Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: regenerate attributions on automatic dependency upgrades #19439

Merged
merged 1 commit into from
Mar 17, 2022
Merged

chore: regenerate attributions on automatic dependency upgrades #19439

merged 1 commit into from
Mar 17, 2022

Conversation

iliapolo
Copy link
Contributor

Even since #18667, our build process validates that the THIRD_PARTY_LICENSES file of the CLI package is up to date. That is, the version of it committed to source code matches the one being auto generated.

This behavior breaks our automatic dependency upgrades whenever it includes an upgrade to one of the CLI's dependencies. This is because the autogenerated file will (for sure) have different dependency versions, and possibly also include new transitive dependencies.

This manifests an error like so:

aws-cdk: In package package.json
aws-cdk: - [bundle/outdated-attributions] THIRD_PARTY_LICENSES is outdated (fixable)
aws-cdk: Error: Some package.json files had errors

To fix this, we currently need to manually regenerate the THIRD_PARTY_LICENSES file by running yarn pkglint on the CLI package.

For example: 5ca8ebf

This PR adds a regeneration step to the upgrade workflow so that the PR also includes the up to date document.
Note that if this doesn't mean attribution validation will always pass. If any dependencies changed licenses to one that isn't allowlisted, the validation will still fail.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link

gitpod-io bot commented Mar 17, 2022

@iliapolo
Copy link
Contributor Author

Side Note

We can get rid of all this hackery by simply generating the attributions document at build time, and not have it in source control. I am still somewhat reluctant to do this for now because I feel there is value in having these source code diffs for later inspection in unexpected cases.

Interested to hear more opinions on this though.

@rix0rrr @RomainMuller

@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Mar 17, 2022
@iliapolo iliapolo requested a review from a team March 17, 2022 12:39
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Mar 17, 2022
@iliapolo
Copy link
Contributor Author

I validated this works on my fork. You can see an example PR here: https://github.com/iliapolo/aws-cdk/pull/1

iliapolo
iliapolo commented Mar 17, 2022
View reviewed changes
.github/workflows/yarn-upgrade.yml
- name: Install Tools
run: |-
npm -g install lerna npm-check-updates@^9.0.0
- name: Build CLI
run: cd packages/aws-cdk && ../../scripts/buildup
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to build the CLI in order to generate attributions (the bundler looks for the .js files)

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 6295a8d
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Mar 17, 2022

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 90bc197 into master Mar 17, 2022
@mergify mergify bot deleted the epolon/regen-attributions-on-upgrade branch March 17, 2022 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees

@rix0rrr rix0rrr

Labels
contribution/core This is a PR that came from AWS. package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iliapolo @aws-cdk-automation @rix0rrr