Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(github): add dependency version consistency check #3645

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

jagpreetsinghsasan
Copy link
Contributor

Commit to be reviewed

ci(github): add dependency version consistency check

Primary Changes
---------------
1. Added a new custom check which checks if there are any inconsistency with the dependency version, which is already being used with an exsisting package.

Changes needed to incorporate 1)
-------------------------------
2. Added a new dependency in the root package.json
3. Added a new npm script in the root package.json
4. Updated the lock file for the dependency inclusion

Fixes #3612

Pull Request Requirements

  • Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
  • Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
  • Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

  • Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
  • Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.

@jagpreetsinghsasan
Copy link
Contributor Author

@petermetz shall I create a new task to update the existing inconsistencies in the dependency versions in our current codebase? I tried to resolve them as well in this PR, but it seems that for some version mismatches, it might not work with just the version updation (for example, web3 related dependencies need to be updated from 1.x -> 4.x)

Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@petermetz shall I create a new task to update the existing inconsistencies in the dependency versions in our current codebase? I tried to resolve them as well in this PR, but it seems that for some version mismatches, it might not work with just the version updation (for example, web3 related dependencies need to be updated from 1.x -> 4.x)

@jagpreetsinghsasan Yes please, separate tasks for the easy low hanging fruit and then the difficult stuff (web3 1.x vs 4.x) so that we can chip away at the task in smaller pieces of work.

In the meantime please also add changes to this PR that will exclude the difficult to update dependencies from being checked and then add a comment to those exclusion declarations referencing the issues you've created for their fixing. This way we can kick off this check in the codebase with it passing while we work our way through the backlog of issues that would otherwise make it fail on the CI for everyone on every pull request.

LGTM otherwise in general.

@jagpreetsinghsasan
Copy link
Contributor Author

@petermetz shall I create a new task to update the existing inconsistencies in the dependency versions in our current codebase? I tried to resolve them as well in this PR, but it seems that for some version mismatches, it might not work with just the version updation (for example, web3 related dependencies need to be updated from 1.x -> 4.x)

@jagpreetsinghsasan Yes please, separate tasks for the easy low hanging fruit and then the difficult stuff (web3 1.x vs 4.x) so that we can chip away at the task in smaller pieces of work.

In the meantime please also add changes to this PR that will exclude the difficult to update dependencies from being checked and then add a comment to those exclusion declarations referencing the issues you've created for their fixing. This way we can kick off this check in the codebase with it passing while we work our way through the backlog of issues that would otherwise make it fail on the CI for everyone on every pull request.

LGTM otherwise in general.

Sure, I will fix the inconsistencies with the easier ones in this PR itself and reference the tougher ones via comments here to their respective tasks.

Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jagpreetsinghsasan Sorry, I've noticed a couple more little things, but still looking great in general!

@jagpreetsinghsasan
Copy link
Contributor Author

@hyperledger-cacti/cacti-maintainers I am currently pushing some dependency version upgrades (in stages) alongside adding of the logic. So please do not review this PR until I reply back here asking for a review (The idea is, as what @petermetz suggested, to upgrade the easier dependencies alongside this PR itself and have a new issue fixing the harder ones).

    Primary Changes
    ---------------
    1. Added a new custom check which checks if there
       are any inconsistency with the dependency version,
       which is already being used with an exsisting package.

    Changes needed to incorporate 1)
    -------------------------------
    2. Added a new dependency in the root package.json
    3. Added a new npm script in the root package.json
    4. Updated the lock file for the dependency inclusion

Fixes hyperledger-cacti#3612

Signed-off-by: jagpreetsinghsasan <[email protected]>
jagpreetsinghsasan added 2 commits November 26, 2024 06:35
Signed-off-by: jagpreetsinghsasan <[email protected]>
Signed-off-by: jagpreetsinghsasan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ci(github): add dependency version consistency custom-check
2 participants