Skip to content

Add rector/jack for automated dependency management #34

Closed
#102
Closed
Add rector/jack for automated dependency management#34
#102
Assignees
coisa
Labels
enhancementNew feature or request
@coisa

Description

@coisa
coisa
opened on Apr 11, 2026

Problem

DevTools currently uses Rector for automated code refactoring, but it still lacks a first-class dependency maintenance workflow. Keeping Composer constraints healthy is manual, time-consuming, and easy to postpone until dependency drift becomes large enough to hurt upgrades, compatibility, or security response time.

Proposal

Integrate rector/jack into the existing DependenciesCommand so the command becomes the single entrypoint for dependency health checks and guided dependency maintenance.

The command should preview the Jack upgrade workflow by default, then run the existing analyzers. Only when the user explicitly passes --upgrade should the workflow apply changes before running the analyzers.

Goals

  • Add rector/jack as a direct dependency of fast-forward/dev-tools
  • Integrate jack breakpoint into the standard dependencies command workflow
    • Run together with existing analyzers (composer-unused, composer-dependency-analyser)
    • Provide a comprehensive dependency health check
    • Keep the outdated package threshold configurable via --max-outdated (default: 5)
  • Extend the existing dependencies command with these options:
    • --upgrade - Apply the Jack upgrade workflow before checking:
      • vendor/bin/jack open-versions
      • vendor/bin/jack raise-to-installed
      • composer update -W --no-progress
    • no --upgrade - Preview the Jack upgrade workflow before checking:
      • vendor/bin/jack open-versions --dry-run
      • vendor/bin/jack raise-to-installed --dry-run
    • --dev - Prioritize dev dependencies where Jack supports it
  • Add GitHub Actions workflow support to run composer dev-tools dependencies during CI
    • Make the dependency check toggleable through workflow_call and workflow_dispatch
    • Make the --max-outdated threshold configurable through workflow inputs
  • Fail CI when outdated package count exceeds the configured threshold

Expected Behavior

# Standard dependency check (previews Jack workflow, then analyzes)
$ composer dev-tools dependencies
> Previewing dependency upgrade workflow...
> Running composer-unused...
> Running composer-dependency-analyser...
> Running jack breakpoint...
Error: Too many outdated packages (7). Maximum allowed: 5

# Custom limit
$ composer dev-tools dependencies -- --max-outdated=10
> Previewing dependency upgrade workflow...
> Running jack breakpoint...
> All dependencies within the allowed outdated threshold.

# Apply the upgrade workflow and then analyze
$ composer dev-tools dependencies -- --upgrade
> Applying dependency upgrade workflow...
> Running composer update...
> Running dependency analysis...
> All dependencies within the allowed outdated threshold.

# Preview dev dependencies first
$ composer dev-tools dependencies -- --dev
> Previewing dependency upgrade workflow...
> Prioritizing dev dependencies...

Implementation Strategy

  1. Add rector/jack in composer.json
  2. Extend DependenciesCommand so it:
    • always previews the Jack workflow before the analyzers when --upgrade is not passed
    • applies the Jack workflow before the analyzers when --upgrade is passed
    • always runs jack breakpoint together with the existing analyzers
    • supports --max-outdated and --dev
  3. Keep the command orchestration simple and focused
  4. Update the reusable GitHub Actions test workflow to optionally run the dependency health check with configurable thresholds

Requirements

  • The command MUST preview Jack's upgrade workflow by default
  • The command MUST support --upgrade to apply the upgrade workflow before running analyzers
  • The command MUST run jack breakpoint as part of the standard dependency check
  • The command MUST support --max-outdated with default value 5
  • The command MUST support --dev for dev-dependencies-first previews or upgrades
  • The CI check MUST be configurable via workflow_call and workflow_dispatch
  • Exit codes MUST reflect actual command status
  • The command MUST combine the analyzers (composer-unused, composer-dependency-analyser, jack breakpoint) in a single run

Non-goals

  • Not implementing automatic upgrades on every commit
  • Not creating a separate top-level command for Jack
  • Not introducing unnecessary orchestration layers for a small workflow
  • Not affecting non-development environments

Acceptance Criteria

Functional Criteria

  • rector/jack is added as a direct dependency
  • jack breakpoint runs as part of the standard dependencies command
  • --max-outdated works with default value 5
  • the default command previews jack open-versions and jack raise-to-installed before the analyzers
  • --upgrade applies jack open-versions, jack raise-to-installed, and composer update -W --no-progress before the analyzers
  • --dev is forwarded to Jack where supported
  • GitHub Actions can run composer dev-tools dependencies
  • GitHub Actions can configure whether the dependency check runs and which threshold it enforces
  • CI fails when outdated package count exceeds the configured threshold

Architectural / Isolation Criteria

  • MUST: The command layer MUST remain a thin orchestrator.
  • MUST: Exit behavior and CLI output MUST remain deterministic and testable.
  • SHOULD: The implementation SHOULD avoid splitting small orchestration logic into multiple low-value classes.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

PHP Fast Forward Project

Status

Released

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions