From 4e7787422f95ca93b88ed7ee14158511788547d9 Mon Sep 17 00:00:00 2001 From: Asher Date: Thu, 21 Sep 2023 17:38:56 -0800 Subject: [PATCH] Avoid packaging yarn.lock Since the shrinkwrap is what we want everything to use. --- ci/build/build-release.sh | 44 ++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/ci/build/build-release.sh b/ci/build/build-release.sh index 576b084ae9ca..2fe6fcc5b6f0 100755 --- a/ci/build/build-release.sh +++ b/ci/build/build-release.sh @@ -56,7 +56,6 @@ bundle_code_server() { } EOF ) > "$RELEASE_PATH/package.json" - rsync yarn.lock "$RELEASE_PATH" mv npm-shrinkwrap.json "$RELEASE_PATH" rsync ci/build/npm-postinstall.sh "$RELEASE_PATH/postinstall.sh" @@ -106,34 +105,41 @@ bundle_vscode() { } create_shrinkwraps() { - # yarn.lock or package-lock.json files (used to ensure deterministic versions of dependencies) are - # not packaged when publishing to the NPM registry. - # To ensure deterministic dependency versions (even when code-server is installed with NPM), we create - # an npm-shrinkwrap.json file from the currently installed node_modules. This ensures the versions used - # from development (that the yarn.lock guarantees) are also the ones installed by end-users. - # These will include devDependencies, but those will be ignored when installing globally (for code-server), and - # because we use --omit=dev when installing vscode. - - # We first generate the shrinkwrap file for code-server itself - which is the current directory - create_shrinkwrap_keeping_yarn_lock + # yarn.lock or package-lock.json files (used to ensure deterministic versions + # of dependencies) are not packaged when publishing to the NPM registry. + + # To ensure deterministic dependency versions (even when code-server is + # installed with NPM), we create an npm-shrinkwrap.json file from the + # currently installed node_modules. This ensures the versions used from + # development (that the yarn.lock guarantees) are also the ones installed by + # end-users. These will include devDependencies, but those will be ignored + # when installing globally (for code-server), and because we use --omit=dev + # when installing vscode. + + # We also remove the yarn.lock files once we have done this even though they + # are ignored by NPM on publish because we use the artifact uploaded to CI + # (which would still include the yarn.lock) to generate the standalone builds + # and we want to make sure we are not using yarn accidentally. + + # We first generate the shrinkwrap file for code-server itself---which is the + # current directory. + create_shrinkwrap # Then the shrinkwrap files for the bundled VSCode pushd "$VSCODE_SRC_PATH/remote/" - create_shrinkwrap_keeping_yarn_lock + create_shrinkwrap popd pushd "$VSCODE_SRC_PATH/extensions/" - create_shrinkwrap_keeping_yarn_lock + create_shrinkwrap popd } -create_shrinkwrap_keeping_yarn_lock() { - # HACK@edvincent: Generating a shrinkwrap alters the yarn.lock which we don't want (with NPM URLs rather than the Yarn URLs) - # But to generate a valid shrinkwrap, it has to exist... So we copy it to then restore it - cp yarn.lock yarn.lock.temp +create_shrinkwrap() { npm shrinkwrap - cp yarn.lock.temp yarn.lock - rm yarn.lock.temp + # Note that npm shrinkwrap alters the yarn.lock, but we are not going to keep + # it anyway. + rm yarn.lock } main "$@"