Here's a hypothetical scenario at a company: We have 2 repos that builds and deploys code as tools and libraries for other apps at the company. Let's call this lib1
and lib2
.
There's a third repo, let's call it app
, that is application code that depends on lib1
and lib2
.
The hard part right now is keeping track of which version of lib1
and lib2
are packaged for app
at any point in time.
I'd like to know at a glance, say 1 month ago, what versions of app
is deployed and what version of lib1
and lib2
they were using. Ideally, I'm looking for a software solution that would be agnostic to any CI/CD build system, and doubly ideally, an open source one. Maybe a simple web service you call with some metadata, and it displays it in a nice UI.
Right now, we accomplish this by looking at logs, git commit history, and stick things together. I know I can build a custom solution pretty easily, but I'm looking for something more out-of-the-box.
It's probably more than you'd need for just two dependencies, but Apache's Ivy does more or less exactly that (although admittedly without a nice web UI)
https://ant.apache.org/ivy/
Another solution for simple builds could be to use git submodules to include your libraries, that way for any commit of the top level you can see exactly what commit of the lower levels you're using