truffle icon indicating copy to clipboard operation
truffle copied to clipboard

Published 20 hours ago verified publisher icon trufflesuite

It is possible to merge `package.json` files that will fail to release

Open gnidan opened this issue 2 years ago • 3 comments

Issue

Let's say you make a new package for the Truffle monorepo. And you forget to add publishConfig. Well, when we go to release, it will fail! Because NPM will see the new package, since it's org-scoped, as private.

That's not good! Why didn't CI stop this???

This repo should have a CI job that validates package.json changes for this situation and potentially others.

Steps to Reproduce

Yeah, best not to reproduce this one.

Expected Behavior

Faina should not get surprised by a messed up release when she's trying to go have dinner with her family.

No but seriously:

  • Org-scoped packages should get checked to either have a "private": true (e.g. in @truffle/compile-solidity-tests) or "publishConfig": { "access": "public" } (e.g., in @truffle/dashboard).
  • CI should check for the existence of a prepare script and test script (even if they're no-ops)
  • CI should probably also check to make sure repository, bugs, etc. are all well-formed

For all of these, we should use jq or just make it a JS script that parses the JSON, rather than doing naïve regex matching.

Actual Results

😢

Environment

  • Operating System:
  • Ethereum client:
  • Truffle version (truffle version): 5.7.9
  • node version (node --version):
  • npm version (npm --version):

gnidan avatar Mar 10 '23 01:03 gnidan

Yikes! I wonder how compile-common got published, and listed public without publishConfig overrides.

Some notes for you, @cliffoo.

for pkg in `ls packages`; do 
  jq -e 'has("publishConfig")' ./packages/$pkg/package.json > /dev/null || echo "./packages/$pkg/package.json is missing publishConfig"
done
./packages/compile-common/package.json is missing publishConfig
./packages/compile-solidity-tests/package.json is missing publishConfig
./packages/contract-tests/package.json is missing publishConfig
./packages/dashboard-message-bus-e2e-test/package.json is missing publishConfig

cds-amal avatar Mar 10 '23 03:03 cds-amal

Whoa that is really confusing. Why does compile-common work?!

gnidan avatar Mar 10 '23 03:03 gnidan

Whoa that is really confusing. Why does compile-common work?!

Quite the mystery! Likely the original publisher used a command line flag or some other voodoo ¯\_(ツ)_/¯. Subsequent releases would use the established access value, if missing from the package.json. Well, that's how I interpret the docs.

cds-amal avatar Mar 10 '23 03:03 cds-amal