Remove dep on bolt and fix 2fa stuff (#106)

* Remove usages of bolt

* Fix the cli asking for an otp multiple times incorrectly

.changeset/lemon-humans-rhyme/changes.json

@@ -0,0 +1,4 @@
+{
+  "releases": [{ "name": "@changesets/cli", "type": "patch" }],
+  "dependents": []
+}

.changeset/lemon-humans-rhyme/changes.md

@@ -0,0 +1 @@
+Inline last usages of bolt

.changeset/silly-feet-tell/changes.json

@@ -0,0 +1,4 @@
+{
+  "releases": [{ "name": "@changesets/cli", "type": "minor" }],
+  "dependents": []
+}

.changeset/silly-feet-tell/changes.md

@@ -0,0 +1,4 @@
+Improve 2FA support for publishing:
+
+- Prompt for an OTP code when required
+- Add `--otp` option to release command

.changeset/tall-shrimps-study/changes.json

@@ -0,0 +1,4 @@
+{
+  "releases": [{ "name": "get-workspaces", "type": "patch" }],
+  "dependents": []
+}

.changeset/tall-shrimps-study/changes.md

@@ -0,0 +1 @@
+Add private property to PackageJSON type

package.json

@@ -40,7 +40,6 @@
     "@types/uuid": "^3.4.4",
     "@typescript-eslint/eslint-plugin": "^1.9.0",
     "@typescript-eslint/parser": "^1.9.0",
-    "bolt": "^0.22.1",
     "boxen": "^1.3.0",
     "chalk": "^2.1.0",
     "cli-table": "^0.3.1",
@@ -64,27 +63,30 @@
     "human-id": "^1.0.2",
     "inquirer": "^3.3.0",
     "inquirer-checkbox-plus-prompt": "^1.0.1",
+    "is-ci": "^2.0.0",
     "jest": "^24.7.1",
     "jest-fixtures": "^0.5.0",
     "jest-junit": "^6.4.0",
     "lodash.startcase": "^4.4.0",
     "meow": "^5.0.0",
     "node-fetch": "^2.5.0",
     "outdent": "^0.5.0",
+    "p-limit": "^2.2.0",
     "pkg-dir": "^4.1.0",
     "preconstruct": "^0.0.79",
     "prettier": "^1.14.3",
     "projector-spawn": "^1.0.1",
     "semver": "^5.4.1",
+    "spawndamnit": "^2.0.0",
+    "strip-ansi": "^5.2.0",
+    "term-size": "^2.1.0",
     "tty-table": "^2.7.0",
     "typescript": "^3.4.5",
-    "uuid": "^3.3.2",
-    "strip-ansi": "^5.2.0",
-    "term-size": "^2.1.0"
+    "uuid": "^3.3.2"
   },
   "preconstruct": {
     "packages": [
       "packages/*"
     ]
   }
-}
+}

packages/cli/README.md

@@ -152,14 +152,14 @@ This command will read then delete changesets on disk, ensuring that they are on
 ### release
 
 ```
-changeset release [--public]
+changeset release [--public] [--otp={token}]
 ```
 
 Publishes to NPM repo, and creates tags. Because this command assumes that last commit is the release commit you should not commit any changes between calling `version` and `publish`. These commands are separate to enable you to check if release commit is acurate.
 
 `--public` - enables the `--access-public` flag when publishing. This is required if trying to publish public scoped packages.
 
-> **IF YOU HAVE 2FA TURNED ON FOR NPM** you need to provide your auth token. Currently the way to do this is to run `NPM_CONFIG_OTP=123456 yarn changeset release`.
+`--otp={token}` - allows you to provide an npm one-time password if you have auth and writes enabled on npm. The CLI also prompts for the OTP if it's not provided with the `--otp` option.
 
 **NOTE:** You will still need to push your changes back to master after this
 

packages/cli/package.json

@@ -19,7 +19,6 @@
     "@babel/runtime": "^7.4.4",
     "@types/semver": "^6.0.0",
     "@types/uuid": "^3.4.4",
-    "bolt": "^0.22.1",
     "boxen": "^1.3.0",
     "chalk": "^2.1.0",
     "cli-table": "^0.3.1",
@@ -30,13 +29,16 @@
     "get-workspaces": "^0.3.1",
     "globby": "^9.2.0",
     "human-id": "^1.0.2",
+    "is-ci": "^2.0.0",
     "lodash.startcase": "^4.4.0",
     "meow": "^5.0.0",
     "outdent": "^0.5.0",
+    "p-limit": "^2.2.0",
     "pkg-dir": "^4.1.0",
     "prettier": "^1.14.3",
     "projector-spawn": "^1.0.1",
     "semver": "^5.4.1",
+    "spawndamnit": "^2.0.0",
     "term-size": "^2.1.0",
     "tty-table": "^2.7.0",
     "uuid": "^3.3.2"
@@ -45,4 +47,4 @@
     "jest-fixtures": "^0.5.0",
     "strip-ansi": "^5.2.0"
   }
-}
+}

packages/cli/src/commands/bump/index.js

@@ -1,9 +1,9 @@
 import path from "path";
 import fs from "fs-extra";
 import detectIndent from "detect-indent";
+import chalk from "chalk";
 import semver from "semver";
 
-import * as boltMessages from "bolt/dist/modern/utils/messages";
 import * as bolt from "../../utils/bolt-replacements";
 
 import logger from "../../utils/logger";
@@ -23,6 +23,10 @@ import {
 import versionRangeToRangeType from "../../utils/bolt-replacements/versionRangeToRangeType";
 import { defaultConfig } from "../../utils/constants";
 
