Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Yarn Berry: Use appropriate mode for yarn version and repo state #6017

Merged
merged 12 commits into from
Nov 2, 2022
Merged

Yarn Berry: Use appropriate mode for yarn version and repo state #6017

merged 12 commits into from
Nov 2, 2022

Conversation

pavera
Copy link
Contributor

@pavera pavera commented Nov 2, 2022
edited

Context

With Yarn Berry there are various modes which can be enabled to get different resulting artifacts. This PR attempts to normalize our usage of these modes to get the correct behavior across a range of yarn versions and potential repo states.

Approach

I've pulled some copy/paste code up into helpers.rb and implemented the logic below

if yarn >= 2 && yarn < 3
  args = ""
  yarn config set enableScripts false
if yarn >= 3 and zero-install
  args = "--mode=skip-build"
if yarn >= 3 and !zero-install
  args = "--mode=update-lockfile"
  yarn config set enableScripts false

This should result in using the much speedier update-lockfile mode if the repository is not setup for zero-install, but will use the correct skip-build mode if the repo is setup for zero install to preserve file permissions while still preventing third party code execution during updates.

@pavera
Initial change to mode vs enableScripts
adf39dc 
enableScripts false results in changes to permissions on resulting files. mode=skip-build should achieve the same result (no scripts run) without changing file permissions
@pavera
Merge branch 'main' into pavera/yarn-berry-mode
f9162d9
@pavera
Use correct --mode for yarn version and repo state
9b97dec
@pavera pavera requested a review from a team as a code owner November 2, 2022 00:31
jeffwidman
jeffwidman approved these changes Nov 2, 2022
View reviewed changes
Copy link
Member

@jeffwidman jeffwidman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine to me but I'm not very familiar with the underlying yarn logic so you may want a second review from someone else

npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb Outdated Show resolved Hide resolved
jurre
jurre reviewed Nov 2, 2022
View reviewed changes
npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb
yarn_major_version >= 2
end

def self.yarn_major_version
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we memoize this? It's not hugely expensive, but we are shelling out and the value would never change I think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to fix this as it is the cause of the updater CI failure. I think we have to determine the version based on a lockfile as we were previously.

@jurre
Copy link
Member

jurre commented Nov 2, 2022

Are there any tests we can/should add to cover the bug we're trying to fix here? Overall the changes look great to me, I did spot a few CI failures, rerunning those to make sure they're not flakes

@pavera
Copy link
Contributor Author

pavera commented Nov 2, 2022
edited

Are there any tests we can/should add

Yes, I think we should make sure we have both zero-install and non zero-install fixtures and confirm the non zero-install does not end up with a .pnp.cjs file after update, and probably confirm permissions of .pnp.cjs on the zero-install case.

I'll be looking at the CI failures today.

@pavera pavera mentioned this pull request Nov 2, 2022
Closed
1 task
jeffwidman
jeffwidman reviewed Nov 2, 2022
View reviewed changes
Copy link
Member

@jeffwidman jeffwidman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to doublecheck, the .pnp.cjs and install-state.gz files are required to be checked in for the test spec to work? Or should they be .gitignore'd? Because they're 4+ KB...

@pavera pavera merged commit da8c81f into main Nov 2, 2022
@pavera pavera deleted the pavera/yarn-berry-mode branch November 2, 2022 17:24
@pavera
Copy link
Contributor Author

pavera commented Nov 2, 2022

.pnp.cjs is the "zero install" configuration file, so yes it needs to be committed to a zero install repo. I'm not sure what the install-state.gz tracks exactly, but generally the .yarn directory needs to be committed to a zero install repo as well.

@pavera pavera mentioned this pull request Nov 2, 2022
Closed
@merceyz
Copy link

merceyz commented Nov 2, 2022

I'm not sure what the install-state.gz tracks exactly, but generally the .yarn directory needs to be committed to a zero install repo as well.

To quote the documentation:

.yarn/install-state.gz is an optimization file that you shouldn't ever have to commit. It simply stores the exact state of your project so that the next commands can boot without having to resolve your workspaces all over again.
https://yarnpkg.com/getting-started/qa/#which-files-should-be-gitignored

@gabormagyar
Copy link

And to add to what @merceyz said, here's exactly what needs to be gitignored both when using zero installs and when not:

https://yarnpkg.com/getting-started/qa/#which-files-should-be-gitignored

@pavera pavera mentioned this pull request Nov 3, 2022
Closed
1 task
@wozzo
Copy link

wozzo commented Nov 4, 2022

@pavera Hi there, firstly this is all great work, and we're loving being able to use dependabot now that yarn 2+ is supported.
We are having an issue with the cache not being updated at the moment, and I'm pretty sure it's because we have the nodeLinker setting set to node-modules instead of pnp. The cache can still be committed which reduces the work during an install, but we still need to run the yarn install command to set up the node_modules folder.
We've found fewer problems with this than the pnp approach.

