pnpm and changesets
#30
Conversation
Co-Authored-By: phoebe-lew <lew.huiying@gmail.com>
mistermoe
requested review from
michaelneale,
jiyoontbd,
phoebe-lew and
KendallWeihe
as code owners
|
|
Have used it for a while with dev site and it was fine there so +1 from me |
.changeset/hot-worms-kneel.md
Outdated
There was a problem hiding this comment.
are these files under .changeset/ supposed to have odd names?
There was a problem hiding this comment.
Okay I think I understand how this works...
- The bot can detect if an update is needed
- It can comment on the PR to remind the developer know to do their duty
- Also, somehow it can detect patch/minor/major??? Which I'd be very curious to understand how it is able to detect that
- Then you run
pnpm changeset- This automatically generates these funnily-named markdown files
- I think there's a parallel here to staging a commit using
git addprior to the actual commit
- Then you run
pnpm changeset version- This actually executes the version update
- Which, appends the changeset to the relevant CHANGELOG.md files
- Updates the version in the relevant package.json files
- And lastly, deletes the funnily-named changeset files
So the point is, these funnily-named files are ephemeral, and only exist in between the changeset (again, akin to "staging" a commit using git add) and changeset version (which executes the changeset update)
There was a problem hiding this comment.
Okay, and so I think the idea of the GitHub Action is...
- As developers open PRs, the changeset bot will comment reminding them to update the version
- So then they'll run
pnpm changeset - This will create a new funnily-named markdown file
- Then they will merge their PR (without running
changeset version-- meaning, all those funnily-named markdown files will be merged into main) - At which point, the GitHub Action will automatically open a new Pull Request
- This new PR will automatically run the
changeset versionsuch that the package.json files & the CHANGELOG.md files are updated - Then, let's say a second developer comes in with a new PR and merges it into main
- That PR which the GitHub Action previously opened (from step 5) will automatically re-run the
changeset versionto pull in the new changes - At some point in the future, the team is ready for a new release, at which point, they simply merge the open PR
There was a problem hiding this comment.
So to sum up, developers stage their changesets on each PR, and the GitHub Action automates the execution of the changeset & the resulting release
|
Nice, yeah this looks solid AF. The description is well thought-out too, so thank you for that 👍 I'm slightly sus that an automated changebot is something we'll want, but won't know for sure until we get further into the experience |
|
Re: changebot Agreed! Very interested to see how it plays out. Oh yeah, as an alternative to figuring out CI in this PR, we can just run Let's us tackle CI stuff in a separate PR. Down with either route! |
|
Manually executed Going ahead and merging this and will do the other two things in follow-up PR(s) |
| @@ -11,47 +11,58 @@ on: | |||
| # Allows you to run this workflow manually from the Actions tab | |||
| workflow_dispatch: | |||
|
|
|||
| env: | |||
| CI: true | |||
There was a problem hiding this comment.
What is CI: true doing here?
There was a problem hiding this comment.
Interesting, I see it here https://pnpm.io/using-changesets
I also see explicit execution of pnpm config set store-dir $PNPM_CACHE_FOLDER which we aren't doing in our jobs
Changes
Switched from
npm->pnpmNote
learn about
pnpmhere.Motivations behind the switch
better support for multi-package repos.
pnpmprevents phantom dependencies. A "phantom dependency" occurs when a project uses a package that is not defined in its package.json file.how do these occur? When installing dependencies with npm, all packages are hoisted to the root of the modules directory. As a result, source code has access to dependencies that are not added as dependencies to the project which means you can
importsomething that you haven't included as a dependency inpackage.jsonBy default, pnpm uses symlinks to add only the direct dependencies of the project into the root of the modules directory
Human readable lock files.
package-lock.jsonmerge conflicts feel like an impossible battle to win.pnpm-lock.yamlis far easier to read (at least imo)pnpmincludes a command (pnpm licenses list) that can be used to list all licenses used by all dependencies. this is especially helpful when building open source librariesthe above aren't even the primary motivations behind why other projects are switching. if you're interested in those you can read about them here
Introduced
changesetsNote
learn about
changesetshere.managing the versions of all 3 packages in this repo by hand was getting supa cumbersome and eagerly waiting for the opportunity to ruin someone's day.
Decided to give
changesetsa shot to handle version management for us! i've configuredchangesetsto do fixed versioning. This means that packages will be version-bumped and published together even when there are no changes done to some of the member packages.Given that:
http-serverdepends onhttp-clientandprotocolhttp-clientdepends onprotocolany changes to
protocolorhttp-clientwould end up version bumping all 3 packages anyway.I've also installed the
changesetsbot into this repo. It'll comment on PRs saying that either:Remaining TODOs
READMEexplaining how to usechangesetsmanually