Feature/build a package

[sam-github]

/to @rmg @bajtos

See TODO.txt for tracking of WIP (replaces the old gist https://gist.github.com/sam-github/8acbde690ef6b5554e91).

I think this does all the mandatory features, remaining work before release is:

• the git-related manipulations (will do in another PR)
• talk to @ritch and get his help testing the approach against a significant example repo, such as strongloop/loopback-example-full-stack (I had some difficulties with install and run, probably I'm doing it wrong).

[sam-github]

I added the 'onto' git command to this PR.

Remaining work is only the committing of build materials.

[bajtos]

Why vasync instead of the more common async? No need to change your code, I am just curious.

[sam-github]

I noticed it in the projects by the author of posix-getopt, and the "debuggable internal state" appealled to me. Its API is a bit more clunky, IMO, and I'm not using that particular feature, I confess, because this series is pretty trivial and so far has needed no debugging. However, when using async's queue during strong-mq development, I basically had to wrap every interaction with the queue in a debug layer to track state transitions, so became painfully aware of the difficulty in observing progress of async (or more to the point, lack of progress when things aren't working).

[bajtos]

// Build output won't get packed if it is .npmignored (a configuration
// error, don't .npmignore your build output) or if there is no .npmignore,
// if it is .gitignored (as they should be). So, create an empty .npmignore
// if there is a .gitignore but not a .npmignore so build products are
// packed.

I am worried this may not work well. .gitignore usually contains other local files that should be excluded from the npm package, e.g. .idea (WebStorm configuration), *.sublime*, *.log, code-coverage and style-check artifacts, etc.

I am not sure if there is a solution how to detect which .gitignore entries apply to npm and which don't. Perhaps use special comments to mark which lines to apply?

I am proposing to implement one of the following:

1. Keep the current code (create empty .npmignore). Print a warning informing the user that all files will be included in the archive, the user should check the archive created and write his/her own .npmignore file if he/she is not happy with the result.
2. Don't create any .npmignore file. Print a warning informing the user that build artefacts matched by .gitignore are not included in the archive, the user should check the archive created and write his/her own .npmignore file if he/she is not happy with the result.

[bajtos]

Other than the comments above, the patch LGTM so far.

[sam-github]

Re: touching of .npmignore.

Does npm read "all" the .gitignore configuration sources? Because personal tools such as editor files shouldn't be in a project's .gitignore, I wonder if npm deals with that at all.

Anyhow, I believe presence of a .gitignore without a .npmignore is almost always a problem, so I should warn about it.
I could warn, and then continue, or warn and create a .npmignore. I'm not sure which is better.

My thinking was: If you always build after doing a 'git clean -xd' (advisable), then you will never have anything in your working tree other than the output of the build, so touching .npmignore is the right thing.

I could go the other way, and not touch it, and just warn? Or just warn if there is a .gyp file, or an npm 'build' script? But I don't want to go too far down the path of magically trying to guess the developer's intention.

So, summary:

• I will add a warning about presence of a .gitignore without an .npmignore
• Should I remove the auto-creation of a .npmignore? @rmg, you want to weigh in?

[rmg]

I don't think .gitignore or .npmignore should be considered for this tool. Those files are for informing about source control and published package contents respectively, and this tool is doing neither. I don't want to create a new .deployignore file, but I'm not sure the semantics of the existing ignore files can be reconciled with what is actually needed for this use case.

[ritch]

Is this at a point where I can try it out on the full stack example?

[sam-github]

@rmg, recall that the packing is done with npm pack. Or (as you and @bajtos requested), the output at least is compatible with that used by npm pack/publish/install. So, .npmignore is pretty relevant, IMHO. And I wouldn't be doing any rewrites of the bundledDependencies property if npm pack wasn't being used.

@ritch Yes. Ping me if you need help, I had trouble, but I didn't know the code as well as you.

[sam-github]

So the thing about having a .gitignore and no .npmignore, is the entire point of this script is to pack build products... and build products are always in .gitignore, so the pack will allways be broken, it won't include build products.

If we create a too permissive .npmignore, we package stuff we don't need... but the pack still works.

So I added docs and a warning message. I think working but extra garbage is better than not working.

[sam-github]

I've manually tested this with sls-sample-app, but would still like to test with the loopback fullstack app. Will work with @ritch on that.

[bajtos]

So I added docs and a warning message. I think working but extra garbage is better than not working.

Agreed.

[sam-github]

Btw, manually tested with full stack loopback example, looks like approach is workable, see

strongloop/loopback-example-offline-sync#8 and strongloop/loopback-example-offline-sync#9

[rmg]

LGTM.