Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[lockfile-explorer]Add version validation capability #4712

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

[lockfile-explorer]Add version validation capability #4712

wants to merge 9 commits into from

Conversation

L-Qun
Copy link
Contributor

@L-Qun L-Qun commented May 15, 2024
edited

Summary

Our team currently has a requirement to analyze whether the dependency tree contains multiple versions of a target package, so I have implemented this feature into lockfile-explorer.

Details

In this PR, I have introduced an additional dependency on yargs to parse arguments. At the same time, we have added new commands lockfile-lint and lflint to verify whether the project complies with the rules specified in the lockfile-lint.json file.

image

How it was tested

Manually tested with Rushstack repo locally.

Impacted documentation

@william2958

@L-Qun L-Qun changed the title Add version validation capability [lockfile-explorer]Add version validation capability May 15, 2024
@L-Qun L-Qun changed the title [lockfile-explorer]Add version validation capability [lockfile-explorer]Add version validation capability [WIP] May 15, 2024
@L-Qun L-Qun changed the title [lockfile-explorer]Add version validation capability [WIP] [lockfile-explorer]Add version validation capability May 16, 2024
octogonz
octogonz reviewed May 17, 2024
View reviewed changes
apps/lockfile-explorer/src/commands/check.ts Outdated
import type { Subspace } from '@microsoft/rush-lib/lib/api/Subspace';
import type { RushConfigurationProject } from '@microsoft/rush-lib/lib/api/RushConfigurationProject';
import { FileSystem } from '@rushstack/node-core-library';
import type { CommandModule } from 'yargs';
Copy link
Collaborator

@octogonz octogonz May 17, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a test that makes a Jest snapshot of the CLI help? Otherwise it's difficult for code reviewers to review it.

lockfile-explorer [command]

Commands:
  lockfile-explorer check                   Check if the specified package has a
  <package-specifier>                       inconsistent package versions in
                                            target project
  lockfile-explorer start                   Start the application

Options:
  -h, --help     Show help                                             [boolean]
      --version  Show version number                                   [boolean]

lockfile-explorer check <package-specifier>

Check if the specified package has a inconsistent package versions in target
project

Positionals:
  packageSpecifier  The name of the package and version to check        [string]

Options:
  -h, --help     Show help                                             [boolean]
      --version  Show version number                                   [boolean]
      --project  The name of the project that should be checked         [string]

etc.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done😊

@octogonz
Copy link
Collaborator

octogonz commented May 17, 2024
edited

image

The website will definitely need to be updated to document this CLI

@octogonz
Copy link
Collaborator

Our team currently has a requirement to analyze whether the dependency tree contains multiple versions of a target package, so I have implemented this feature into lockfile-explorer.

@L-Qun This sounds somewhat related to the earlier Design Proposal: Lockfile Lint which @william2958 prototyped in #4094

🤔 Besides checking "Does this project's dependency tree include multiple copies of react?", it's easy to imagine lots of other problems that could be detected with similar "checks."

And the UX has several possible approaches:

  1. Web app: The checks can be performed via commands in the Lockfile Explorer web app
  2. Manually invoked shell command: The checks can be performed by invoking a CLI like lockfile-explorer check
  3. Lockfile Lint: The checks could be defined/customized in JSON config files, and then enforced automatically by a CI pipeline.

(In fact, it would be possible to provide all 3 approaches for each check.)

So your PR seems like a good idea, but I wonder if it maybe it could be a bit more flexible, or build on the Lockfile Lint design.

@L-Qun
Copy link
Contributor Author

L-Qun commented May 19, 2024
edited

image

The website will definitely need to be updated to document this CLI

Do you mean to update the content here? https://github.com/microsoft/rushstack-websites/blob/main/websites/lfx.rushstack.io/docs

@L-Qun
Copy link
Contributor Author

L-Qun commented May 19, 2024

Our team currently has a requirement to analyze whether the dependency tree contains multiple versions of a target package, so I have implemented this feature into lockfile-explorer.

@L-Qun This sounds somewhat related to the earlier Design Proposal: Lockfile Lint which @william2958 prototyped in #4094

🤔 Besides checking "Does this project's dependency tree include multiple copies of react?", it's easy to imagine lots of other problems that could be detected with similar "checks."

And the UX has several possible approaches:

  1. Web app: The checks can be performed via commands in the Lockfile Explorer web app
  2. Manually invoked shell command: The checks can be performed by invoking a CLI like lockfile-explorer check
  3. Lockfile Lint: The checks could be defined/customized in JSON config files, and then enforced automatically by a CI pipeline.

(In fact, it would be possible to provide all 3 approaches for each check.)

So your PR seems like a good idea, but I wonder if it maybe it could be a bit more flexible, or build on the Lockfile Lint design.

I think making the lockfile-explorer tool better is a long-term process. Perhaps we can first merge this PR after I update the documentation, and then I will gradually iterate and optimize it.

@L-Qun L-Qun force-pushed the main branch 3 times, most recently from 3b8cee2 to 57a3144 Compare May 27, 2024 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@octogonz octogonz octogonz left review comments

@iclanton iclanton Awaiting requested review from iclanton iclanton is a code owner

@apostolisms apostolisms Awaiting requested review from apostolisms apostolisms is a code owner

@D4N14L D4N14L Awaiting requested review from D4N14L D4N14L is a code owner

@dmichon-msft dmichon-msft Awaiting requested review from dmichon-msft dmichon-msft is a code owner

@patmill patmill Awaiting requested review from patmill patmill is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Bug Triage
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@L-Qun @octogonz