-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure Corepack Usage for npm, pnpm, and yarn Command Execution #10944
Ensure Corepack Usage for npm, pnpm, and yarn Command Execution #10944
Conversation
c7e170f
to
bcb2cf8
Compare
"corepack install #{name}@#{version} --global --cache-only", | ||
fingerprint: "corepack install <name>@<version> --global --cache-only" | ||
) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved from PackageManagerHelper
into Helpers
.
2bf87a5
to
49db410
Compare
# Setup yarn and run a single yarn command returning stdout/stderr | ||
sig { params(command: String, fingerprint: T.nilable(String)).returns(String) } | ||
def self.run_yarn_command(command, fingerprint: nil) | ||
setup_yarn_berry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should check to see if we have run the setup command already and skip it if we have
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, since most of the codebase uses #run_single_yarn_command, should we update that method instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the feedback. I will check if we can run the run_single_yarn_command
and make changes accordingly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went over the code. I think we are already doing install in file_fetcher phase. So we don't need to re-run setup for that. Just we need to be sure that we are running commands through corepack.
And in the following change we are running all command by using corepack
. Also in setup_yarn_berry
we are running multiple yarn commands with different conditions so I think this method is doing things with conditions and it is calling run_single_yarn_command
which is expected to be right call.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you’re suggesting that we configure setup_yarn_berry
once and avoid re-running these commands, I can work on that. However, I think it would be better suited to a separate PR, as our priority is first ensuring everything runs smoothly with Corepack.
The direction of this PR makes sense to me. Do you have any data showing the inconsistent runs? We could use that to verify that this change makes them consistent again |
3dc21c9
to
6da1382
Compare
@Nishnha After investigating further, I discovered that once a package manager is installed with Here are the details for the deployed and reverted changes for further reference: https://github.com/github/dependabot-updates/issues/7325 |
@@ -79,7 +82,7 @@ | |||
allow(Dependabot::Experiments).to receive(:enabled?) | |||
.with(:npm_fallback_version_above_v6).and_return(npm_fallback_version_above_v6_enabled) | |||
allow(Dependabot::Experiments).to receive(:enabled?) | |||
.with(:npm_fallback_version_above_v6).and_return(npm_fallback_version_above_v6_enabled) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Duplicate!
…rn_using_corepack
fix installing pnpm version issue improve the finding version code
raise_if_unsupported!(name, version.to_s) | ||
|
||
install(name, version) if name == PNPMPackageManager::NAME | ||
end | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We want to install npm, and yarn versions as well. We removed the condition that only install for pnpm when version is guessed.
return manager_name.to_s if @lockfiles[manager_name.to_sym] | ||
end | ||
nil | ||
PACKAGE_MANAGER_CLASSES.keys.map(&:to_s).find { |manager_name| @lockfiles[manager_name.to_sym] } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix Sorbet Issue:
Dependabot::Sorbet::Runtime::InformationalError
Parameter 'name': Expected type T.nilable(String), got type Hash with value {"npm"=>Dependabot::NpmAndY...pmAndYarn::PNPMPackageManager}
Caller: /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb:221
Definition: /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb:282 (Dependabot::NpmAndYarn::PackageManagerHelper#package_manager_by_name)
PACKAGE_MANAGER_CLASSES.each_key do |manager_name| # iterates keys in order as defined in the hash | ||
return manager_name.to_s if @manifest_package_manager.start_with?("#{manager_name}@") | ||
PACKAGE_MANAGER_CLASSES.keys.map(&:to_s).find do |manager_name| | ||
@manifest_package_manager.start_with?("#{manager_name}@") | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix Sorbet Issue:
Dependabot::Sorbet::Runtime::InformationalError
Parameter 'name': Expected type T.nilable(String), got type Hash with value {"npm"=>Dependabot::NpmAndY...pmAndYarn::PNPMPackageManager}
Caller: /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb:221
Definition: /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb:282 (Dependabot::NpmAndYarn::PackageManagerHelper#package_manager_by_name)
if version | ||
raise_if_unsupported!(name, version.to_s) | ||
install(name, version) | ||
end | ||
else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This else is going to be removed in clean-up process of enable_corepack_for_npm_and_yarn
feature flag after all checks.
Flagging this ticket, which is blocking us on a number of our repositories today, and likely is related to this PR: #10982 |
What are you trying to accomplish?
This PR ensures that
corepack
is explicitly invoked when runningnpm
,pnpm
, andyarn
commands. By callingcorepack
directly, we can guarantee that the correct package manager versions (installed via Corepack) are used for each command. This change helps prevent version mismatches and enhances consistency across different environments.This change resolves inconsistencies in package manager versions used in different environments and addresses potential issues caused by mismatched versions.
Anything you want to highlight for special attention from reviewers?
The key change here is the addition of
corepack
to thenpm
,pnpm
, andyarn
command execution. This ensures that the commands run with the versions installed by Corepack. If there were multiple approaches to achieve this, I selected this one to make the execution explicit and straightforward.How will you know you've accomplished your goal?
run_npm_command
,run_pnpm_command
, andrun_single_yarn_command
to prependcorepack
to each command, ensuring the correct version usage.Checklist