App: Node 16.x reaching end-of-life support

[paulespinosa]

Overview

Node 16.x is reaching End-Of-Life support on 2023-09-11.

https://github.com/nodejs/release#release-schedule
https://nodejs.org/en/blog/announcements/nodejs16-eol

Action Items

• Update the app, packages, tools to the next version of Node (18.x for LTS or 20.x for current)
• Update documentation
• Update GitHub Actions

[Joshua-Douglas]

Overview

Upgrade the project to use discontinue the use of Node.js v16.x since this version of Node has reached end-of-life support.

Research

What is node.js?

A backend Javascript runtime environment that allows developers to use Javascript in both client-side and server-side code. Allows multiple connections to be handled at the same time using event loops.

What is the current Long Term Support (LTS) version?

Current LTS Version: 18.18.0

Should we use the most recent version of Node.js or the LTS version?

PROS LTS v18.x: Stable, recommended for production environments. Stable WebStreams API (though we probably will not be streaming anything in unless we have chat in the future)
CONS LTS: Experimental native test runner, if that is a feature we really need
PROS v20.x: Stable native test runner (no need to install third-party module to test), whereas in v18.x it is experimental
CONST v20.x: As with any latest, it is less stable than LTS and can have few bugs. Experimental features that may seem useful such as compiling single executable application (SEA) only work with older CommonJS projects. Node.js website also recommends using v18.x first

What does is mean when Node.js reaches end-of-life support?

We will not get security updates, bug fixes, and updates to OS changes. If a security risk occurs, we would have to fix it ourselves because we do not have security support anymore.

What does 'npm run build' do?

It creates an optimized production build in a build directory aka more efficient, self-contained files for browsers to use.

I also wanted to point out that we define the behavior within the package.json. So we configured npm run build to execute the command tsc && vite build, which runs the typescript compiler and then vite.

How do we specify the Node.js version for our app Docker image?

I tried running the Dockerfile and it says "alpine:3, 3.18, 3.18.3, latest". Not sure if that is what you were asking about, but I read through the link about what alpine means

The docker image we are using already specifies the LTS version of node! This means that our docker container has already been building the frontend app using node 18.18. The best way to see this is by reading the image dockerfile but I also verified it by running our docker build and logging the node version. This means that our upgrade here should go smoothly!

How do you enforce a minimum version of node.js?

It seems as though there is an "engines" section in npm. Here you can specify the minimum version of node. Seems as though if you want to enforce it even more, there is a way to do so using semver aka semantic versioning, where you can enforce/communicate version releases. This medium article shows a simple way of doing so. For those who have multiple versions of node on their local machine, they can also use node version manager or nvm.

I love this idea! It would be great to see.

How could upgrading Node.js break our project?

Our version of node may have functions and features that are now deprecated in newer versions. Import names may have changed as well.

If upgrading breaks our project, how should we address those breaks?

It seems as though we will not know what breaks until we try upgrading it locally, and then tackling it from there. Depending on which one we decide (current LTS v18.x or current v20.x), we will have different breaks.

How do you install a new version of node.js?

1. Confirm first what version of node we are using just in case.
2. Use NPM (node package manager) and install the version of node we will like to use
3. Confirm what node you are using by running node -v

How do you upgrade the version of a dependency listed in package.json?

You can use npm update <package-name> to update to latest version. If we want to update to a specific version (not the latest), then we can run npm i <specific-version> for example we can run npm i node@18.17.1.

What is a GitHub workflow?

It is an automated process in GitHub Actions where events will trigger jobs, which will then execute one or more steps. Each of these steps would run an action. GitHub's actions would need to be updated with the correct node version or else it will break due to incompatibility of dependency changes. Features may work on our local but not on GitHub if we do not update.

The workflow script are stored within the repo .github folder. The build-app step of the build-deploy-ec2.yml workflow currently specifies node 16. We should update this to use the LTS version of node. The run-tests.yml workflow uses the older version of node too.

General Solution Plan

Our plan is to upgrade to the stable LTS version of node, v18.18.X. Node is an indirect dependency no changes need to be made for the local build settings, but we do need to update the workflow configurations. Sometimes node upgrades may break the build, but that is likely won't happen during this upgrade here since our app dockerfile already uses the LTS version of node.

1. Build app locally
2. Run existing test cases and manually test a handful of features to ensure the frontend app is working as expected before the upgrade
3. Uninstall Node 16.X
4. Install the LTS version of node
5. Delete all build files from the previous app build
6. Re-build the frontend app. If there are build errors or warnings, you may need to update packages within package.json. Fix any build errors and warnings as encountered.
7. Run existing test cases and manually test a handful of features to ensure the frontend app is working as expected after the upgrade
8. Update the build-deploy-ec2.yml and run-test.yml workflows to use the LTS version of node
9. Check build and test run logs to make sure the build and tests completed successfully
10. (Optional) Enforce the minimum node version to ensure that the app is not deployed using a version of node without LTS
11. If we do enforce a minimum version, then update the README to update the minimum supported version.

Implementation Questions

How do you update a workflow script to use the latest version of node?

Instead of specifying the exact version of node we can specify the LTS version. Since the version is not pinned this does risk future builds breaking during a node upgrade, but this shouldn't be a problem because 1) the current script already does not use an exact pinned version and 2) our plan is to always support the LTS version of node so the fix would be high priority.

See the with block for the modified node version syntax.

path: api/dist
retention-days: 7
build-app:
  runs-on: ubuntu-latest
  needs: run-tests
  defaults:
    run:
      shell: bash
      working-directory: ./app
  steps:
    - uses: actions/checkout@v3
    - name: Use Node.js LTS
      uses: actions/setup-node@v3
      with:
        node-version: "lts/*"
        cache: 'npm'
        cache-dependency-path: app/package-lock.json

[Joshua-Douglas]

Hey @mira-kine,

An initial project plan is ready for this issue. Please submit your answers and reassign me once it is ready for review. Each response can be as brief as a few words / sentences. I just want to make sure we are on the page!

My comments are included as

quoted text

Please don't remove those section. I'll remove them as I review your responses.

[Joshua-Douglas]

Great PP @mira-kine! I added my minor comments

as quotes

and added a general solution plan along with a snippet showing how to update the workflows. You should be good to open a branch now, unless I've left anything our or if you have any questions.

Our app docker container already uses v18.18.0 so I don't think there will be any issues building the project once you upgrade! The best way to be sure of this, though, is to run the test cases and do some manual testing.

[Joshua-Douglas]

Hey @mira-kine,

So sorry I forgot to save my last edits 🤦. The PP is updated and I think you are good to open a branch! If you need any help with anything just let me know!

[mira-kine]

Hi @Joshua-Douglas, I am finally back and active. The LTS version of node is now 20.x (as of October 18), with its active support ending in 11 months and security support ending in 2 years according to this schedule. I will update to 20.x instead, with the same solution plan. Thank you!