Skip to content

Commit

Permalink
migrate to pnpm and fix CVE for ip transitive dependency (#419)
Browse files Browse the repository at this point in the history 
* fix CVE for ip transitive dependency
* migrate to pnpm
* Update CONTRIBUTING.md
* Fix ordering of clean script
* Consistent use of quotation marks in GH workflows
* Add version comments to pinned GH workflow actions

---------

Signed-off-by: Frank Hinek <[email protected]>
Co-authored-by: Frank Hinek <[email protected]>
  • Loading branch information
@shamilovtim @frankhinek
shamilovtim and frankhinek authored Feb 23, 2024
1 parent f831621 commit 2b90468
Show file tree
Hide file tree
Showing 35 changed files with 9,235 additions and 17,965 deletions.
6 changes: 3 additions & 3 deletions .codesandbox/tasks.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
"setupTasks": [
{
"name": "Installing Dependencies",
"command": "npm install"
"command": "pnpm install"
}
],
"tasks": {
"dev": {
"name": "Build Web5 SDK",
"command": "npm run build",
"command": "pnpm build",
"runAtStart": true,
"restartOn": {
"files": [
Expand All @@ -19,7 +19,7 @@
},
"tests": {
"name": "Run tests",
"command": "npm run test:node --ws"
"command": "pnpm --recursive --stream test:node"
}
}
}
14 changes: 9 additions & 5 deletions .github/workflows/alpha-npm.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,22 +27,26 @@ jobs:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1

- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 8

- name: Set up Node.js
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0
with:
node-version: 18
registry-url: https://registry.npmjs.org/
cache: "npm"
cache: 'pnpm'

# Note - this is not required but it gives a clean failure prior to attempting a release if
# the GH workflow runner is not authenticated with NPMjs.com
- name: Verify NPM token is authenticated with NPMjs.com
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
run: npm whoami
run: pnpm whoami

- name: Install dependencies
run: npm ci
run: pnpm install --frozen-lockfile

- name: Generate alpha prerelease and bump package.json @web5/* versions
env:
Expand All @@ -55,15 +59,15 @@ jobs:
shell: bash

- name: Build all workspace packages
run: npm run build
run: pnpm --recursive --stream build

- name: Publish selected @web5/* packages
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
run: |
for package in $PACKAGES; do
cd packages/$package
npm publish --tag alpha --no-git-tag-version --access public --provenance
pnpm publish --tag alpha --no-git-tag-version --access public --provenance
cd ../..
done
shell: bash
10 changes: 7 additions & 3 deletions .github/workflows/docs-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,22 @@ jobs:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1

- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 8

- name: Set up Node.js
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0
with:
node-version: 18
registry-url: https://registry.npmjs.org/
cache: "npm"
cache: 'pnpm'

- name: Install dependencies
run: npm ci
run: pnpm install --frozen-lockfile

- name: Build all workspace packages
run: npm run build
run: pnpm --recursive --stream build

- name: TBDocs Reporter
id: tbdocs-reporter-protocol
Expand Down
20 changes: 12 additions & 8 deletions .github/workflows/docs-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ on:
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
group: pages
cancel-in-progress: false

jobs:
Expand All @@ -28,19 +28,23 @@ jobs:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1

- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 8

- name: Set up Node.js
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0
with:
node-version: 18
registry-url: https://registry.npmjs.org/
cache: "npm"
cache: 'pnpm'

- name: Install dependencies
run: |
npm ci
pnpm install --frozen-lockfile
- name: Build all workspace packages
run: npm run build
run: pnpm --recursive --stream build

- name: TBDocs Reporter
id: tbdocs-reporter-protocol
Expand Down Expand Up @@ -99,19 +103,19 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1

- name: Setup Pages
uses: actions/configure-pages@v3
uses: actions/configure-pages@b8130d9ab958b325bbde9786d62f2c97a9885a0e #v3.0.7

- name: Download TBDocs Artifacts
uses: actions/download-artifact@v3
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a #v3.0.2
with:
name: tbdocs-output
path: ./tbdocs

- name: Upload artifact
uses: actions/upload-pages-artifact@v1
uses: actions/upload-pages-artifact@84bb4cd4b733d5c320c9c9cfbc354937524f4d64 #v1.0.10
with:
path: "./tbdocs/docs"

- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v2
uses: actions/deploy-pages@de14547edc9944350dc0481aa5b7afb08e75f254 #v2.0.5
16 changes: 10 additions & 6 deletions .github/workflows/release-npm.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,21 +40,25 @@ jobs:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1

- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 8

- name: Set up Node.js
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0
with:
node-version: 18
registry-url: https://registry.npmjs.org/
cache: "npm"
cache: 'pnpm'

- name: Install semver utility
run: npm install -g [email protected]
run: pnpm install -g [email protected]

# Note - this is not required but it gives a clean failure prior to attempting a release if the GH workflow runner is not authenticated with NPMjs.com
- name: Verify NPM token is authenticated with NPMjs.com
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
run: npm whoami
run: pnpm whoami

- name: Check if GitHub repo package version is latest
env:
Expand Down Expand Up @@ -84,17 +88,17 @@ jobs:

