New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(core): auto-update vendored lockdown.umd.js #1078
Conversation
This changes the `lint-staged` configuration so that when `package-lock.json` is updated, the vendored `packages/core/lib/lockdown.umd.js` is copied from the currently-installed `ses` and added to the commit. I'm not sure if this is something we want to be doing or not, but needing to run the `lib:ses` script in `lavamoat-core` after a `ses` upgrade is non-obvious for maintainers (me).
@@ -29,7 +29,7 @@ | |||
"!*.tsbuildinfo" | |||
], | |||
"scripts": { | |||
"lib:ses": "cp ../../node_modules/ses/dist/lockdown.umd.js ./lib/lockdown.umd.js", | |||
"lib:ses": "cp ../../node_modules/ses/dist/lockdown.umd.js ./lib/lockdown.umd.js && git add -A ./lib/lockdown.umd.js", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"lib:ses": "cp ../../node_modules/ses/dist/lockdown.umd.js ./lib/lockdown.umd.js && git add -A ./lib/lockdown.umd.js", | |
"lib:ses": "cp ../../node_modules/ses/dist/lockdown.umd.js ./lib/lockdown.umd.js", |
I think the package scripts like this shouldn't be modifying the local git environment, any drawback to moving it into the lint-script?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure (I had it this way originally but changed it for reasons that escape me)
// @ts-check | ||
|
||
/** @type {import('lint-staged').Config} */ | ||
module.exports = { | ||
'*.js': ['eslint --fix', 'prettier --write'], | ||
'*.(ts|md|ya?ml|json)': ['prettier --write'], | ||
'!((package-lock|policy)*).json': ['prettier --write'], | ||
'package-lock.json': () => ['npm run -w lavamoat-core lib:ses'], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'package-lock.json': () => ['npm run -w lavamoat-core lib:ses'], | |
'package-lock.json': () => ['npm run -w lavamoat-core lib:ses && git add -A ./packages/core/lib/lockdown.umd.js'], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the package scripts like this shouldn't be modifying the local git environment, any drawback to moving it into the lint-script?
IMO a more proper solution would be to not have a copy checked into git at all - just vendor a copy from the package Other than or until that, maybe giving a more helpful error message to the failing test here would also solve most of the need here, without additional magic in commit hooks? |
Yeah, I mean, why do we vendor |
Closing in lieu of a PR which removes it |
This changes the
lint-staged
configuration so that whenpackage-lock.json
is updated, the vendoredpackages/core/lib/lockdown.umd.js
is copied from the currently-installedses
and added to the commit.I'm not sure if this is something we want to be doing or not, but needing to run the
lib:ses
script inlavamoat-core
after ases
upgrade is non-obvious for maintainers (me).