MVP of CLI to file PRs with Package Updates #1128
Conversation
There are still a few bugs left to shake out here, but the code is 99% of the way there now. Example PR generated with this command: `yarn run dev github-pr replace-package freeqaz/jira_clone --githubToken <SECRET> --old js-yaml@^3.13.1 --new js-yaml@^3.14.0` freeqaz/jira_clone#2 Bugs left: - [ ] Figure out why packages are marked "extraneous" in the generated lockfile - [ ] Name the folder where these packages are inserted to be the same as the repo (the package-lock gets a new name currently and it's annoying) Items left: - [ ] Call this module from the backend by adding a new Endpoint for it - [ ] Write the front-end changes to call the endpoint - [ ] Write some basic unit tests to test this functionality
|
Neat! Seems like arborist is doing all of the work and youre just lining it up so that it can knock em down. We should have done this a while ago! Piece of cake. Amazing how it seems to support the different lockfile formats without a hitch. Any testing of that? |
There was a problem hiding this comment.
Cool! Amazing! Needs loads of testing, ofc. We have a lot of test fixtures and stuff already in the backend test fixture folder, so you can use the package-lock files from those various fixtures to try it.
If you REALLY want a lot of fixtures, go look at the snyk package tree fixtures. They have like 100 lol, and their tests go through almost every scenario you can imagine. We could port those if needed.
| }); | ||
|
|
||
| // TODO: Figure out why Arborist marks everything as "extraneous" in the generated lockfile. | ||
| const node = await tree.arborist.loadVirtual(); |
There was a problem hiding this comment.
Is this code a duplicate of the above code from replace-package/index?
| const { escapedName, rawSpec } = npa(oldPackage); | ||
|
|
||
| // TODO: Figure out if this works for `git` packages as well. (It probably doesn't and will require a separate code path) | ||
| const nodes = await node.querySelectorAll(`[name=${escapedName}]:semver(${rawSpec})`); |
There was a problem hiding this comment.
We can probably just bail out on git packages or URL packages.
There are still a few bugs left to shake out here, but the code is 99% of the way there now.
Example PR generated with this command:
yarn run dev github-pr replace-package freeqaz/jira_clone --githubToken <SECRET> --old js-yaml@^3.13.1 --new js-yaml@^3.14.0freeqaz/jira_clone#2
Bugs left:
Items left: