Diff poetry.lock with diff-poetry-lock in CI

Poetry's TOML lockfiles are very verbose and difficult to review quickly. This friction complicates the responsible acceptance of pull requests that change dependencies. diff-poetry-lock aims to solve this problem by posting a readable summary of all lockfile changes to pull requests.

Example

Usage

GitHub Actions action

Simply add the following step to your GitHub Action:

    steps:
      - name: Diff poetry.lock
        uses: target/diff-poetry-lock@30a153ca2d5cbdd209fc78b0ec013915748b6bab # v0.0.2

When the diff changes during the lifetime of a pull request, the original comment will be updated. If all changes are rolled back, the comment will be deleted.

Vela CI plugin

stages:
  diff-poetry-lock:
    steps:
      - name: Post changed Poetry packages when poetry.lock changes
        image: ghcr.io/target/diff-poetry-lock:v0.0.3
        ruleset:
          event: [ push ]
          path: [ "poetry.lock" ]
          continue: true
        secrets:
          # setup the secret, too!
          - source: service_account_github_token
            target: github_token
        parameters:
          github_token: ${GITHUB_TOKEN}
          github_api_url: https://git.example.com/api/v3

Debug logging

Set the DEBUG_MODE environment variable to true (or 1, yes, on) to enable verbose debug logging. When unset, only informational and higher-level log messages are emitted, reducing noise in CI logs.

History

• Originally written by @nborrmann at https://github.com/nborrmann/diff-poetry-lock.
• Contributions proposed to that project and unmerged as of December 2025 were integrated by @banginji and @colindean.