New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ENH: Update JS lockfile, add CI job to build JS package #2974
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2974 +/- ##
==========================================
- Coverage 55.35% 55.33% -0.02%
==========================================
Files 90 90
Lines 12881 12881
==========================================
- Hits 7130 7128 -2
- Misses 5751 5753 +2 see 1 file with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
8c813e3
to
1494da2
Compare
@SachinVarghese , as the original author of this JavaScript package (as far as I can tell), would you be happy to advise on how we can validate if this update will cause any issues? |
1494da2
to
830cac4
Compare
An option is to set the environment variable The best option would be to upgrade all the packages to the latest version instead, but then shap will have to be fully and manually tested... |
830cac4
to
7f88cdd
Compare
That's really helpful @remborg , thanks! With the OpenSSL legacy variable set, There are still a number of reported vulnerabilities when
Do you have any advice on how best to test the javascript package? If we can put together a good test, we could potentially put together a CI job which runs when anything in the |
I believe that the best way would be to build the project in the pipeline and see if webpack is throwing errors, but this won't tell if it's functionally working. I personally use Typescript to help catch incompatible packages early, but it's not a silver bullet. Tech debt will have to be paid eventually, so I suggest updating all the dependencies and bumping shap's to the next major version (so go to v1.0.0 if that's an option). Unfortunately someone who knows the library well will have to test it manually... |
I created an issue #3100 to define tests for the package, which is probably a pre-requisite for us evaluating dependency updates. |
8a2de81
to
8cd2453
Compare
@remborg I've added a CI job to build the JS package, which now passes. It checks that The |
Great job Connor. To test that the react component is rendering properly, you can create a snapshot of it (an HTML copy of the rendered component) https://jestjs.io/docs/snapshot-testing It is also possible to write visual regression tests using jest-image-snapshot (to compare what the component looks like. Comparing a stored picture with a new one after the new changes applied) but this has server dependencies that could be an issue (puppeteer, a headless browser, sometimes some graphic drivers too, etc.). |
That's helpful, thanks. I note there is already a file "scripts": {
"test": "jest",
} However, |
513f1b3
to
a814551
Compare
@thatlittleboy I feel ready to submit this PR for reviewing now. As per the description, I haven't updated the main For now, I think doing the minor version updates (which includes a fair few critical fixes) and building the package on CI is a good place to start. |
@connortann thanks for taking this up and thanks @remborg for the advice/directions given thus far! Really appreciate it. I'm not particularly adept at JS, much less so on JS packaging, so I don't feel comfortable doing the review for this PR. That said, given that the dependencies are very old and in need of updating, I'm think I'm in favour of merging in this PR and fixing any bugs that come along as a result (if any). |
@thatlittleboy I was talking offline to remborg who may be able to offer some more help with JS testing tomorrow, so let's hold on merging for a few days... |
@connortann I've create a Pull Request with my changes here: #3106 |
* Update JS lockfile * Enable legacy ssl provider * Update dependencies again * Add CI job to build js package * Speciy openssl env variable * Adding unit tests config * Resolving merge conflicts --------- Co-authored-by: Connor Tann <71127464+connortann@users.noreply.github.com> Co-authored-by: Remi Borgniet <remi.borgniet1@bp.com>
@remborg thanks for your PR, I approved and merged your changes into this branch. It looks like deleting // webpack.config.js line 26
module.exports = [
{
entry: {
bundle: "./index.jsx",
test_bundle: "./test.js"
}, Can you see value in keeping that file in the webpack bundle - could it perhaps be used to manually test the |
Sorry, I've missed this. We need the 'index.jsx' file to be part of the bundle. This file simply calls a JS function and append the output in the page. I have replicated that in the new 'tests/render.spec.jsx' file with the snapshot. |
Thanks @remborg , thanks for looking over this issue and giving your input. It was very helpful to have a sense-check from an experienced JS dev. @thatlittleboy as you suggest I will go ahead and merge. |
Supports #3100
Changes:
ERR_OSSL_EVP_UNSUPPORTED
error (see below).npm update
.npm run build
passesNb. This PR does not change the existing
bundle.js
, which is used by the main python package. I think we should park this until we have built some confidence in the javascript package, ideally updating the major versions of dependencies and having a test suite in place.We should give this PR a careful review: ideally it would be great to have a JS developer validate that nothing is broken, given that we do not have JS unit tests specified.