ourselves for developing our official collectors and actors, and provides a helpful test framework.

More about dependencies-cli