verify npm package #77
Conversation
| run: npm run ci:lint | ||
| - name: Run Tests | ||
| run: npm run ci:test | ||
| env: |
There was a problem hiding this comment.
needed to pass tests which access npm
|
introducing a new step in |
| async function obtainNpmPackage(packageVersion: string, workFolder: string): Promise<void> { | ||
| await addNPMRCFile(workFolder); | ||
|
|
||
| const fullCommandLine = `npm pack ${packageVersion}`; |
There was a problem hiding this comment.
could we do an npm install somewhere instead? then we could do an import() and make sure all the machinery works (including the package.json is ok)
package.json
Outdated
| { | ||
| "name": "@checkdigit/github-actions", | ||
| "version": "2.0.0", | ||
| "version": "2.0.1", |
There was a problem hiding this comment.
since we're adding a new action, think this should be a MINOR
| async function verifyImportEntryPoints(packageFolder: string): Promise<void> { | ||
| const packageJson = JSON.parse(await fs.readFile(`${packageFolder}/package.json`, 'utf8')) as PackageJson; | ||
| const isEsm = packageJson.type === 'module'; | ||
| const bundleFolder = isEsm ? 'dist-mjs' : 'dist'; |
There was a problem hiding this comment.
if npm install isn't an option, think it would be better to simulate what node does, i.e. read the package.json and figure out the entry point from that.
There was a problem hiding this comment.
I think npm install and then doing what deployer does (import and then ping operation) would be good.
There was a problem hiding this comment.
this is for any package (not necessarily a service)? I was thinking an npm install + importing it from some generated typescript. then compile & run. that way you know the types are ok and the entry point is correct.
There was a problem hiding this comment.
for services, the "import+compile" way might not be able to verify their api endpoints which are not exported. many of their root index.ts only export swagger.ts, like:
// index.ts
export * as v1 from './api/v1/swagger';
so even if there is an issue, it might not be exposed.
There was a problem hiding this comment.
in the new-new world a service is started by awaiting the default export of the main entry point. so this would expose an issue with API/service code once that starts rolling out. also, I feel the primary job of this action is to validate the npm package itself, which is effectively whatever is exported from the root index.ts, vs functionality as a service. we have other things that do that.
There was a problem hiding this comment.
that makes total sense
There was a problem hiding this comment.
this is probably a known limitation using import: if the package references excluded(e.g. from *.test.ts) types or values but doesn't export them through its root index.ts, then no error will be reported.
on the other hand, using node cli to load that package's index.ts can expose the problem though.
|
as part of the latest commit, i've updated tests quite a bit mainly because:
|
…ror message in CI is not confusing
adcreare
left a comment
adcreare
left a comment
There was a problem hiding this comment.
LGTM - very comprehensive
There was a problem hiding this comment.
this can be updated to use 20.x/22.x now
src/validate-npm-package/index.ts
Outdated
|
|
||
| import main from './validate-npm-package'; | ||
|
|
||
| main(getInput('betaPackage')) |
There was a problem hiding this comment.
i forget what issues there might be with this with actions, but can we not use top-level await here? its being compiled to an .mjs file, figure it should Just Work?
| // eslint-disable-next-line unicorn/no-process-exit | ||
| process.exit(1); | ||
| }); | ||
| await main(); |
There was a problem hiding this comment.
given we're just awaiting main() at the top level of the module, do we need the main function at all, just make everything top level? this feels very script-y anyway
There was a problem hiding this comment.
tried that and making everything top level, it works but there is one advantage in having a 'main' function when it comes to testing.
what happens is that we'll have to do dynamic import in the tests; and before the dynamic import we normally setup nocking and environment variables. Jest has its own module catching mechanism, which causes some of the tests start failing. one trick is to do jest.resetModules() everywhere.
it seems easier and less surprise if we call the main function instead.
what do you think? should we make the change, or keep the main?
There was a problem hiding this comment.
if we're await()ing main, isn't it effectively having everything top-level anyway? my thought is we move main() into a separate module, and all the index.ts does is import and await it. that way tests can do their thing without side effects going on at the module level.
| // eslint-disable-next-line unicorn/no-process-exit | ||
| process.exit(1); | ||
| }); | ||
| await main(); |
There was a problem hiding this comment.
if we're await()ing main, isn't it effectively having everything top-level anyway? my thought is we move main() into a separate module, and all the index.ts does is import and await it. that way tests can do their thing without side effects going on at the module level.
|
Coverage after merging validate-npm-package into main will be
Coverage Report |
carlansley
left a comment
carlansley
left a comment
There was a problem hiding this comment.
lftm, the only issue i can think of is would this work with packages that export weird things (e.g. *-config repos). e.g. jest-config doesn't export anything at all (maybe it should?). i suppose we can cross that bridge when we come to it.
|
✅ PR review status - All reviews completed and approved! |
Fixes #75