Add Test-time helper to check dependencies #72
Description
Suggested by my colleague @hannahilea
We could have an Aqua.jl style helper like
PackageAnalyzer.test_manifest(...optional_path_to_manifest...)which one can put in their runtests.jl to test the Manifest there against constraints like:
- all dependencies have a permissive license (or just OSI-approved, depending on config)
- all versions are at least v"0.1"
- all dependencies have a test file / x amount of tests
- all dependencies have a readme or docs with at least x lines
etc.
These could be configured to some extent like
PackageAnalyzer.test_manifest(; min_dependency_version = v"0.1")etc, just as Aqua allows configuration in Aqua.test_all(Package; settings...). Perhaps even a config toml could make sense at some point. I could see also needing to add manual overrides like "I manually verified package X, so let it through even though the automated test fails since it doesn't know the docs are hosted in another repo".
The motivation is automated verification of software release requirements and to fail CI if a dependency is added that does not meet these requirements.
I think the simplest implementation is to test the test-time Manifest.toml using #71, so that all recursive deps are covered and we have particular versions to resolve.