berry icon indicating copy to clipboard operation
berry copied to clipboard

Published 20 hours ago verified publisher icon yarnpkg

feat(essentials)!: In a zero-install CI environment, `--check-cache` or `--no-check-cache` needs to be explicitly defined

Open jj811208 opened this issue 2 years ago • 1 comments

What's the problem this PR addresses?

Related https://github.com/yarnpkg/berry/issues/3591

This addresses the task:

Make Yarn detect whether it's running inside a public repository (GitHub Actions) and, if it is AND the repository uses zero-installs, exit and recommend adding either --check-cache or --no-check-cache.

Some Thoughts:

  • All CI environments require users to explicitly use --check-cache or --no-check-cache ~~1. I checked github action document and ci-info package but I didn't get any help to determine if the current environment is a public repository.~~ 2. I think this is very worthwhile to use in any CI (including private repositories)

  • Not sure how to accurately determine if zero-install mode is enabled

    I checked zero-install's documentation and read the related code, but I can't seem to tell if zero-install is enabled or not.
    So, finally, I assume that the following conditions are met, representing that the zero-install mode is on 1. in a CI environment 2. pnp strict mode is enabled 3. the .yarn/cache directory existed before the install command execute.

  • I can't fix the netlify deployment error, if I'm going in the right direction, we should add --no-check-cache on that side

...

How did you fix it?

  1. If the install command is in a CI environment and zero-install mode is enabled, but not explicitly defined --check-cache or --no-check-cache, throws an error https://github.com/yarnpkg/berry/pull/4857/commits/d43d1379f212b217cc00a1c533f0ff9b28f444cc
  2. Add a test about the feature https://github.com/yarnpkg/berry/pull/4857/commits/a9933f226e9ab4cf50161b4fda5cafc9d794cb58
  3. Avoid all about yarn install tests to concerns this https://github.com/yarnpkg/berry/pull/4857/commits/68d2392c40cfc2fc94d59a89ced2b7cc82664bcc https://github.com/yarnpkg/berry/pull/4857/commits/0fb04d3f08929cc9ae99cb4d7c46ba9ebce3ec3e

...

Checklist

  • [x] I have set the packages that need to be released for my changes to be effective.
  • [x] I will check that all automated PR checks pass before the PR gets reviewed.

jj811208 avatar Sep 17 '22 15:09 jj811208

I found out how to get whether the project is a github public repository in Configuration.ts#L29-L31

but I want to know why we only focus on these

  1. only for Github repository
  2. only for public repository
  3. only for Github actions

I think making all CI environments explicitly define --check-cache or --no-check-cache ensures that users understand the security implications of zero-install is quite meaningful

I like yarn, but I am new at this project, maybe I missed something.

jj811208 avatar Sep 17 '22 19:09 jj811208