chore: replace yarn with npm #629
Conversation
|
Current dependencies on/for this PR:
This comment was auto-generated by Graphite. |
boneskull
changed the title
packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json
Show resolved
Hide resolved
| }, | ||
| "dependencies": { | ||
| "keccak": "^3.0.0" | ||
| "keccak": "3.0.0" |
| @@ -29,9 +30,6 @@ | |||
| "devDependencies": { | |||
| "serve": "^14.2.0" | |||
| }, | |||
| "resolutions": { | |||
| "serve/boxen/type-fest": "^2.13.0" | |||
| }, | |||
There was a problem hiding this comment.
@kumavis Do you have any memory of the reason behind type-fest being resolved to 2.13 in perf and to 0.21 pretty much everywhere else?
There was a problem hiding this comment.
unless something is using tsc to build or check types when running things in perf, I'm unsure how this could be a problem. type-fest contains no code and does nothing
|
@lavamoat/yarn-plugin-allow-scripts is a helper for getting allow-scripts to run under yarn3. It should not be affected by this. |
@naugtur Why is it a private package? How is it consumed? |
|
Yarn copies it over from a GitHub url because the plugin is supposed to be installed before any packages can get installed 🙈 |
how does this even make sense |
I guess that's why npm doesn't have plugins. But it does make sense in the context of what the plugins are for - it means they need to be installed before any package management happens, so they must be a single-file fetchable from URL/ |
There was a problem hiding this comment.
Now that these are merged I see what I missed before - reviewing each changeset separately I assumed one of the other ones would contain an update to the RELEASE.md file with the updated process description step-by-step so that everyone knows how to proceed with releasing.
boneskull
force-pushed
the
boneskull/npm
branch
from
71cafd5
to
598b40d
Compare
|
@naugtur |
boneskull
force-pushed
the
boneskull/npm
branch
from
9b9495d
to
62065a6
Compare
There was a problem hiding this comment.
Thumbsup on the release description. Approving the pr.
(could) I'd prefer to keep the dependency picture (mermaid graph) somewhere and this file seems like a good place for it.
(later) A checklist for the person doing the release (what to look for in the PR etc) should go into this file too.
Used [synp](https://npm.im/synp) to convert from `yarn.lock` to `package-lock.json`. All resulting `package-lock.json` files are v1 _except_ the root which is v2.
This removes all yarn config, caches, and lockfiles, and changes all scripts to use `npm run` instead of yarn`. It means `lerna bootstrap` is no longer needed, and `lerna` is not needed (but can still be used) to run scripts across workspaces. There should only be _one_ lockfile: the root `package-lock.json`. Note that this change impacts what would be done in #625. Test fixtures, when installed, should no longer create lockfiles. A note on "resolutions": these become `overrides` and everything can be done in the monorepo root. This changeset does not modify CI.
- fix `test:prep` execution - using `npm`, node/test/projects/1/node_modules will be symlinked and not under vcs - pin keccak version - cleanup `allow-scripts` tests (a bit of DRY, fix misuse of `path.join`, make fs cleanup more consistent) - fix a problem in the `allow-scripts` tests where _not enough_ cleanup was happening
This is an experimental change. It modifies the Lerna configuration to publish independent packages (without `nx`) using conventional commits. This will create/update CHANGELOGs and create GitHub Releases for each workspace upon publish. This is what [Appium](https://github.com/appium/appium) does, and I believe the goals for our release process are nearly identical. Please look at the releases/tags in that repo for what you get. To publish, run `npm run publish`.
This encodes the proper `lerna publish` flags within `lerna.json`. `release-please` will handle creating the GitHub release and updating the changelog, and we just want Lerna to publish what we have. These flags are essentially the same thing we have currently, sans the `--yes` flag.
- adds a pre-commit hook that runs `eslint --fix` on any JS file on the stage - adds a commit message check that verifies the commit message is in conventional commits format - adds `husky install` to workspace root `postinstall` script, to be run via `allow-scripts` - adds a `prepare` lifecycle script which runs the `rebuild` script - remove `preversion` script
This disables the `separate-pull-requests` flag, as enabling it adds too much opportunity for human error to befoul the process. It also enables the `node-workspace` plugin: > The node-workspace plugin builds a graph of local node packages configured in release-please-config.json and the dependency relationships between them. It looks at what packages were updated by release-please and updates their reference in other packages' dependencies lists. Even when a particular package was not updated by release-please, if a dependency did have an update, it will be patch bump the package, create a changelog entry, and add it to the list of PR changes. Under the hood, this plugin adapts specific dependency graph building and updating functionality from the popular lerna tool. Finally, the `prepare` script is removed and a `prepublishOnly` script then rebuilds any artifacts and runs a full test suite before the final publish is green-lit.
Use cross-env for cross-platform compat. This does not mean other scripts work across platforms, but we should move in that direction.
boneskull
force-pushed
the
boneskull/npm
branch
from
6d08610
to
f69b08b
Compare
|
I've restored the table in |
This removes yarn in lieu of npm.
I'm unsure if this affects
@lavamoat/yarn-plugin-allow-scriptsor not.Two further PRs will build on this. It is part of the "new release process" effort.