Fix constraints and update yarn lock at the end of release process

[cryptodev-2s]

Description

In our current release process, we often encounter issues with dependency constraints, outdated yarn.lock files, and duplicated dependencies. These issues can lead to inconsistencies in our release process. Additionally, these steps are frequently needed whenever we release our packages, making the process cumbersome and error-prone.

Solution

This PR adds a new step to our release tool to streamline and automate the process. This step will:

1. Fix Constraints: Ensure that all package versions adhere to the specified constraints,-.
2. Update the Yarn Lockfile: Refresh the yarn.lock file to include the latest dependency resolutions..
3. Deduplicate Dependencies: Remove duplicate dependencies to streamline the dependency tree, which helps in reducing the overall package size and avoiding multiple versions of the same dependency.

Implementation Details

• Constraint Fixing: Introduces a command to enforce and fix version constraints for dependencies.
• Yarn Lockfile Update: Runs yarn install to regenerate the yarn.lock file with the latest dependency resolutions.
• Dependency Deduplication: Utilizes the yarn deduplicate command to clean up duplicated dependencies in the lockfile.
• Release Tool Update: Integrates these steps into our release tool to automate the process, making it more fluid and less error-prone.

[kanthesha]

The tests are failing!

    @scope/d does not seem to have a changelog. Skipping.
    Error: Command failed with exit code 1: yarn constraints --fix
    Internal Error: @scope/monorepo@workspace:.: This package doesn't seem to be present in your lockfile; run "yarn install" to update the lockfile

And in the local as well.

  ● create-release-branch (functional) › against a monorepo with independent versions › does not update the changelogs of any packages that have been tagged with intentionally-skip

    Command failed with exit code 1: /Users/dck/Workspace/metamask/create-release-branch/node_modules/.bin/tsx /Users/dck/Workspace/metamask/create-release-branch/src/cli.ts --project-directory /var/folders/25/ryczmnrj08g0xdlfv3h5jlpw0000gn/T/create-release-branch-tests/wDg3SIGTUwN_Cn8M5rJCZ/local-repo --temp-directory /var/folders/25/ryczmnrj08g0xdlfv3h5jlpw0000gn/T/create-release-branch-tests/wDg3SIGTUwN_Cn8M5rJCZ/local-repo/tmp
    Error: Command failed with exit code 1: yarn constraints --fix
error Command "constraints" not found.

[cryptodev-2s]

@kanthesha yes the functional test are failing. In the current testing configuration I need to add a constraints file, currently working on it.

[kanthesha]

Overall LGTM. I have made some minor suggestions.

[kanthesha]

LGTM.

[mcmire]

Is there a functional test we can add to confirm that the workflow bug we are trying to solve is fixed?

[mcmire]

Hmm... this constraints file doesn't really check anything I don't think? I believe that Yarn looks for certain predicates to exist. Perhaps this just file just needs to be present?

[cryptodev-2s]

It checks that each package has a name and a version field.
it's required for the constraints fix otherwise it throws This package doesn't seem to be present in your lockfile; run "yarn install" to update the lockfile

[mcmire]

That's a strange error when the constraints file doesn't exist. I would have expected something like "constraints.pro not found".

I just tried removing these lines and running the tests and they don't seem to fail with the error you describe 🤔

[cryptodev-2s]

we can remove the constraints file only the plugin installation is required (the error I sent earlier was related to the plugin installation removal), but don't we want to test that constraints check really works as this constraints at least checks that each package has a version and name, we can add more checks ? in this case we can also make this testing in a separate scenario as you proposed later (sorry I just saw the other comment)

[mcmire]

Also can we update the PR description to describe the problem that we are solving here and how the changes solve that problem instead of just describing the changes? That would help us understand the context behind this PR in the future.

[cryptodev-2s]

Also can we update the PR description to describe the problem that we are solving here and how the changes solve that problem instead of just describing the changes? That would help us understand the context behind this PR in the future.

I updated the description

[mcmire]

That's a strange error when the constraints file doesn't exist. I would have expected something like "constraints.pro not found".

I just tried removing these lines and running the tests and they don't seem to fail with the error you describe 🤔

[mcmire]

Just repeating my comment above about adding a functional test here. I think the problem that running yarn was intended to solve was so that the release PR wouldn't fail CI. CI runs yarn --immutable and then it runs yarn constraints as a part of the lint step, so it seems like we ought to have a test that runs the tool, then runs yarn --immutable, then yarn constraints and expects both of these commands to return an exit code of 0. This way we can be sure that we've solved the original problem. Is this possible to add?

[mcmire]

Sorry for the long delay in reviewing this. Looks good to me.

[mcmire]

create-release-branch runs yarn constraints --fix and doesn't care what the constraints are exactly. So it isn't necessary the case that create-release-branch always updates dependencies like this — it really depends on what the project's constraints file does (a project may have different constraints, in theory). That said, I'm okay with using this test name since it points to why we decided to add yarn constraints --fix in the first place. If we ever want to run constraints for a different reason we may have to adjust this test name to be more accurate, but I don't anticipate that happening any time soon.