-
Notifications
You must be signed in to change notification settings - Fork 921
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yarn Berry: Use appropriate mode for yarn version and repo state #6017
Conversation
enableScripts false results in changes to permissions on resulting files. mode=skip-build should achieve the same result (no scripts run) without changing file permissions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine to me but I'm not very familiar with the underlying yarn logic so you may want a second review from someone else
yarn_major_version >= 2 | ||
end | ||
|
||
def self.yarn_major_version |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we memoize this? It's not hugely expensive, but we are shelling out and the value would never change I think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to fix this as it is the cause of the updater CI failure. I think we have to determine the version based on a lockfile as we were previously.
Are there any tests we can/should add to cover the bug we're trying to fix here? Overall the changes look great to me, I did spot a few CI failures, rerunning those to make sure they're not flakes |
Yes, I think we should make sure we have both zero-install and non zero-install fixtures and confirm the non zero-install does not end up with a .pnp.cjs file after update, and probably confirm permissions of .pnp.cjs on the zero-install case. I'll be looking at the CI failures today. |
08f3714
to
4d1761a
Compare
4d1761a
to
04db152
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to doublecheck, the .pnp.cjs
and install-state.gz
files are required to be checked in for the test spec to work? Or should they be .gitignore
'd? Because they're 4+ KB...
|
To quote the documentation:
|
And to add to what @merceyz said, here's exactly what needs to be gitignored both when using zero installs and when not: https://yarnpkg.com/getting-started/qa/#which-files-should-be-gitignored |
@pavera Hi there, firstly this is all great work, and we're loving being able to use dependabot now that yarn 2+ is supported. So tldr, I think the pseudo code above should be
I'm not sure whether the |
* #6017: Address RSpec/ContextWording Rubocop violations. * #6017: Address RSpec/ContextWording Rubocop violations. * #6017: Address RSpec/ContextWording Rubocop violations. * #6017: ignoring stub rubygems compact index, in Shared_context. * #6017: resolving conflicts. * #6017: Resolving the conflicts. * Address RSpec/ContextWording Rubocop violations. * #6017: Address RSpec/ContextWording Rubocop violations. * #6017: Address RSpec/ContextWording Rubocop violations. * ignoring stub rubygems compact index, in Shared_context. * resolving conflicts. * Resolving the conflicts. * #6017: Fixing the test failures. * #6017: Fixing bundle error. --------- Co-authored-by: “Thavachelvam <“thavaahariharangit@git.com”>
Context
With Yarn Berry there are various modes which can be enabled to get different resulting artifacts. This PR attempts to normalize our usage of these modes to get the correct behavior across a range of yarn versions and potential repo states.
Approach
I've pulled some copy/paste code up into
helpers.rb
and implemented the logic belowThis should result in using the much speedier update-lockfile mode if the repository is not setup for zero-install, but will use the correct skip-build mode if the repo is setup for zero install to preserve file permissions while still preventing third party code execution during updates.