From 305a175259f71fadf546144b48ade40816af9faa Mon Sep 17 00:00:00 2001 From: Maciej <100693724+m-kusnierz@users.noreply.github.com> Date: Mon, 2 Oct 2023 13:24:45 +0200 Subject: [PATCH] Use npm ci as default way of installing dependencies (#19) * Use npm ci as default way of installing dependencies * detect outdated lockfile * comment for updated lockfile * fail if package-lock.json cannot be committed * Comment for Check outdated lockfile step --- npm-install/action.yml | 49 +++++++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/npm-install/action.yml b/npm-install/action.yml index 3bc01dc..855bbc3 100644 --- a/npm-install/action.yml +++ b/npm-install/action.yml @@ -17,7 +17,7 @@ inputs: npm-ci-install: description: 'Run npm ci instead of npm i' required: false - default: 'false' + default: 'true' skip-package-lock-commit: description: 'Set to true to skip committing package-lock.json' required: false @@ -94,45 +94,70 @@ runs: with: key: ${{ inputs.gh-ssh-private-key }} known_hosts: ${{ inputs.gh-ssh-known-hosts }} + + # Updates by Bob should always run `npm install` - name: NPM Install - if: inputs.npm-ci-install == 'false' && steps.cache-node-modules.outputs.cache-hit != 'true' + if: (github.actor == 'bobhammer' || inputs.npm-ci-install == 'false') && steps.cache-node-modules.outputs.cache-hit != 'true' run: npm install ${{ inputs.npm-command-flags }} shell: bash + # Updates from other users should run `npm ci` unless `npm-ci-install` has been set to false - name: NPM CI - if: inputs.npm-ci-install == 'true' && steps.cache-node-modules.outputs.cache-hit != 'true' + if: github.actor != 'bobhammer' && inputs.npm-ci-install == 'true' && steps.cache-node-modules.outputs.cache-hit != 'true' run: npm ci ${{ inputs.npm-command-flags }} shell: bash - name: Print debug logs if: ${{ failure() }} run: cat ~/.npm/_logs/* shell: bash + + # `npm ci` fails if package-lock.json file had been not committed after updating package.json + # This step looks for such error in logs from `npm ci` so later we can add a comment regarding this to PR + - name: Check outdated lockfile + id: outdated-lockfile + if: ${{ failure() }} + run: echo "outdated-lockfile=$(grep 'Please update your lock file with' ~/.npm/_logs/*debug*.log | wc -l)" >> $GITHUB_OUTPUT + shell: bash + - name: NPM postinstall script - if: steps.determine-node-npm-version.outputs.npm-postinstall != '' && steps.cache-node-modules.outputs.cache-hit == 'true' + if: inputs.npm-ci-install == 'false' && steps.determine-node-npm-version.outputs.npm-postinstall != '' && steps.cache-node-modules.outputs.cache-hit == 'true' run: npm run postinstall shell: bash - # Update package-lock.json as artifact if someone forgot to push it + # Update package-lock.json after `npm install` - name: Check if package-lock.json has updates id: package-lock-status run: echo "package-changed=$(git status | grep package-lock.json | wc -l)" >> $GITHUB_OUTPUT shell: bash - - if: ${{ steps.package-lock-status.outputs.package-changed == '1' && inputs.gh-ssh-private-key != '' && github.ref_protected != true && github.actor != 'dependabot[bot]' && contains(github.event.pull_request.title, '-texts') }} + # Commit package-lock.json if it has been updated (only for Bob's PRs) AND SSH key was provided (so PR checks can be triggered again) + - if: ${{ steps.package-lock-status.outputs.package-changed == '1' && inputs.gh-ssh-private-key != '' && github.ref_protected != true && github.actor == 'bobhammer' }} uses: stefanzweifel/git-auto-commit-action@v4 with: commit_message: Updated package-lock.json file_pattern: "package-lock.json" disable_globbing: true - - if: ${{ github.event.number != '' && steps.package-lock-status.outputs.package-changed == '1' && inputs.gh-ssh-private-key == '' && github.ref_protected != true && github.actor != 'dependabot[bot]' && !contains(github.event.pull_request.title, '-texts') }} - name: Comment outdated package-lock.json + # Comment regarding updated lockfile when SSH key is not provided + - if: ${{ steps.package-lock-status.outputs.package-changed == '1' && inputs.gh-ssh-private-key == '' && github.ref_protected != true && github.actor == 'bobhammer' }} + name: Comment updated package-lock.json uses: peter-evans/create-or-update-comment@v2 with: issue-number: ${{ github.event.number }} body: | - `package-lock.json` seems to be not in sync with `package.json`. - Please commit updated `package-lock.json` file (otherwise deployment might fail). + `package-lock.json` has been updated in recent CI workflow run, but cannot be committed because of missing SSH key. + Please run `npm install` and commit updated `package-lock.json` file or provide SSH key in CI workflow as `gh-ssh-private-key`. - - if: ${{ steps.package-lock-status.outputs.package-changed == '1' && github.ref_protected == true }} - run: echo "package-lock.json has been updated in this run, but changes cannot be pushed to protected branch" + - if: ${{ steps.package-lock-status.outputs.package-changed == '1' && inputs.gh-ssh-private-key == '' && github.ref_protected != true && github.actor == 'bobhammer' }} + name: Fail because of outdated package-lock.json + run: exit 1 shell: bash + + # Comment regarding outdated lockfile + - if: ${{ always() && github.event.number != '' && steps.outdated-lockfile.outputs.outdated-lockfile != '0' && github.actor != 'bobhammer' }} + name: Comment outdated package-lock.json + uses: peter-evans/create-or-update-comment@v2 + with: + issue-number: ${{ github.event.number }} + body: | + `package-lock.json` is not in sync with `package.json`. + Please commit updated `package-lock.json` file (otherwise deployment will fail).