So tldr, I think the pseudo code above should be

if yarn >= 2 && yarn < 3
  args = ""
  yarn config set enableScripts false
if yarn >= 3 and has-yarn-cache
  args = "--mode=skip-build"
if yarn >= 3 and !has-yarn-cache
  args = "--mode=update-lockfile"
  yarn config set enableScripts false

I'm not sure whether the has-yarn-cache value is best obtained from analysing the .gitignore, or just seeing if there is a .yarn/cache directory in the project?
The .pnp.cjs file may or may not exist, but should be updated if it is.

@wozzo wozzo mentioned this pull request Nov 8, 2022
Closed
1 task
@pavera pavera mentioned this pull request Nov 30, 2022
Merged
thavaahariharangit pushed a commit that referenced this pull request May 14, 2024
#6017: Address RSpec/ContextWording Rubocop violations.
cbc559d
thavaahariharangit pushed a commit that referenced this pull request May 14, 2024
#6017: Address RSpec/ContextWording Rubocop violations.
039d6be
thavaahariharangit pushed a commit that referenced this pull request May 14, 2024
#6017: Address RSpec/ContextWording Rubocop violations.
796216d
thavaahariharangit pushed a commit that referenced this pull request May 15, 2024
#6017: ignoring stub rubygems compact index, in Shared_context.
0da9805
thavaahariharangit pushed a commit that referenced this pull request May 15, 2024
#6017: resolving conflicts.
7740d83
thavaahariharangit added a commit that referenced this pull request May 15, 2024
@thavaahariharangit
Merge branch 'main' into harry/#6017
e879523
thavaahariharangit pushed a commit that referenced this pull request May 15, 2024
#6017: Resolving the conflicts.
ef94c76
thavaahariharangit pushed a commit that referenced this pull request May 16, 2024
#6017: Address RSpec/ContextWording Rubocop violations.
206697f
thavaahariharangit pushed a commit that referenced this pull request May 16, 2024
#6017: Address RSpec/ContextWording Rubocop violations.
8749f6e
thavaahariharangit pushed a commit that referenced this pull request May 16, 2024
#6017: Rebasing the branch.
af76e2d
thavaahariharangit pushed a commit that referenced this pull request May 16, 2024
#6017: Fixing the test failures.
ec9c1e6
thavaahariharangit pushed a commit that referenced this pull request May 16, 2024
#6017: Fixing bundle error.
704d63a
thavaahariharangit added a commit that referenced this pull request May 16, 2024
@thavaahariharangit
#6017: Address RSpec/ContextWording Rubocop violations. (#9727)
0a333d2 
* #6017: Address RSpec/ContextWording Rubocop violations.

* #6017: Address RSpec/ContextWording Rubocop violations.

* #6017: Address RSpec/ContextWording Rubocop violations.

* #6017: ignoring stub rubygems compact index, in Shared_context.

* #6017: resolving conflicts.

* #6017: Resolving the conflicts.

* Address RSpec/ContextWording Rubocop violations.

* #6017: Address RSpec/ContextWording Rubocop violations.

* #6017: Address RSpec/ContextWording Rubocop violations.

* ignoring stub rubygems compact index, in Shared_context.

* resolving conflicts.

* Resolving the conflicts.

* #6017: Fixing the test failures.

* #6017: Fixing bundle error.

---------

Co-authored-by: “Thavachelvam <“thavaahariharangit@git.com”>
thavaahariharangit pushed a commit that referenced this pull request May 16, 2024
#6017: file_updter_spec context_worrding updates.
dbc8e6c
thavaahariharangit pushed a commit that referenced this pull request May 16, 2024
#6017: Fixing test failures under common
88b526c
jurre added a commit that referenced this pull request May 17, 2024
@jurre
Revert "#6017: Address RSpec/ContextWording Rubocop violations. (#9727)"
50fd575 
This reverts commit 0a333d2.
jurre added a commit that referenced this pull request May 17, 2024
@jurre
Merge pull request #9756 from dependabot/jurre/revert-rspec-context-w…
4be66a8 
…ording

Revert "#6017: Address RSpec/ContextWording Rubocop violations. (#9727)"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeffwidman jeffwidman jeffwidman approved these changes

@jurre jurre jurre approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@pavera @jurre @merceyz @gabormagyar @wozzo @jeffwidman