Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(github): add dependency version consistency custom-check #3612

Open
petermetz opened this issue Nov 1, 2024 · 0 comments · May be fixed by #3645
Open

ci(github): add dependency version consistency custom-check #3612

petermetz opened this issue Nov 1, 2024 · 0 comments · May be fixed by #3645
Assignees
@jagpreetsinghsasan
Labels
Developer_Experience github_actions Pull requests that update GitHub Actions code P3 Priority 3: Medium Tests Anything related to tests be that automatic or manual, integration or unit, etc.
Milestone
v2.1.0

Comments

@petermetz
Copy link
Contributor

Problem Statement

In our monorepository code reviewers have to manually keep track of contributors
using the correct version string for packages and their dependencies.

Types of issues that arise (not a complete list)

  1. We are on 2.0.0 and people send in a PR with a package with version 0.0.1 or 2.0.0-rc.1 or something else that's outdated.
  2. We are on 2.0.0 and people send in a PR where some of their local package dependencies use outdated versions of other packages. For example the core package declares that it depends on the [email protected] package or for another exmaple, the core-api package declares that it depends on the [email protected] package. Both of these cases are wrong becaus they should only be using the current latest relesae version which in this case is 2.0.0
  3. Third party dependencies are being inconsistently dependend on. For examples 5 different packages end up using 5 different versions of express or @grpc-js/grpc which causes compilation issues across the board.
  4. Sometimes people make the effort to be consistent but then versions change on main and they don't realize that their pull request now needs updating just because of this. The issue is that git won't mark this as a merge conflict if it can auto-resolve the merge by using the wrong version so we need tooling to makes this type of mistake impossible to help both code reviewers and contributors alike (less manual effort for everyone)

Acceptance Criteria

  1. Use the software provided at
    https://github.com/bmish/check-dependency-version-consistency
  2. Ensure that there is a custom-check step implemented which uses that package.
  3. If you run yarn custom-check and any of the problems are present from the Types of issues that arise (not a complete list) section then it needs to fail.
  4. It needs to report failures using the existing conventions for all the other custom-checks we have in place.
  5. There has to be a separate npm script in the root package.json which allows contributors to run just this one check by itself as well. Call it tools:check-dependency-version-consistency
@petermetz petermetz added Developer_Experience github_actions Pull requests that update GitHub Actions code P3 Priority 3: Medium Tests Anything related to tests be that automatic or manual, integration or unit, etc. labels Nov 1, 2024
@petermetz petermetz added this to the v2.1.0 milestone Nov 1, 2024
@petermetz petermetz assigned petermetz and unassigned petermetz Nov 1, 2024
@jagpreetsinghsasan jagpreetsinghsasan self-assigned this Nov 7, 2024
jagpreetsinghsasan pushed a commit to jagpreetsinghsasan/cactus that referenced this issue Nov 19, 2024
ci(github): add dependency version consistency check
976495b 
    Primary Changes
    ---------------
    1. Added a new custom check which checks if there
       are any inconsistency with the dependency version,
       which is already being used with an exsisting package.

    Changes needed to incorporate 1)
    -------------------------------
    2. Added a new dependency in the root package.json
    3. Added a new npm script in the root package.json
    4. Updated the lock file for the dependency inclusion

Fixes hyperledger-cacti#3612

Signed-off-by: jagpreetsinghsasan <[email protected]>
@jagpreetsinghsasan jagpreetsinghsasan linked a pull request Nov 19, 2024 that will close this issue
Open
5 tasks
jagpreetsinghsasan pushed a commit to jagpreetsinghsasan/cactus that referenced this issue Nov 20, 2024
ci(github): add dependency version consistency check
220b9d4 
    Primary Changes
    ---------------
    1. Added a new custom check which checks if there
       are any inconsistency with the dependency version,
       which is already being used with an exsisting package.

    Changes needed to incorporate 1)
    -------------------------------
    2. Added a new dependency in the root package.json
    3. Added a new npm script in the root package.json
    4. Updated the lock file for the dependency inclusion

Fixes hyperledger-cacti#3612

Signed-off-by: jagpreetsinghsasan <[email protected]>
jagpreetsinghsasan pushed a commit to jagpreetsinghsasan/cactus that referenced this issue Nov 21, 2024
ci(github): add dependency version consistency check
34044a7 
    Primary Changes
    ---------------
    1. Added a new custom check which checks if there
       are any inconsistency with the dependency version,
       which is already being used with an exsisting package.

    Changes needed to incorporate 1)
    -------------------------------
    2. Added a new dependency in the root package.json
    3. Added a new npm script in the root package.json
    4. Updated the lock file for the dependency inclusion

Fixes hyperledger-cacti#3612

Signed-off-by: jagpreetsinghsasan <[email protected]>
@jagpreetsinghsasan jagpreetsinghsasan mentioned this issue Nov 25, 2024
Closed
5 tasks
jagpreetsinghsasan pushed a commit to jagpreetsinghsasan/cactus that referenced this issue Nov 25, 2024
ci(github): add dependency version consistency check
c6afeb0 
    Primary Changes
    ---------------
    1. Added a new custom check which checks if there
       are any inconsistency with the dependency version,
       which is already being used with an exsisting package.

    Changes needed to incorporate 1)
    -------------------------------
    2. Added a new dependency in the root package.json
    3. Added a new npm script in the root package.json
    4. Updated the lock file for the dependency inclusion

Fixes hyperledger-cacti#3612

Signed-off-by: jagpreetsinghsasan <[email protected]>
jagpreetsinghsasan pushed a commit to jagpreetsinghsasan/cactus that referenced this issue Nov 25, 2024
ci(github): add dependency version consistency check
1856941 
    Primary Changes
    ---------------
    1. Added a new custom check which checks if there
       are any inconsistency with the dependency version,
       which is already being used with an exsisting package.

    Changes needed to incorporate 1)
    -------------------------------
    2. Added a new dependency in the root package.json
    3. Added a new npm script in the root package.json
    4. Updated the lock file for the dependency inclusion

Fixes hyperledger-cacti#3612

Signed-off-by: jagpreetsinghsasan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jagpreetsinghsasan jagpreetsinghsasan

Labels
Developer_Experience github_actions Pull requests that update GitHub Actions code P3 Priority 3: Medium Tests Anything related to tests be that automatic or manual, integration or unit, etc.
Projects
None yet
Milestone
v2.1.0
2 participants
@petermetz @jagpreetsinghsasan