PEX icon indicating copy to clipboard operation
PEX copied to clipboard

Published 20 hours ago verified publisher icon Sphereon-Opensource

build error related to preinstall script: "npx only-allow pnpm"

Open cvarjao opened this issue 1 year ago • 12 comments
trafficstars

  • I'm submitting a ... [x] bug report [ ] feature request [ ] question about the decisions made in the repository [ ] question about how to use this project

  • Summary We use PEX with OWF Credo and Bifold. pnpm is not supported by react native, is it possible to not enforce consumers of this library to also use pnpm? we are getting a build error:

  ➤ YN0000: │ @sphereon/pex@npm:3.3.3 STDERR sh: 1: only-allow: not found
  ➤ YN0009: │ @sphereon/pex@npm:3.3.3 couldn't be built successfully (exit code 127, logs can be found here: /tmp/xfs-42e00f6b/build.log)
  • Other information (e.g. detailed explanation, stack traces, related issues, suggestions how to fix, links for us to have context, eg. StackOverflow, personal fork, etc.)

cvarjao avatar Apr 30 '24 16:04 cvarjao

Why is it building PEX? We provide releases, so I am unsure why this is happening to begin with. We are using RN for our own wallet as well and never have seen anything like this.

To add. The preinstall fase is the phase before installing the deps for PEX itself. External solutions using PEX as a dep should not be bothered by that at all. Almost all of our libs and SDKs use PNPM, but we also have projects using yarn and even npm. None have seen this happen and I cannot see how our choice of package/build system would interfere with external projects, unless PEX would be build as part of the solution, or a link to Github is used as dep

nklomp avatar Apr 30 '24 18:04 nklomp

@nklomp , do you use yarn? it might a yarn quirk: https://yarnpkg.com/advanced/lifecycle-scripts#postinstall

For backwards compatibility, the preinstall and install scripts, if presents, are called right before running the postinstall script from the same package. In general, prefer using postinstall over those two.

cvarjao avatar Apr 30 '24 19:04 cvarjao

Yes. I know of multiple RN wallets AFAIK all using yarn and our PEX lib. Is the link to the repo public? If so could you provide me with a link so I can have a look?

nklomp avatar Apr 30 '24 19:04 nklomp

You mentioned Credo. They are also using our pnpm based libs with a yarn package manager https://github.com/openwallet-foundation/credo-ts/tree/main

@TimoGlastra Do you know if you had to do anything special to make that work (shouldn't be the case, but just doublechecking)

nklomp avatar Apr 30 '24 19:04 nklomp

Hmm it seems Bifold is using Yarn 3, which works very different from Yarn V1 (which we're using for Credo).

However, we're using Yarn V3 in the Paradym Wallet (https://github.com/animo/paradym-wallet) and that's also been working fine until now

TimoGlastra avatar Apr 30 '24 19:04 TimoGlastra

But it seems the preinstall has only been introduced since PEX v3.3.1. So maybe that's what's causing the issue?

TimoGlastra avatar Apr 30 '24 19:04 TimoGlastra

@cvarjao can you provide some steps to reproduce the error? I cloned the bitfold repo and tried to install it with yarn v3.3.1, but it failed on Windows (some errors with node-gyp-build). However yarn build worked fine.

cre8 avatar May 01 '24 14:05 cre8

@nklomp @TimoGlastra it seems that preinstall causes also problems in other projects, see https://github.com/ethereum-optimism/optimism/pull/9805 https://github.com/pnpm/only-allow/issues/11

cre8 avatar May 01 '24 14:05 cre8

Their behaviour is similar to ours. It seems to always work from our laptops, but often (not always) fails from github action.

cvarjao avatar May 01 '24 15:05 cvarjao

@cvarjao can you provide some links to the failed github actions? Maybe it's a bad configuration that triggers this behaviour.

cre8 avatar May 02 '24 05:05 cre8

@nklomp it seems that pnpm can make some problems with latest versions for pnpm, yarn and npm (the package last update is form last year).

Another apporach is to use the engine field like:

  "engines": {
    "node": ">=18",
    "npm": "please use pnpm"
  },

However this does not prevent the npm install script from being executed and create the package-lock file (but it will fail in the end "successfully")

npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@sphereon/[email protected]',
npm WARN EBADENGINE   required: { node: '>=18', npm: 'use pnpm' },
npm WARN EBADENGINE   current: { node: 'v20.11.1', npm: '10.2.4' }
npm WARN EBADENGINE }

It is btw the same behaviour like "preinstall": "npx only-allow pnpm", so there is technically no job that is executed before install

@cvarjao could you make the patch file for bifold and check if the engine approach will work better for you?

cre8 avatar May 02 '24 06:05 cre8

@cre8 , we can try. Right now we have patched to remove the "preinstall" script: https://github.com/openwallet-foundation/bifold-wallet/blob/main/.yarn/patches/%40sphereon-pex-npm-3.3.3-144d9252ec.patch

I don't know if you can see all the GHA build logs, but here is an example: https://github.com/openwallet-foundation/bifold-wallet/actions/runs/8886740708/job/24400750310

cvarjao avatar May 02 '24 16:05 cvarjao

My team also recently faced this issue, but only when multiple packages included the only-allow preinstall script, and also only when packages were installed with yarn on a Github runner.

We also got around the issue by patching out the preinstall script in one of the packages.

DJHunn39 avatar Dec 04 '24 09:12 DJHunn39