chore: version check rejects non-monorepo package.jsons#19033
Merged
mergify[bot] merged 2 commits intomasterfrom Feb 18, 2022
Merged
chore: version check rejects non-monorepo package.jsons#19033mergify[bot] merged 2 commits intomasterfrom
mergify[bot] merged 2 commits intomasterfrom
Conversation
Because of the following confluence of historical decisions: - Our `package.json`s are the source of truth for all our packages - We want to minimize merge conflicts and we want to be able to tell when we are doing a development build. We have a mechanism called `align-versions` that is going to update the version `0.0.0` in all package jsons to `1.144.0` (or whatever the current version number is) just prior to doing the build. It will look in the Lerna/Yarn workspace config to find all package.jsons to replace. Afterwards, to make sure, a grep on *ALL* package.jsons makes sure there are no stray `0.0.0`s left anywhere in the repo. We recently added another `package.json` to help Dependabot do version checks on packages we use in our repository: that new `package.json` was NOT aligned (because it's not a monorepo package itself), so it would stay at `0.0.0` and the integrity check would fail the build. Update the integrity check to stop considering packages that have been marked as `private: true`. Those won't be published to NPM anyway, and so it also doesn't matter what their version number is.
|
|
RomainMuller
approved these changes
Feb 18, 2022
Contributor
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Collaborator
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Contributor
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
TikiTDO
pushed a commit
to TikiTDO/aws-cdk
that referenced
this pull request
Feb 21, 2022
Because of the following confluence of historical decisions: - Our `package.json`s are the source of truth for all our packages - We want to minimize merge conflicts and we want to be able to tell when we are doing a development build. We have a mechanism called `align-versions` that is going to update the version `0.0.0` in all package jsons to `1.144.0` (or whatever the current version number is) just prior to doing the build. It will look in the Lerna/Yarn workspace config to find all package.jsons to replace. Afterwards, to make sure, a grep on *ALL* package.jsons makes sure there are no stray `0.0.0`s left anywhere in the repo. We recently added another `package.json` to help Dependabot do version checks on packages we use in our repository: that new `package.json` was NOT aligned (because it's not a monorepo package itself), so it would stay at `0.0.0` and the integrity check would fail the build. Update the integrity check to stop considering packages that have been marked as `private: true`. Those won't be published to NPM anyway, and so it also doesn't matter what their version number is. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Because of the following confluence of historical decisions:
package.jsons are the source of truth for all our packagestell when we are doing a development build.
We have a mechanism called
align-versionsthat is going to updatethe version
0.0.0in all package jsons to1.144.0(or whateverthe current version number is) just prior to doing the build.
It will look in the Lerna/Yarn workspace config to find all
package.jsons to replace.
Afterwards, to make sure, a grep on ALL package.jsons makes
sure there are no stray
0.0.0s left anywhere in the repo.We recently added another
package.jsonto help Dependabotdo version checks on packages we use in our repository: that new
package.jsonwas NOT aligned (because it's not a monorepopackage itself), so it would stay at
0.0.0and the integritycheck would fail the build.
Update the integrity check to stop considering packages that
have been marked as
private: true. Those won't be published toNPM anyway, and so it also doesn't matter what their version number is.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license