feat(npm): support pnpm catalogs #33376
Conversation
|
Ah, I noticed now in my test repo that the lockfile does not get updated after a standalone catalog dependency upgrade. I missed that codepath when trying to keep the functionality minimal. I'll add it to my todo 🗒️ Update: this has since been fixed 🎉 |
|
@secustor and @viceice, apologies for the ping, do you have any pointers for the open questions here? If you think the PR is not in a reviewable state, I'm happy to implement with my gut feeling and re-request a review later down the line. I'm asking because I don't want to waste your time if something ends up being unworkable or unidiomatic, but I also don't want this to be stuck in limbo 😌 |
|
we usually don't review draft PRs, will try to have a look tomorrow |
There was a problem hiding this comment.
I had it on my plate, but haven't come around to finish it.
Open question 1: ways of picking up pnpm-workspace.yaml for extraction
pnpm-workspace.yaml should be part of fileMatch.
The expectation is that users will have use cases which deviating filenames e.g. because they are overwriting this name in a config.
Ideally we detect the fact that it is a workspace file via schema or other marker and are not relying on it. That way we are not bound to the filename and it "magically" works.
Open question 2: depType and allowing granular updates to named catalogs
Having pnpm.catalog.foo is preferable as with string pattern matching users can match all catalogs if needed.
Can you add an example of this in the readme.md that way it will show up in the manager docs.
|
@secuster can't we discover the pnpm-workspace.yaml file automatically instead of needing it in fileMatch? |
If we are fine with only supporting this file name, we can drop it out of fileMatch. |
|
Ideally the name should be referenced from package.json. If not, I agree that we need to support it in fileMatch, but it's undesirable |
| packageFile.path.endsWith('package.json') || | ||
| packageFile.path.endsWith('pnpm-workspace.yaml') |
There was a problem hiding this comment.
The hardcoding here tripped me up, I kept not seeing the lockfiles changing 😅 Does this not beat some of the point of allowing pnpm-workspace.yaml (and package.json) being renamed via fileMatch? I wonder what the original context for the check was.
There was a problem hiding this comment.
K, I think this will lead to too much changes in this PR. :/
Let's support pnpm-workspace.yaml and then support more names as needed.
There was a problem hiding this comment.
Yeah, it turned out to be a bit complicated indeed 😅 Would you rather I keep pnpm-workspace.yaml in fileMatch still? It probably does not hurt to keep it there, just to avoid any more changes, but I'm happy to remove it as well.
|
Thank you all kindly for your earler reviews! They helped clarify the direction quite a bit. I've made relevant changes now, tidied up the tests, implemented lockfile updating and locked version detection, and the coverage should be ok too. I'll put this up for a review now. Let me know if you spot anything that can be improved, and I'll get to it 🔧 |
lib/modules/manager/npm/__fixtures__/lockfile-parsing/pnpm-lock-v9.yaml
Outdated
Show resolved
Hide resolved
| packageFile.path.endsWith('package.json') || | ||
| packageFile.path.endsWith('pnpm-workspace.yaml') |
There was a problem hiding this comment.
K, I think this will lead to too much changes in this PR. :/
Let's support pnpm-workspace.yaml and then support more names as needed.
Now that we use the CST for substitutions, we can accept inputs that do not end in newlines. Even though that is not per the yaml spec, it does mean that we leave any source files formatting intact.
It turns out that including managerData in one of the extraction deps,
would cause the top-level (packageFile) managerData to be overwritten
for the corresponding upgrade. In practice, this meant that
{managerData: {pnpmShrinkWrap: ''}} was not found, and no lockfile
update was triggered.
Adding pnpm-workspace.yaml to the default matchFiles means that a few of the assertions were failing.
…ockfile This ensures that the lockfile update command will see the updated workspace file, and will update correctly. There was a hardcoded package.json check, that was previously precluding that.
Co-authored-by: Sebastian Poxhofer <secustor@users.noreply.github.com>
This required a few more changes in the rest of the file, in order to mock fs and use the utils consistently.
This introduces a tryParsePnpmWorkspaceYaml function, which parses a string as YAML, and validates it via a schema, returning the result, and whether parsing succeeded. This allows the npm manager extraction call-site to only parse the content once, and pass on the parsed contents (if any) for extraction.
Previously, this was being tested _incidentally_, due to not mocking the filesystem calls.
fpapado
force-pushed
the
feat/30079-support-pnpm-catalogs
branch
from
33b479c to
a0316a3
Compare
Changes
This PR adds support for pnpm catalogs, extracting dependencies from / updating dependencies in
pnpm-workspace.yamlfiles.I took @rarkins' suggestion in #30079 (comment), and added this as part of the
npmmanager. I tried to keep the functionality contained inpnpmfiles inside the relevant modules, to make it easier to split out in the future, if needed.I took care of the following things:
pnpm-workspace.yamlfiles are picked up by default; their dependencies are extracted, and any updates are appliedpnpm-workspace.yamlfiles can be renamed and specified infileMatch. Thenpmmanager tries to parse a workspace YAML file first, before falling back to pakcage.json-like parsing.pnpmShrinkwrapfile gets picked up, to use for updating. I believe I implemented that correctly, but I might have missed something.These questions have been resolved; I leave the text here for posterity
Open question 1: ways of picking up
pnpm-workspace.yamlfor extractionI have placed
pnpm-workspace.yamlin thefileMatchdefaultConfig of the npm manager, and added an extra branch toextractAllPackageFiles.An alternative would be to do this work in
postExtract, by looking up sibling/parentpnpm-workspace.yamlfile, and doing similar processing. This avoids the need for changing the config, but might have downsides that I cannot think of. What do you think?Open question 2:
depTypeand allowing granular updates to named catalogsIn the current version, I gave catalog-related upgrades a
depTypeofpnpm.catalog, just for namespacing. However, I am wondering whether we could go more granular with this, such aspnpm.catalog.<catalogName>One of the pnpm examples for catalogs, is allowing incremental updates, by defining named catalogs:
In such a scenario, I imagine users wanting to keep react 17 and 18 each in their range (allowing for bugfixes), without bumping the major. To do that, we would need to expose the catalog name to the user for matching, such as
{matchDepTypes: ['pnpm.catalog.react17']}.Have you had similar scenarios in the past? I noticed that
pnpm.overrideskind of works like this, when using thepkg-a>pkg-bsyntax (reference, example), but based on the depName. This could probably be done in a follow-up PR, but it's good to think about 💭Context
Closes #30079
pnpm catalogs are described in the pnpm docs
This is my first Renovate contribution, I'm open to any and all ideas 😊
Documentation (please check one with an [x])
I made a small documentation addition for the readme.md of the npm manager, in order to mention
pnpm.catalogs.<name>as adepType.How I've tested my work (please select one)
I have verified these changes via:
I added unit tests for the extraction and updates, the latter being a similar set to the
package.jsonupdate tests. I will double-check the code coverage on CI, I think I missed something when running coverage locally.I did a fair bit of repository testing at /~https://github.com/fpapado/renovate-testing-catalogs/pulls, to understand how the npm extraction/update phases work for
package.jsonfiles.