Revert "fix: publish shrinkwrap with prod dependencies only (#5359)"

This reverts commit 65f77d9.
netlify · Jan 11, 2023 · 08713c5 · 08713c5
1 parent 6567e68
commit 08713c5
Show file tree

Hide file tree

Showing 14 changed files with 45 additions and 46 deletions.
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
@@ -15,8 +15,10 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: lts/*
-          cache: npm
+          node-version: '*'
+          cache: 'npm'
+          cache-dependency-path: 'npm-shrinkwrap.json'
+          check-latest: true
       - name: Install dependencies
         run: npm ci --no-audit && npm prune --production
       - name: Get size

diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml
@@ -31,13 +31,14 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-          cache: npm
+          cache: 'npm'
+          cache-dependency-path: 'npm-shrinkwrap.json'
           check-latest: true
       - name: Cache verdaccio storage
         uses: actions/cache@v3
         with:
           path: ./.verdaccio-storage
-          key: verdaccio-e2e-cli-${{ hashFiles('./package-lock.json') }}
+          key: verdaccio-e2e-cli-${{ hashFiles('./npm-shrinkwrap.json') }}
       - name: Install dependencies
         run: npm ci --no-audit
       - name: Install pnpm

diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
@@ -47,7 +47,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-          cache: npm
+          cache: 'npm'
+          cache-dependency-path: 'npm-shrinkwrap.json'
           check-latest: true
         if: '${{!steps.release-check.outputs.IS_RELEASE}}'
       - name: Setup Deno

diff --git a/.github/workflows/legacy-tests.yml b/.github/workflows/legacy-tests.yml
@@ -47,7 +47,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-          cache: npm
+          cache: 'npm'
+          cache-dependency-path: 'npm-shrinkwrap.json'
           check-latest: true
         if: '${{!steps.release-check.outputs.IS_RELEASE}}'
       - name: Setup Deno

diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
@@ -11,8 +11,10 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: lts/*
-          cache: npm
+          node-version: '*'
+          cache: 'npm'
+          check-latest: true
+          cache-dependency-path: 'npm-shrinkwrap.json'
           registry-url: 'https://registry.npmjs.org'
       - name: Install core dependencies
         run: npm ci --no-audit

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -4,51 +4,41 @@ on:
     branches:
       - main
 jobs:
-  create-release:
+  release-please:
     runs-on: ubuntu-latest
-    outputs:
-      release_created: ${{ steps.release.outputs.release_created }}
     steps:
       - uses: navikt/github-app-token-generator@a3831f44404199df32d8f39f7c0ad9bb8fa18b1c
         id: get-token
         with:
           private-key: ${{ secrets.TOKENS_PRIVATE_KEY }}
           app-id: ${{ secrets.TOKENS_APP_ID }}
-
       - uses: GoogleCloudPlatform/release-please-action@v3
         id: release
         with:
           token: ${{ steps.get-token.outputs.token }}
           release-type: node
-          package-name: netlify-cli
-
-  publish:
-    runs-on: ubuntu-latest
-    needs: create-release
-    if: ${{ needs.create-release.outputs.release_created }}
-    steps:
+          package-name: 'netlify-cli'
       - uses: actions/checkout@v3
-
+        if: ${{ steps.release.outputs.release_created }}
       - uses: actions/setup-node@v3
         with:
-          node-version: lts/*
-          cache: npm
+          node-version: '*'
+          cache: 'npm'
+          cache-dependency-path: 'npm-shrinkwrap.json'
+          check-latest: true
           registry-url: 'https://registry.npmjs.org'
-
-      # when running npm publish dev dependencies won't be installed, but we need the is-ci binary to skip husky
-      - name: Install is-ci globally
-        run: npm install -g is-ci
-
+        if: ${{ steps.release.outputs.release_created }}
+      # required for linting to pass
+      - name: Install site dependencies
+        run: npm run site:build:install
+        if: ${{ steps.release.outputs.release_created }}
       - name: Install core dependencies
         run: npm ci --no-audit
-
-      # https://github.com/ossf/package-manager-best-practices/issues/35#issue-1360805761
-      - name: Create shrinkwrap
-        run: |
-          npm prune --production
-          rm -rf package-lock.json
-          npm shrinkwrap
-
+        if: ${{ steps.release.outputs.release_created }}
       - run: npm publish
+        if: ${{ steps.release.outputs.release_created }}
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+          # required for tests to pass
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          NETLIFY_TEST_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -30,7 +30,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-          cache: npm
+          cache: 'npm'
+          cache-dependency-path: 'npm-shrinkwrap.json'
           check-latest: true
         if: '${{!steps.release-check.outputs.IS_RELEASE}}'
       - name: Install core dependencies