+const importantSeparator = chalk.red(
+  "===============================IMPORTANT!==============================="
+);
+
 export default async function version(opts) {
   let userConfig = await resolveConfig(opts.cwd);
 
@@ -103,7 +107,9 @@ async function bumpReleasedPackages(releaseObj, allPackages, config) {
 
   if (externalDeps.length !== 0) {
     logger.warn(
-      boltMessages.externalDepsPassedToUpdatePackageVersions(externalDeps)
+      `Attempted to pass external dependencies to updatePackageVersions:\n${externalDeps.join(
+        ", "
+      )}`
     );
   }
 
@@ -130,13 +136,19 @@ async function bumpReleasedPackages(releaseObj, allPackages, config) {
       // This check determines whether the package will be released. If the
       // package will not be released, we throw.
       if (!inUpdatedPackages && willLeaveSemverRange) {
+        // TODO: this error message was copied directly from bolt
+        // it seems wrong, shouldn't this case be covered by dependents stuff
+        // and this should be something like "this should never happen, please open an issue because there's probably a bug in changesets"
         throw new Error(
-          boltMessages.invalidBoltWorkspacesFromUpdate(
-            pkg.name,
-            depName,
-            depRange,
+          `${importantSeparator}
+  ${
+    pkg.name
+  } has a dependency on ${depName} at ${depRange}, however the new version of ${
+            // TODO: look into this, accessing internalDeps[depName] seems wrong
             internalDeps[depName]
-          )
+          } leaves this range.
+  You will need to make a new changeset that includes an update to ${pkg.name}
+${importantSeparator}`
         );
       }
 

packages/cli/src/commands/release/__tests__/releaseCommand.test.js → packages/cli/src/commands/release/__tests__/releaseCommand.test.ts

@@ -1,21 +1,23 @@
 import { copyFixtureIntoTempDir } from "jest-fixtures";
 
-import { publishPackages } from "../../../utils/bolt-replacements";
+import publishPackages from "../publishPackages";
 import * as git from "../../../utils/git";
 import runRelease from "..";
 
 jest.mock("../../../utils/cli");
 jest.mock("../../../utils/git");
 jest.mock("../../../utils/logger");
-jest.mock("../../../utils/bolt-replacements");
+jest.mock("../publishPackages");
 
+// @ts-ignore
 git.tag.mockImplementation(() => Promise.resolve(true));
 // we want to keep other bolt commands still running so our tests are more e2e
 // NOTE: This is pretty terrible. Quite obviously bolt is not going to return these results
 // each time, but there is only one test that uses the output of this function ('should add git tags')
 // and we know this will be heavily refactored once its moved into the bolt org anyway. So we are happy
 // to keep this debt in for now. LB takes full responsibility for this if it becomes flakey.
 
+// @ts-ignore
 publishPackages.mockImplementation(() =>
   Promise.resolve([
     { name: "pkg-a", newVersion: "1.1.0", published: true },
@@ -24,7 +26,7 @@ publishPackages.mockImplementation(() =>
 );
 
 describe("running release", () => {
-  let cwd;
+  let cwd: string;
 
   beforeEach(async () => {
     cwd = await copyFixtureIntoTempDir(__dirname, "simple-project");

packages/cli/src/commands/release/index.js → packages/cli/src/commands/release/index.ts

@@ -1,16 +1,16 @@
-import * as bolt from "../../utils/bolt-replacements";
+import publishPackages from "./publishPackages";
 import logger from "../../utils/logger";
 import * as git from "../../utils/git";
 import resolveUserConfig from "../../utils/resolveConfig";
 import { defaultConfig } from "../../utils/constants";
+import { ExitError } from "../../utils/errors";
 
-function logReleases(status, pkgs) {
+function logReleases(pkgs: Array<{ name: string; newVersion: string }>) {
   const mappedPkgs = pkgs.map(p => `${p.name}@${p.newVersion}`).join("\n");
-  logger.success(`Packages ${status} published:`);
   logger.log(mappedPkgs);
 }
 
-export default async function run(opts) {
+export default async function run(opts: { cwd: string; otp?: string }) {
   const userConfig = await resolveUserConfig(opts.cwd);
   const userPublishOptions =
     userConfig && userConfig.publishOptions ? userConfig.publishOptions : {};
@@ -21,19 +21,19 @@ export default async function run(opts) {
     ...opts
   };
 
-  const publishOpts = {};
-  publishOpts.cwd = config.cwd || process.cwd();
-  // if not public, we wont pass the access, and it works as normal
-  if (config.public) publishOpts.access = "public";
-  // Note: we use publishPackages, not publish here as publishPackages returns a list of published
-  // and unpublished packages, publish does not (as of bolt 0.21.0)
-  const response = await bolt.publishPackages(publishOpts);
+  const response = await publishPackages({
+    cwd: config.cwd || process.cwd(),
+    // if not public, we wont pass the access, and it works as normal
+    access: config.public ? "public" : undefined,
+    otp: opts.otp
+  });
 
   const successful = response.filter(p => p.published);
   const unsuccessful = response.filter(p => !p.published);
 
   if (successful.length > 0) {
-    logReleases("successfully", successful);
+    logger.success("packages published successfully:");
+    logReleases(successful);
     // We create the tags after the push above so that we know that HEAD wont change and that pushing
     // wont suffer from a race condition if another merge happens in the mean time (pushing tags wont
     // fail if we are behind master).
@@ -46,7 +46,9 @@ export default async function run(opts) {
   }
 
   if (unsuccessful.length > 0) {
-    logReleases("failed to", unsuccessful);
-    throw new Error(`Some releases failed: ${JSON.stringify(response)}`);
+    logger.error("packages failed to publish:");
+
+    logReleases(unsuccessful);
+    throw new ExitError(1);
   }
 }