Skip to content

Add rector/jack for automated dependency management #34

Open
Open
Add rector/jack for automated dependency management#34
Labels
enhancementNew feature or request
@coisa

Description

@coisa
coisa
opened on Apr 11, 2026

Problem

DevTools currently uses Rector for automated code refactoring, but lacks automated dependency management. Keeping dependencies up-to-date is manual, time-consuming, and risky when done in large jumps. Outdated dependencies can lead to security vulnerabilities, compatibility issues, and missed performance improvements.

Proposal

Integrate rector/jack into DevTools to provide automated, safe dependency upgrade management. Jack is a CLI tool that helps raise Composer dependencies one version at a time, making upgrades less painful and more manageable. Reuse the existing DependenciesCommand by adding new parameters.

Goals

  • Add rector/jack as a dependency
  • Integrate jack breakpoint into the standard dependencies command workflow
    • Run together with existing analyzers (composer-unused, composer-dependency-analyser)
    • Provides a comprehensive dependency health check
    • Configurable outdated package threshold via --max-outdated (default: 5)
  • Extend the existing dependencies command with new options:
    • --upgrade - Run the complete upgrade workflow before checking:
      • vendor/bin/jack open-versions - Opens current version constraints to next available versions
      • vendor/bin/jack raise-to-installed - Syncs composer.json with already installed versions
      • composer update -W - Updates all dependencies to latest allowed versions
  • Add GitHub Actions workflow step to use composer dev-tools dependencies for CI validation
    • Configurable via workflow_call inputs or workflow_dispatch inputs
  • Fail CI when too many outdated dependencies are detected (configurable limit)

Expected Behavior

# Standard dependency check (includes jack breakpoint with default limit)
$ composer dev-tools dependencies
> Running composer-unused...
> Running composer-dependency-analyser...
> Running jack breakpoint...
> Checking for outdated dependencies...
Error: Too many outdated packages (7). Maximum allowed: 5

# Custom limit
$ composer dev-tools dependencies --max-outdated=10
> Running jack breakpoint...
> Checking for outdated dependencies...
> All dependencies up to date!

# Upgrade then check
$ composer dev-tools dependencies --upgrade
> Opening version constraints...
> Syncing composer.json with installed versions...
> Running composer update...
> Running dependency analysis...
> All dependencies up to date!

# Dry-run upgrade
$ composer dev-tools dependencies --upgrade --dry-run
> Previewing version constraint changes...
> No actual changes will be made

Implementation Strategy

  1. Add rector/jack as a dependency in composer.json
  2. Extend the existing DependenciesCommand class to integrate jack breakpoint into the standard workflow:
    • Run jack breakpoint together with existing analyzers
    • Add --max-outdated option with default value of 5
    • Add --upgrade option to run the complete upgrade workflow before checking
    • Support for --dev flag to prioritize dev dependencies first
    • Support for --dry-run flag for preview mode
  3. Update GitHub Actions workflow to:
    • Use composer dev-tools dependencies for CI validation
    • Configure --max-outdated via workflow_call inputs or workflow_dispatch inputs

Requirements

  • The upgrade command MUST be safe and reversible (composer.json is version controlled)
  • The command MUST run jack breakpoint as part of the standard dependency check
  • The command MUST support --max-outdated option with default value of 5
  • The command MUST support --dev flag to prioritize dev dependencies first
  • The command MUST support --dry-run for preview mode
  • The command MUST support --upgrade flag to trigger the upgrade workflow
  • The CI check MUST be configurable via workflow_call inputs or workflow_dispatch inputs
  • Exit codes MUST reflect actual command status
  • The command MUST combine all analyzers (composer-unused, composer-dependency-analyser, jack) in a single run

Non-goals

  • Not implementing automatic upgrades on every commit (manual trigger only)
  • Not changing the existing dev-tools command signatures
  • Not affecting non-development environments

Acceptance Criteria

Functional Criteria

  • rector/jack is added as a dev dependency
  • jack breakpoint runs as part of standard dependencies command
  • --max-outdated option works with default value of 5
  • --upgrade option works in DependenciesCommand
  • Command supports --dry-run flag for preview
  • Command supports --dev flag for dev-dependencies-first approach
  • GitHub Actions workflow uses composer dev-tools dependencies for CI
  • GitHub Actions workflow is configurable via workflow_call and workflow_dispatch
  • CI fails when outdated package count exceeds threshold

Architectural / Isolation Criteria

  • MUST: The upgrade logic MUST be isolated into a dedicated service class.
  • MUST: The command layer MUST act only as an orchestrator (calls Jack, Composer).
  • MUST: Output formatting MUST stay separate from execution logic.
  • MUST: Exit behavior, error messaging, and generated output MUST remain deterministic and testable.
  • MUST: Argument and option resolution MUST be validated separately from command execution logic.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions