Skip to content

Add cross-package dependency verification to CI (Dispatch #68)#713

Open
JnyJny wants to merge 1 commit intomainfrom
dispatch-68-prek-dependency-verification
Open

Add cross-package dependency verification to CI (Dispatch #68)#713
JnyJny wants to merge 1 commit intomainfrom
dispatch-68-prek-dependency-verification

Conversation

@JnyJny
Copy link
Copy Markdown
Owner

@JnyJny JnyJny commented Apr 7, 2026

Summary

Implements cross-package dependency verification for the busylight monorepo to prevent it from silently devolving into a monolith by catching undeclared cross-package dependencies.

Changes

New Script: scripts/verify-cross-package-deps.py

  • Scans all workspace members for cross-package imports
  • Cross-references imports against declared dependencies in pyproject.toml
  • Fails the build on any undeclared cross-package imports
  • Uses Python AST parsing for accurate import detection
  • Handles relative imports and module name mapping correctly

CI Integration

  • Added dependency verification step to .github/workflows/ci.yml
  • Runs as part of the dependency-check job
  • Provides clear error messages and remediation guidance

Documentation

  • Added scripts/README.md explaining the verification process
  • Documented relationship to existing deptry checks

Technical Details

  • AST Parsing: Uses Python's ast module to accurately parse import statements
  • Relative Import Handling: Correctly ignores relative imports (e.g., from .module import ...)
  • Dependency Mapping: Handles both package names (busylight-core) and module names (busylight_core)
  • Workspace Detection: Automatically discovers packages via uv workspace configuration

Testing

The script correctly identifies the current valid cross-package dependency:

  • busylight-for-humansbusylight_core (properly declared as busylight-core>=2.3.0)

Dispatch #68

This addresses the requirement to "Add prek dependency verification to busylight-core monorepo CI" by implementing a custom solution that:

  1. ✅ Scans all imports in each workspace member
  2. ✅ Cross-references against declared dependencies in pyproject.toml
  3. ✅ Fails the build on undeclared cross-package imports
  4. ✅ Prevents monorepo from becoming a monolith

The tool provides better monorepo-specific dependency verification than generic tools, focusing specifically on cross-package boundaries within the workspace.

@JnyJny
Add cross-package dependency verification to CI (Dispatch #68)
1e7ff19 
- Implement verify-cross-package-deps.py script to scan workspace packages for undeclared cross-package imports
- Prevent monorepo from silently devolving into monolith by enforcing dependency boundaries
- Integration with CI workflow as part of dependency-check job
- Uses Python AST parsing to accurately identify imports and cross-reference with pyproject.toml dependencies
- Handles workspace package discovery, relative imports, and module name mapping
- Provides clear error messages and remediation guidance when violations are found

The script complements existing deptry checks by focusing specifically on cross-package boundaries within the monorepo workspace.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JnyJny