- name: Install dependencies
if: env.IS_LATEST == 'true'
run: npm ci
run: pnpm ci

- name: Build all workspace packages
if: env.IS_LATEST == 'true'
run: npm run build
run: pnpm build

- name: Publish @web5/${{ matrix.package }}@${{ env.REPO_VERSION }}
if: env.IS_LATEST == 'true'
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
run: |
cd packages/${{ matrix.package }}
npm publish --access public --provenance
pnpm publish --access public --provenance
shell: bash
46 changes: 29 additions & 17 deletions .github/workflows/tests-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,18 @@ jobs:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1

- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 8

- name: Set up Node.js
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0
with:
node-version: 18
cache: "npm"
cache: 'pnpm'

- name: Report known vulnerabilities
run: npm audit
run: pnpm audit

test-with-node:
runs-on: ubuntu-latest
Expand All @@ -34,30 +38,34 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
with:
submodules: true

- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 8

- name: Set up Node.js
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0
with:
node-version: 18
registry-url: https://registry.npmjs.org/
cache: "npm"
cache: 'pnpm'

- name: Install dependencies
run: npm ci
run: pnpm install --frozen-lockfile

- name: Build all workspace packages
run: npm run build:esm --ws && npm run build:cjs --ws
run: pnpm --recursive --stream build:esm && pnpm --recursive --stream build:cjs

- name: Run linter for all packages
run: npm run lint --ws
run: pnpm --recursive --stream lint

- name: Run dwn-server (background)
run: |
node node_modules/@web5/dwn-server/dist/esm/src/main.js &
echo "DWN_SERVER_BACKGROUND_PROCESS=$!" >> $GITHUB_ENV
- name: Run tests for all packages
run: npm run test:node --ws -- --color --reporter mocha-junit-reporter --reporter-options mochaFile=./results.xml
run: pnpm --recursive --no-stream --sequential test:node -- --color --reporter mocha-junit-reporter --reporter-options mochaFile=./results.xml
env:
TEST_DWN_URL: http://localhost:3000

Expand Down Expand Up @@ -107,31 +115,35 @@ jobs:
matrix:
include:
- group: "A"
packages: "--workspace packages/agent"
packages: "--filter agent"
- group: "B"
packages: "--workspace packages/credentials --workspace packages/crypto --workspace packages/dids --workspace packages/proxy-agent --workspace packages/identity-agent --workspace packages/user-agent"
packages: "--filter credentials --filter crypto --filter dids --filter proxy-agent --filter identity-agent --filter user-agent"
- group: "C"
packages: "--workspace packages/api --workspace packages/common"
packages: "--filter api --filter common"
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
with:
submodules: true

- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 8

- name: Set up Node.js
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0
with:
node-version: 18
registry-url: https://registry.npmjs.org/
cache: "npm"
cache: 'pnpm'

- name: Install dependencies
run: npm ci
run: pnpm install --frozen-lockfile

- name: Get Playwright Version (for cache)
id: get-playwright-version
run: |
PLAYWRIGHT_VERSION=$(npm ls @playwright/test --workspace=./packages/api | grep '@playwright/test' | awk 'NR==1{print $2}')
PLAYWRIGHT_VERSION=$(pnpm --filter dids ls @playwright/test | grep '@playwright/test' | awk 'NR==1{print $2}')
echo "Playwright Version: $PLAYWRIGHT_VERSION"
echo "PLAYWRIGHT_VERSION=$PLAYWRIGHT_VERSION" >> $GITHUB_ENV
Expand All @@ -144,21 +156,21 @@ jobs:

- name: Install Playwright Browsers (if no cache)
if: steps.cache-playwright-restore.outputs.cache-hit != 'true'
run: npx playwright install --with-deps
run: pnpm --filter dids exec playwright install --with-deps

- name: Build esm
run: npm run build:esm --ws
run: pnpm --recursive --stream build:esm

- name: Build browser for matrix ${{ matrix.group }}
run: npm run build:browser ${{ matrix.packages }}
run: pnpm ${{ matrix.packages }} build:browser

- name: Run dwn-server (background)
run: |
node node_modules/@web5/dwn-server/dist/esm/src/main.js &
echo "DWN_SERVER_BACKGROUND_PROCESS=$!" >> $GITHUB_ENV
- name: Run tests for matrix ${{ matrix.group }}
run: npm run test:browser ${{ matrix.packages }}
run: pnpm ${{ matrix.packages }} --sequential test:browser

- name: Terminate dwn-server
run: kill $DWN_SERVER_BACKGROUND_PROCESS || true
4 changes: 3 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,14 @@ compiled

**/__tests__/
**/__TESTDATA__/
packages/web5-user-agent/src/test-sync-api.ts

# bundle metadata
bundle-metadata.json

### Node ###
# NPM lock file
package-lock.json

# Logs
logs
*.log
Expand Down
2 changes: 1 addition & 1 deletion .vscode/settings.json
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"npm.packageManager": "npm"
"npm.packageManager": "pnpm"
}
Loading

0 comments on commit 2b90468

Please sign in to comment.