Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(manager/npm): use --config.ignore-scripts=true for pnpm dedupe #25210

Merged
merged 6 commits into from Oct 15, 2023
Merged

fix(manager/npm): use --config.ignore-scripts=true for pnpm dedupe #25210

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c658dc2
fix(manager/npm): handle version strings and re-apply `pnpmDedupe` ig…
liby Oct 14, 2023
1d6075e
style: fix code style issues
liby Oct 14, 2023
67ac7a6
fix(manager/npm): use `--config.ignore-scripts=true` for `pnpm dedupe`
liby Oct 14, 2023
26ba5a0
style: fix code style issues
liby Oct 14, 2023
978080f
doc: update _configuration-options.md_
liby Oct 14, 2023
a153a02
style: fix code style issues
liby Oct 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/usage/configuration-options.md
View file
Open in desktop
Expand Up @@ -2973,7 +2973,7 @@ Table with options:
| `gomodUpdateImportPaths` | Update source import paths on major module updates, using [mod](https://github.com/marwan-at-work/mod). |
| `helmUpdateSubChartArchives` | Update subchart archives in the `/charts` folder. |
| `npmDedupe` | Run `npm dedupe` after `package-lock.json` updates. |
| `pnpmDedupe` | Run `pnpm dedupe` after `pnpm-lock.yaml` updates. |
| `pnpmDedupe` | Run `pnpm dedupe --ignore-scripts` after `pnpm-lock.yaml` updates. |
| `yarnDedupeFewer` | Run `yarn-deduplicate --strategy fewer` after `yarn.lock` updates. |
| `yarnDedupeHighest` | Run `yarn-deduplicate --strategy highest` (`yarn dedupe --strategy highest` for Yarn >=2.2.0) after `yarn.lock` updates. |

Expand Down
8 changes: 8 additions & 0 deletions lib/modules/manager/npm/post-update/__fixtures__/dedupe-ignore-scripts/package.json
View file
Open in desktop
@@ -0,0 +1,8 @@
{
"name": "dedupe-ignore-scripts",
"version": "1.0.0",
"engines": {
"pnpm": ">=8.8.0"
},
"engine-strict": true
}
26 changes: 25 additions & 1 deletion lib/modules/manager/npm/post-update/pnpm.spec.ts
View file
Open in desktop
Expand Up @@ -77,7 +77,7 @@ describe('modules/manager/npm/post-update/pnpm', () => {
{},
{ ...config, postUpdateOptions }
);
expect(fs.readLocalFile).toHaveBeenCalledTimes(1);
expect(fs.readLocalFile).toHaveBeenCalledTimes(2);
expect(res.lockFile).toBe('package-lock-contents');
expect(execSnapshots).toMatchObject([
{
Expand All @@ -89,6 +89,30 @@ describe('modules/manager/npm/post-update/pnpm', () => {
]);
});

it('performs dedupe --ignore-scripts for pnpm >= 8.8.0', async () => {
const execSnapshots = mockExecAll();
const fileContent = Fixtures.get('dedupe-ignore-scripts/package.json');
fs.readLocalFile
.mockResolvedValueOnce(fileContent)
.mockResolvedValue('package-lock-contents');
const postUpdateOptions = ['pnpmDedupe'];
const res = await pnpmHelper.generateLockFile(
'some-dir',
{},
{ ...config, postUpdateOptions }
);
expect(fs.readLocalFile).toHaveBeenCalledTimes(2);
expect(res.lockFile).toBe('package-lock-contents');
expect(execSnapshots).toMatchObject([
{
cmd: 'pnpm install --recursive --lockfile-only --ignore-scripts --ignore-pnpmfile',
},
{
cmd: 'pnpm dedupe --ignore-scripts',
},
]);
});

it('uses the new version if packageManager is updated', async () => {
const execSnapshots = mockExecAll();
fs.readLocalFile.mockResolvedValue('package-lock-contents');
Expand Down
15 changes: 13 additions & 2 deletions lib/modules/manager/npm/post-update/pnpm.ts
View file
Open in desktop
@@ -1,5 +1,6 @@
import is from '@sindresorhus/is';
import { load } from 'js-yaml';
import semver from 'semver';
import upath from 'upath';
import { GlobalConfig } from '../../../../config/global';
import { TEMPORARY_ERROR } from '../../../../constants/error-messages';
Expand Down Expand Up @@ -39,6 +40,7 @@ export async function generateLockFile(
let cmd = 'pnpm';
try {
const lazyPgkJson = lazyLoadPackageJson(lockFileDir);

const pnpmToolConstraint: ToolConstraint = {
toolName: 'pnpm',
constraint:
Expand Down Expand Up @@ -79,8 +81,17 @@ export async function generateLockFile(

// postUpdateOptions
if (config.postUpdateOptions?.includes('pnpmDedupe')) {
logger.debug('Performing pnpm dedupe');
commands.push('pnpm dedupe');
const pnpmVersionFromPackageJson = getPackageManagerVersion(
'pnpm',
await lazyPgkJson.getValue()
);
const cleanedVersion = semver.coerce(pnpmVersionFromPackageJson);

if (cleanedVersion && semver.gte(cleanedVersion, '8.8.0')) {
liby marked this conversation as resolved.
Show resolved Hide resolved
commands.push('pnpm dedupe --ignore-scripts');
} else {
commands.push('pnpm dedupe');
}
}

if (upgrades.find((upgrade) => upgrade.isLockFileMaintenance)) {
Expand Down