-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Fix attribution generation #28415
Conversation
de62355
to
15335e6
Compare
@@ -38,7 +45,9 @@ main() { | |||
|
|||
# Check if the script is running in a CI environment (GitHub Actions sets the CI variable to true) | |||
if [ -z "${CI:-}" ]; then | |||
# If not running in CI, restore development dependencies | |||
# If not running in CI, restore the allow-scripts plugin and development dependencies. | |||
cd "${PROJECT_DIRECTORY}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Previously the attempt to re-install development dependencies was also failing, because yarn
was run in the wrong directory. This is now fixed as well.
Fix the `attribution:generate` command by ensuring that it is possible to install just production dependencies. Previously the command `yarn workspaces focus --production` (used to discard development dependencies, keeping just production dependencies installed) would fail because `rimraf` was not found. `rimraf` was a development dependency used in the `postinstall` script. This was resolved by replacing `rimraf` with a Node.js script that does the same thing without needing any dependency. Once that failure was resolved, another was revealed. The `allow-scripts` step of the installation began failing because there was a package detected that had an install script that was missing from our configuration. This package was in our configuration already, but the `allow-scripts` configuration is sensitive to changes in the directory structure of `node_modules`, and that structure changed due to differences in which packages were hoisted in the production-only install. That failure was resolved by updating `generate-attributions.sh` to remove the `allow-scripts` plugin while generating attributions. We don't need `postinstall` scripts to run in order to read licences from disk. Fixes #28412
15335e6
to
e7c16f9
Compare
@metamaskbot update-policies |
Policies updated. 🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff |
Builds ready [838989e]
Page Load Metrics (2019 ± 103 ms)
Bundle size diffs
|
Description
Fix the
attribution:generate
command by ensuring that it is possible to install just production dependencies.Previously the command
yarn workspaces focus --production
(used to discard development dependencies, keeping just production dependencies installed) would fail becauserimraf
was not found.rimraf
was a development dependency used in thepostinstall
script. This was resolved by replacingrimraf
with a Node.js script that does the same thing without needing any dependency.Once that failure was resolved, another was revealed. The
allow-scripts
step of the installation began failing because there was a package detected that had an install script that was missing from our configuration. This package was in our configuration already, but theallow-scripts
configuration is sensitive to changes in the directory structure ofnode_modules
, and that structure changed due to differences in which packages were hoisted in the production-only install.That failure was resolved by updating
generate-attributions.sh
to remove theallow-scripts
plugin while generating attributions. We don't needpostinstall
scripts to run in order to read licences from disk.Related issues
Fixes #28412
Manual testing steps
yarn attributions:generate
, and see that it completes successfullyallow-scripts
plugin and development dependenciesCI=true
(e.g.CI=true yarn attributions:generate
), it will skip the step of re-installing theallow-scripts
plugin and development dependencies. This is what would happen on CI, where the environment gets discarded after this is run so there is no point in re-installing things.Screenshots/Recordings
N/A
Pre-merge author checklist
Pre-merge reviewer checklist