diff --git a/.github/workflows/verify-docs.yml b/.github/workflows/verify-docs.yml
@@ -16,8 +16,10 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: lts/*
-          cache: npm
+          node-version: '*'
+          cache: 'npm'
+          cache-dependency-path: 'npm-shrinkwrap.json'
+          check-latest: true
       - name: Install core dependencies
         run: npm ci --no-audit
       - name: Install site dependencies

diff --git a/.npmrc b/.npmrc
@@ -0,0 +1 @@
+shrinkwrap=true
diff --git a/package-lock.json → npm-shrinkwrap.json b/package-lock.json → npm-shrinkwrap.json
diff --git a/package.json b/package.json
@@ -38,7 +38,7 @@
     "url": "https://github.com/netlify/cli/issues"
   },
   "scripts": {
-    "prepare": "is-ci || husky install node_modules/@netlify/eslint-config-node/.husky/",
+    "prepare": "husky install node_modules/@netlify/eslint-config-node/.husky/",
     "start": "node ./bin/run.mjs",
     "test": "run-s format test:dev",
     "format": "run-s format:check-fix:*",
@@ -72,7 +72,7 @@
   },
   "config": {
     "eslint": "--ignore-path .gitignore --cache --format=codeframe --max-warnings=0 \"{src,scripts,site,tests,.github}/**/*.{mjs,cjs,js,md,html}\" \"*.{mjs,cjs,js,md,html}\" \".*.{mjs,cjs,js,md,html}\"",
-    "prettier": "--ignore-path .gitignore --loglevel=warn \"{src,tools,scripts,site,tests,.github}/**/*.{mjs,cjs,js,md,yml,json,html}\" \"*.{mjs,cjs,js,yml,json,html}\" \".*.{mjs,cjs,js,yml,json,html}\" \"!CHANGELOG.md\" \"!**/*/package-lock.json\" \"!.github/**/*.md\""
+    "prettier": "--ignore-path .gitignore --loglevel=warn \"{src,tools,scripts,site,tests,.github}/**/*.{mjs,cjs,js,md,yml,json,html}\" \"*.{mjs,cjs,js,yml,json,html}\" \".*.{mjs,cjs,js,yml,json,html}\" \"!CHANGELOG.md\" \"!npm-shrinkwrap.json\" \"!**/*/package-lock.json\" \"!.github/**/*.md\""
   },
   "dependencies": {
     "@fastify/static": "^6.6.0",
@@ -193,7 +193,6 @@
     "graphviz": "^0.0.9",
     "husky": "^8.0.0",
     "ini": "^2.0.0",
-    "is-ci": "^3.0.1",
     "mock-fs": "^5.1.2",
     "nock": "^13.2.4",
     "p-timeout": "^4.0.0",

diff --git a/tools/affected-test.mjs b/tools/affected-test.mjs
@@ -33,7 +33,7 @@ export const getAffectedFiles = (changedFiles) => {
 
   // in this case all files are affected
   if (
-    changedFiles.includes('package-lock.json') ||
+    changedFiles.includes('npm-shrinkwrap.json') ||
     changedFiles.includes('package.json') ||
     changedFiles.includes(join('.github', 'workflows', 'main.yml'))
   ) {

diff --git a/tools/tests/affected-files.test.mjs b/tools/tests/affected-files.test.mjs
@@ -44,9 +44,9 @@ test.only('should get all files marked as affected when the package.json is touc
   t.deepEqual(affectedFiles, mockedTestFiles)
 })
 
-test.serial('should get all files marked as affected when the package-lock.json is touched', async (t) => {
+test.serial('should get all files marked as affected when the npm-shrinkwrap.json is touched', async (t) => {
   const consoleStub = t.context.sandbox.stub(console, 'log').callsFake(() => {})
-  const { affectedFiles, mockedTestFiles } = await getAffectedFilesFromMock(['package-lock.json'])
+  const { affectedFiles, mockedTestFiles } = await getAffectedFilesFromMock(['npm-shrinkwrap.json'])
 
   t.truthy(consoleStub.firstCall.calledWith('All files are affected based on the changeset'))
   t.deepEqual(affectedFiles, mockedTestFiles)

diff --git a/tools/tests/utils/file-systems.mjs b/tools/tests/utils/file-systems.mjs
@@ -1,7 +1,7 @@
 import { join } from 'path'
 
 const baseFiles = {
-  'package-lock.json': '',
+  'npm-shrinkwrap.json': '',
   'README.md': '',
 }