New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FLINK-23113][runtime-web] Migrate to ESLint, add Stylint and address dependency vulnerabilities #16902
Conversation
Thanks a lot for your contribution to the Apache Flink project. I'm the @flinkbot. I help the community Automated ChecksLast check on commit af560fe (Fri Aug 20 02:38:43 UTC 2021) Warnings:
Mention the bot in a comment to re-run the automated checks. Review Progress
Please see the Pull Request Review Guide for a full explanation of the review process. The Bot is tracking the review progress through labels. Labels are applied according to the order of the review items. For consensus, approval by a Flink committer of PMC member is required Bot commandsThe @flinkbot bot supports the following commands:
|
af560fe
to
7df649c
Compare
Please note, this PR also covers "Address vulnerabilities in Flink UI" FLINK-23114. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @yangjunhan for the PR! It'll be a great improvement to Flink UI to have proper linting set up. I will take a closer look next week.
However, it would be good if we could split this into different commits, in particular actually applying all linting fixes should be its own commit. This would make the review easier, allow us to regenerate that commit upon conflicts and maybe even add it to .git-blame-ignore-revs
(during merging). Since you mentioned the vulnerability fixes here, anything not related to tslint/eslint itself should also be a separate commit as those changes are important and useful on their own.
Another note: this currently isn't checked in the CI, correct? We need to make sure that the CI actually verifies using eslint as well (again, as a separate commit).
@@ -0,0 +1,2 @@ | |||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | |||
export type SafeAny = any; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should immediately mark this as deprecated. SafeAny
is not safe at all, it's a hack that silences a correct warning/error. It would be better to use unknown
instead everywhere, however that is a separate change as it isn't a drop-in replacement.
.eslintcache | ||
|
||
# Yarn Integrity file | ||
.yarn-integrity |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't use yarn, do we (also below for .yarn
)?
7df649c
to
7591ced
Compare
Thank you for your advice @Airblader. Now I have split it into several individual commits and hopefully they make sense to you. Regarding the As for the CI, can you give me some guide about the shell file that should be modified? I could not find it under |
bf20750
to
b32af96
Compare
FYI, the CI currently fails because it doesn't know
In flink-runtime-web/pom.xml, first Once the build for this PR is passing we should intentionally introduce a commit that breaks the linter to verify that the CI is picking up on it. |
b8be621
to
233e2db
Compare
Hi, @Airblader. I finish enforcing the Lint during the CI build and doing several changes to make the CI to pass. There are a few things that are worthwhile to pay attention to:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your work on this! I think this is looking pretty good now overall. We need to wait until after 1.14 with this, I think; while it's an non-functional change, it does update things like dependencies.
severity: 'warning' | ||
} | ||
], | ||
'order/properties-order': [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general I don't want to focus on the individual settings in this PR, we can always improve those later if we feel any of them are not ideal. However, for this one I'm just curious how this list was created. It's pretty long and seems quite opinionated? Do we need/want to be this strict with the order of properties?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, this piece of info is taken from: https://github.com/hudochenkov/stylelint-config-hudochenkov/blob/master/order.js. The author of this config is actually a member of Stylelint team. There is a comment about this at line 22.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After thinking over it, it may not be a good idea to extract the source code from this config. Instead, I add it as a dev dependency and extend it in the .stylelintrc.js
file as the README suggests.
@@ -13,6 +13,11 @@ The Apache Software Foundation (http://www.apache.org/). | |||
@angular/platform-browser 12.1.3 : MIT License | |||
@angular/platform-browser-dynamic 12.1.3 : MIT License | |||
@angular/router 12.1.3 : MIT License | |||
@angular-eslint/builder 12.3.1 : MIT License |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of these are dev dependencies, right? Do we even need to add them to the NOTICE file? It seems at least any other dev dependency I looked at isn't mentioned here either. I'll see if I can find out whether this is necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, thanks. In fact, I am not quite sure about this either. I will remove them if they are unnecessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the final release doesn't contain these dependencies they should not need to be listed. I think we can remove this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problems 👌
233e2db
to
60fd053
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that the 1.14 release branch has been cut we can proceed here and get this merged. I think overall this looks fine now, however there is one crucial issue still with the npm scripts. Afterwards this should be good to merge!
"lint": "eslint --cache src --ext .ts,.html & stylelint \"**/*.less\"", | ||
"lint:fix": "eslint --fix --cache src --ext .ts,.html & stylelint \"**/*.less\" --fix", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're actually starting eslint as a background task and then stylelint. This will cause eslint to finish after the process has already exited, and cause a zero return code even if eslint found issues.
"lint": "eslint --cache src --ext .ts,.html & stylelint \"**/*.less\"", | |
"lint:fix": "eslint --fix --cache src --ext .ts,.html & stylelint \"**/*.less\" --fix", | |
"lint": "eslint --cache src --ext .ts,.html && stylelint \"**/*.less\"", | |
"lint:fix": "eslint --fix --cache src --ext .ts,.html && stylelint \"**/*.less\" --fix", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, this was a potential problem. Thanks for pointing it out.
60fd053
to
0157b9a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR looks good to me now. Thanks for working on it! I'll have to defer merging to @twalthr.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution @yangjunhan and the review @Airblader. As before, I don't have much knowledge about the WebUI and need to trust you guys that the changes are valid. It would be good to have a final green build (maybe after a rebase) and all conflicts resolved. Please ping me once this is done and I will merge asap.
@yangjunhan I've also noticed now that you are migrating the package-lock.json back from version 2 to 1. Can you please fix that commit to have it generated as version 2? This requires npm >= 7. |
0157b9a
to
bc16f1e
Compare
bc16f1e
to
6d6d751
Compare
@Airblader Yep, it was caused by my local node/npm versions, and I fixed it. Please have a look to see whether this PR is ready for merging. |
@twalthr I guess this PR is ready for merging now. |
I took the liberty to also do some quick testing in the user interface. The only thing I noticed was when I opened the
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that the 404 errors also occurred in previous version (Flink 1.13.2). LGTM
Thanks everyone. Merging... |
What is the purpose of the change
TSLint is no longer maintained, so runtime-web should be migrating to ESLint for Angular. In addition, stylelint should be added for .less stylesheets which is originally missing.
Brief change log
--fix
all.{less,html,ts}
file according to the new rules and prettier configVerifying this change
This change is a trivial rework / code cleanup without any test coverage.
Does this pull request potentially affect one of the following parts:
@Public(Evolving)
: noDocumentation