chore: Update build-tools to Yarn 4 #761
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
src/e-auto-update.js
Outdated
| console.log(color.childExec('npx', ['yarn', '--immutable'], execOpts)); | ||
| cp.execSync('npx yarn --immutable', execOpts); |
There was a problem hiding this comment.
npx is unsafe and now we have the yarn cjs file we can just do node .yarn/releases/yarn-4.10.3.cjs instead.
I'm also fairly sure this will fail on the first run through because yarn --prod will run from the old script while having the new code locally
There was a problem hiding this comment.
Ah, ya I was wondering about this.. node .yarn/releases/yarn-4.10.3.cjs sounds like a good alternative.
Let me think about the yarn --prod issue.. maybe I need to send a separate PR to prepare for this migration, and then wait a little bit before merging this PR 🤔
There was a problem hiding this comment.
You could do something truly nasty and bit a yarn binary in this folder so that npx runs it instead of global yarn 😨 But hey that's the voice inside my head talking
There was a problem hiding this comment.
Does npx pick up arbitrary binaries out of a local repo? I wasn't aware of that behavior.
We could maybe write a shim file to node_modules/.bin/yarn which npx would pick up.. and I guess we could have that wrapper detect and handle the --prod flag to give a graceful transition... but it'd definitely be a bit hacky.
There was a problem hiding this comment.
In the interest of moving this forward, here are some other options:
- Land the change as-is, and post one-time instructions for people to run after
build-toolsupdates and fails to runyarn --prod - Update
build-toolsto look for a gitignored sentinal file for allecommands, and if it's not present, runyarn install --immutablebefore running the actual command, then touch the sentinal file. This way even if people get an error whenyarn --prodruns,build-toolswould "self-heal" when the nextecommand is run
I don't have a strong opinion about how to solve this, though since there's a limited user base, it seems like a simpler solution + some manual upgrade instructions might be the right balance of effort.
There was a problem hiding this comment.
I think we should be OK to just Let This Happen.
We can post in #pineapple internally that this will happen, it will auto-fix on the next update. People won't be broken, they'll get an error once and then it will fix on the next e command they run
|
@itsananderson could you rebase? |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
…PATH Co-authored-by: Samuel Attard <[email protected]>
|
I've rebased. I'm struggling to reproduce the test timeout errors that are happening in CI, though 🤔 |
|
Also, do we care about the |
|
Ah, so regenerating the From those details, it sounds like the best options are probably to either:
|
|
Ok, pinning to only accept patch versions of |
I'm good with pinning it, but I've test migrated a couple of repos to Vitest v4 and so far it's been a pretty painless migration. |
4 participants
This PR updates build-tools to use Yarn 4, following the instructions from @MarshallOfSound
Since the
build-toolsrepo is a bit different from others in the Electron ecosystem, testing these changes is slightly more challenging.I pushed a separate
yarn-4-auto-updatebranch to my fork, which modified the auto-update functionality to pull from that sameyarn-4-auto-updatebranch. That way I could test the auto-update functionality and make sureyarn --immutableis invoked correctly.Testing the initial installation flow w/
npm i -g @electron/build-toolsis more tricky, since that package automatically pulls themainbranch. If anyone has ideas about how to test this, I'd be happy to do that additional testing.