From 90bc19768edbde6ae8f1a759d7c4e7a0764b15c5 Mon Sep 17 00:00:00 2001
From: Eli Polonsky <epolon@amazon.com>
Date: Thu, 17 Mar 2022 15:23:03 +0200
Subject: [PATCH] chore: regenerate attributions on automatic dependency
 upgrades (#19439)

Even since https://github.com/aws/aws-cdk/pull/18667, our build process validates that the `THIRD_PARTY_LICENSES` file of the CLI package is up to date. That is, the version of it committed to source code matches the one being auto generated.

This behavior breaks our automatic dependency upgrades whenever it includes an upgrade to one of the CLI's dependencies. This is because the autogenerated file will (for sure) have different dependency versions, and possibly also include new transitive dependencies.

This manifests an error like so:

```console
aws-cdk: In package package.json
aws-cdk: - [bundle/outdated-attributions] THIRD_PARTY_LICENSES is outdated (fixable)
aws-cdk: Error: Some package.json files had errors
```

To fix this, we currently need to manually regenerate the `THIRD_PARTY_LICENSES` file by running `yarn pkglint` on the CLI package.

> For example: https://github.com/aws/aws-cdk/pull/19211/commits/5ca8ebf8903e0fa2d389342ec10a64fe881b8df5

This PR adds a regeneration step to the upgrade workflow so that the PR also includes the up to date document.
Note that if this doesn't mean attribution validation will always pass. If any dependencies changed licenses to one that isn't allowlisted, the validation will still fail.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .github/workflows/yarn-upgrade.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml
index 2d599e0e0f24c..5c72ff4e4abf4 100644
--- a/.github/workflows/yarn-upgrade.yml
+++ b/.github/workflows/yarn-upgrade.yml
@@ -33,9 +33,13 @@ jobs:
           key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
           restore-keys: |-
             ${{ runner.os }}-yarn-
+      - name: Yarn Install
+        run: yarn install --frozen-lockfile
       - name: Install Tools
         run: |-
           npm -g install lerna npm-check-updates@^9.0.0
+      - name: Build CLI
+        run: cd packages/aws-cdk && ../../scripts/buildup
       - name: List Mono-Repo Packages
         id: list-packages
         # These need to be ignored from the `ncu` runs!
@@ -59,12 +63,16 @@ jobs:
           lerna exec --parallel ncu -- --upgrade --filter=@types/node,@types/fs-extra --target=minor
           lerna exec --parallel ncu -- --upgrade --filter=typescript --target=patch
           lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/fs-extra,constructs,typescript,aws-sdk,aws-sdk-mock,${{ steps.list-packages.outputs.list }}'  --target=minor
+          
       # This will ensure the current lockfile is up-to-date with the dependency specifications (necessary for "yarn update" to run)
       - name: Run "yarn install"
         run: yarn install
 
       - name: Run "yarn upgrade"
         run: yarn upgrade
+        
+      - name: Regenerate CLI attributions
+        run: cd packages/aws-cdk && yarn pkglint
 
       # Next, create and upload the changes as a patch file. This will later be downloaded to create a pull request
       # Creating a pull request requires write permissions and it's best to keep write privileges isolated.