Diff poetry.lock with diff-poetry-lock in CI

Poetry's TOML lockfiles are very verbose and difficult to review quickly. This friction complicates the responsible acceptance of pull requests that change dependencies. diff-poetry-lock aims to solve this problem by posting a readable summary of all lockfile changes to pull requests.

Example

### Detected 6 changes to dependencies in Poetry lockfile

From base f4e6ca0f4d67d9bb3f8ab43a89ceca2d0d2be7a1 to target a86b84f85d0bb2bf2fca6d6e8c58f2ce6f9e393c:

Added **pydantic** (1.10.6)
Added **requests-mock** (1.10.0)
Added **six** (1.16.0)
Added **tomli** (2.0.1)
Added **typing-extensions** (4.5.0)
Updated **urllib3** (1.26.14 -> 1.26.15)

*(5 added, 0 removed, 1 updated, 4 not changed)*

<small>Generated by diff-poetry-lock 1.0.1</small>

Usage

GitHub Actions action

Simply add the following step to your GitHub Action:

    steps:
      - name: Diff poetry.lock
        uses: target/diff-poetry-lock@30a153ca2d5cbdd209fc78b0ec013915748b6bab # v0.0.2
        with:
          # Optional: force a specific Poetry runtime version for lockfile compatibility.
          # The version must align with the major version that diff-poetry-lock uses,
          # or incompatible API changes may cause failures.
          poetry_version: "2.3.2"

When the diff changes during the lifetime of a pull request, the original comment will be updated. If all changes are rolled back, the comment will be deleted.

Vela CI plugin

stages:
  diff-poetry-lock:
    steps:
      - name: Post changed Poetry packages when poetry.lock changes
        image: ghcr.io/target/diff-poetry-lock:v0.0.3
        ruleset:
          event: [ push ]
          path: [ "poetry.lock" ]
          continue: true
        secrets:
          # setup the secret, too!
          - source: service_account_github_token
            target: github_token
        parameters:
          github_token: ${GITHUB_TOKEN}
          github_api_url: https://git.example.com/api/v3

Debug logging

Set the DEBUG_MODE environment variable to true (or 1, yes, on) to enable verbose debug logging. When unset, only informational and higher-level log messages are emitted, reducing noise in CI logs.

History

Originally written by @nborrmann at https://github.com/nborrmann/diff-poetry-lock.
Contributions proposed to that project and unmerged as of December 2025 were integrated by @banginji and @colindean.

Name		Name	Last commit message	Last commit date
Latest commit History 207 Commits
.github		.github
diff_poetry_lock		diff_poetry_lock
.editorconfig		.editorconfig
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
action.yaml		action.yaml
entrypoint.sh		entrypoint.sh
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Diff poetry.lock with diff-poetry-lock in CI

Example

Usage

GitHub Actions action

Vela CI plugin

Debug logging

History

About

Uh oh!

Releases 3

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Diff poetry.lock with diff-poetry-lock in CI

Example

Usage

GitHub Actions action

Vela CI plugin

Debug logging

History

About

Resources

License

Code of conduct

Security policy

Uh oh!

Stars

Watchers

Forks

Releases 3

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages