Sync with upstream v205 #71
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
After monitoring the custom Yarn 2 plugin for a period of time there doesn't seem to be any issues from the 20% of builds that it has been active on. This PR enables this feature completely and removes the old code path that used to handle pruning for Yarn 2.
After monitoring the custom Yarn 2 plugin for a period of time there doesn't seem to be any issues from the 20% of builds that it has been active on. This PR enables this feature completely and removes the old code path that used to handle pruning for Yarn 2.
…pruning Enable devDependency pruning for Yarn 2
The Node.js binaries are not stack-specific, so no buildpack/binary changes are needed for Heroku-22 - only testing it in CI. GUS-W-10343867.
* Metrics support for Node 17, 18 (not 12) * Update test version range to include Node.js 17 and 18 * Update metrics plugins * Add a node 16 spec * Add a node-17 spec * Tie down range-with-space version range, so it'll work with heroku-18+Node18 * Add a spec for Node 18.x * Add failure message for heroku-18 and Node.js 18 * Add a spec for heroku-18/Node 18 incompatibilty * Use PCRE regex on failure check * Adjust regex * Add log grep debugging * Actually grep the file * Make sure npm --version errors make it to the log * Redirect more stderr so that errors end up in logs * Capture npm --version stderr in the output logs * Add additional debugging * Add additional debugging * More debug logs =( * Still debugging * Fix npm --version redirection * Clean up debugging and add comments * Add node-16-metrics test * add node-17-metrics test * Add node-18-metrics test * Update changelog for Node 17 and 18 support * Adjust test-range-with-space expectation * Update CHANGELOG.md Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com> * Update lib/failure.sh Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com> * Update lib/binaries.sh Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com> * Update lib/binaries.sh Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com> * Update lib/binaries.sh Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com> * Update spec/ci/node_16_metrics_spec.rb Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com> Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com>
Update CHANGELOG.md before publishing v196
* Drop yarn-native-cache feature * Drop fixture feature setting * Drop yarn-native-cache feature * Update test expectations: it was testing an impossible scenario * Add changelog entry for feature flag removal
The [Node support docs](https://devcenter.heroku.com/articles/nodejs-support#skip-pruning) state that Yarn dependency pruning can be skipped by setting `YARN_PRODUCTION=false` but this only works with Yarn v1 since using the `YARN_PRODUCTION` environment variable with Yarn v2+ will cause `yarn` commands to fail. This PR will: * detect when Yarn v2+ is used in the build and raise an actionable error if the `YARN_PRODUCTION` is set * checks for the presence of a `YARN2_SKIP_PRUNING` environment variable to determine if we should skip pruning or not
Since `npm ci` removes any existing `node_modules` folder before installing, to get proper caching behavior we need to cache the npm cache instead.
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.7.1...v1.7.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
S3 URLs where the bucket name is part of the URL path are deprecated. Instead, it's recommended to use the virtual-hosted style references, where the bucket name is part of the domain. The latter allows AWS to use DNS to direct requests directly to the appropriate region's S3 endpoint, rather than having to route via the global S3 endpoint (which AWS describe as being a single point of failure/harder to scale etc). There is a small chance this may also help with some of the S3 reliability issues seen in `heroku/builder` Circle CI runs - however even if it doesn't, at least we'll no longer be using the deprecated URLs/endpoints. The `lib/vendor/resolve-*` binaries were regenerated using `make build-production`. See: https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/ https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region GUS-W-11283397.
Since `jq` now exists on all stacks: https://devcenter.heroku.com/articles/stack-packages Removing since this means one fewer `curl` call to which retries etc have to be added shortly.
In the shimmed CNBs used in `heroku/builder` we have been seeing quite a few transient errors related to buildpacks downloading from S3. Adding appropriate retries and connection timeouts to all of our buildpack's curl usages should help with these, as well as make builds more reliable in general for users on Heroku, plus also anyone using a shimmed CNB locally with Pack CLI (where the network connection may be even less reliable). The `--retry-connrefused` option has been used since otherwise curl doesn't retry cases where the connection was refused. Ideally we would use `--retry-all-errors` which takes that one step further, however that option was only added in curl 7.71, so is only supported by Heroku-22+. For more on curl options, see: https://curl.se/docs/manpage.html GUS-W-11283397.
To pick up heroku#1013, heroku#1016 & heroku#1017. GUS-W-11283397.
…es (heroku#1022) Bumps [got](https://github.com/sindresorhus/got) from 11.8.3 to 11.8.5. - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v11.8.3...v11.8.5) --- updated-dependencies: - dependency-name: got dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update Node.js inventory * Update yarn inventory
* Support GitHub Actions in etc/hatchet.sh * Drop debugging line * Support CI setup on GitHub Actions
Bumps [rspec-expectations](https://github.com/rspec/rspec-expectations) from 3.11.0 to 3.11.1. - [Release notes](https://github.com/rspec/rspec-expectations/releases) - [Changelog](https://github.com/rspec/rspec-expectations/blob/main/Changelog.md) - [Commits](rspec/rspec-expectations@v3.11.0...v3.11.1) --- updated-dependencies: - dependency-name: rspec-expectations dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Since: - The app is deprecated and due to be switched off shortly. - The buildpack should have as few dependencies on external resources as possible (particularly those not productionised or behind CDN). - We especially should not have dependencies on `herokuapp.com` domains, given the reduced flexibility and risk of subdomain takeover. Fixes heroku#1015. GUS-W-11843580.
GUS-W-11843580.
* Add workflow heroku/heroku-buildpack-nodejs/buildpack-tests
* Matrixify unit-test
* Correct push arguments
* Rename CI workflow
* Matrixify unit build tests
* Use secrets for hatchet API key
* Don't try to detect CI branch name
* GitHub Actions workflow improvements
* Use GITHUB_HEAD_REF if present
* Add debugging for flaky tests
* Disable colors for yarn prune tests
* Drop debugging lines
* Drop container for heroku-build tests
* Add STACK to heroku-build tests
* Add timeout-minutes to cancelled job
* Add tearDown function to prevent running out of disk during CI
* Run in heroku:{STACK}-build again
* Use setup-ruby for caching
* Drop circle config
* Fix error constant
* Run hatchet tests in expensive mode to bypass free dyno hour quotas
* Enable hatchet run_multi too
* Drop HATCHET_RUN_MULTI
Co-authored-by: Josh W Lewis <josh.lewis@salesforce.com>
* feat: Yarn 4 support for dependency pruning Co-authored-by: Reece Dunham <me@rdil.rocks>
To reduce the churn + email notification noise slightly. GitHub will still open PRs for any security issues outside of the monthly cadence.
This PR also addresses the following dependabot security alerts: - https://github.com/heroku/heroku-buildpack-nodejs/security/dependabot/11 - https://github.com/heroku/heroku-buildpack-nodejs/security/dependabot/4 - https://github.com/heroku/heroku-buildpack-nodejs/security/dependabot/12
* Change the default Node.js to 18.x * Add changelog entry for default version change * Update CHANGELOG.md Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com> * Fallback to Node.js 16.x default on heroku-18 * Update changelog entry for heroku-18 exception Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com>
* Update to go 1.19 and recompile * Add changelog entry for go update
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.8.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.7.2...v1.8.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rspec-expectations](https://github.com/rspec/rspec-expectations) from 3.11.1 to 3.12.0. - [Release notes](https://github.com/rspec/rspec-expectations/releases) - [Changelog](https://github.com/rspec/rspec-expectations/blob/main/Changelog.md) - [Commits](rspec/rspec-expectations@v3.11.1...v3.12.0) --- updated-dependencies: - dependency-name: rspec-expectations dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Allow engines.yarn to be specified for yarn berry * Update changelog with yarn berry channges * Bump the version in CHANGELOG * Update test for yarn 2 project specifying engine * Don't use yarn 2 in tests; it's not available yet
Bumps [heroku_hatchet](https://github.com/heroku/hatchet) from 7.3.4 to 8.0.1. - [Release notes](https://github.com/heroku/hatchet/releases) - [Changelog](https://github.com/heroku/hatchet/blob/main/CHANGELOG.md) - [Commits](heroku/hatchet@v7.3.4...v8.0.1) --- updated-dependencies: - dependency-name: heroku_hatchet dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
As of Hatchet v8.x, Hatchet now: - Removes the apps it creates after each test runs, rather than only enabling maintenance mode. This occurs even if an individual test fails. - Cleans up older apps iff it runs into the app limit. (This is only done when the app limit is hit, in order to prevent hundreds of unnecessary API requests, when test concurrency is high.) However, leftover apps can still occur in the following cases: - The GitHub Actions run is cancelled, or aborts in a non-clean way. - If a Hatchet bug (or a mis-use of Hatchet by the tests) cause Hatchet to exit non-cleanly. - If there is a platform incident causing the Heroku API to not be available. Therefore, this scheduled cleanup job has been added to catch any such leftover apps. It runs daily at 6am UTC, and can also be triggered manually via the GitHub dashboard. The cleanup job only deletes apps older than 10 minutes, so that it doesn't break any in progress CI jobs. GUS-W-12629391.
) * Use version resolver from heroku/nodejs CNB The heroku/nodejs CNB uses a version resolver that is written in rust and leverages a local inventory to resolve both Node.js and Yarn version ranges to an available version. This will replace the Go version which relied on querying the contents of an S3 bucket. This change should reduce the dependency on http during builds. It also unifies the heroku/nodejs CNB and v2 buildpacks to use the same version resolution system. * Don't unit test the go binaryin CI; it's been deleted * Rework resolve function to behave correctly * Report version resolution only for v2 * Read error message from stderr too * Add changelog for version resolver change * Add makefile targets for building rust resolvers * Add changelog entry for release
…es (heroku#1055) Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.1...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…eroku#1059) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rspec-expectations](https://github.com/rspec/rspec-expectations) from 3.12.0 to 3.12.2. - [Release notes](https://github.com/rspec/rspec-expectations/releases) - [Changelog](https://github.com/rspec/rspec-expectations/blob/main/Changelog.md) - [Commits](rspec/rspec-expectations@v3.12.0...v3.12.2) --- updated-dependencies: - dependency-name: rspec-expectations dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Use cargo install instead of cloning the repo manually * Add newlines instead of ;
- includes fixed node inventory for 18.15.0
… deps/69/sync_with_upstream_205
EtienneM
requested changes
Mar 21, 2023
EtienneM
reviewed
Mar 21, 2023
Co-authored-by: Étienne M. <EtienneM@users.noreply.github.com>
Co-authored-by: Étienne M. <EtienneM@users.noreply.github.com>
EtienneM
approved these changes
Mar 22, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fix #69