separate dupe check and readme
This commit is contained in:
parent
e11f71bdd4
commit
aa301c8562
|
@ -19,6 +19,9 @@ jobs:
|
||||||
node-version: '18'
|
node-version: '18'
|
||||||
cache: 'yarn'
|
cache: 'yarn'
|
||||||
|
|
||||||
|
- name: Check dep dupes
|
||||||
|
run: yarn ci-dupe-check
|
||||||
|
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: yarn ci
|
run: yarn ci
|
||||||
|
|
||||||
|
|
|
@ -8,13 +8,13 @@ When updating dependencies, there are various files that must be kept up-to-date
|
||||||
|
|
||||||
- Instead of running `yarn` or `yarn install`, run `yarn setup` to ensure the `yarn.lock` file is in sync and that dependency scripts are run according to the `allowScripts` policy (set in `packages.json`)
|
- Instead of running `yarn` or `yarn install`, run `yarn setup` to ensure the `yarn.lock` file is in sync and that dependency scripts are run according to the `allowScripts` policy (set in `packages.json`)
|
||||||
- If `lavamoat` detects new scripts that are not explicitely allowed/denied, it'll throw and error with details (see below)
|
- If `lavamoat` detects new scripts that are not explicitely allowed/denied, it'll throw and error with details (see below)
|
||||||
- The `postinstall` step will dedupe the `yarn.lock` file to rationalise the dependency tree
|
- Running `yarn setup` will also dedupe the `yarn.lock` file to reduce the dependency tree. Note CI will fail if there are dupes in `yarn.lock`!
|
||||||
|
|
||||||
The `allowScripts` configuration in `package.json`:
|
The `allowScripts` configuration in `package.json`:
|
||||||
|
|
||||||
- There are two ways to configure script policies:
|
- There are two ways to configure script policies:
|
||||||
⋅⋅* Update the allow-scripts section manually by adding the missing package in the `allowScripts` section in `package.json`
|
1. Update the allow-scripts section manually by adding the missing package in the `allowScripts` section in `package.json`
|
||||||
⋅⋅* Run `yarn allow-scripts auto` to update the `allowScripts` configuration automatically
|
2. Run `yarn allow-scripts auto` to update the `allowScripts` configuration automatically
|
||||||
- Review each new package to determine whether the install script needs to run or not, testing if necessary.
|
- Review each new package to determine whether the install script needs to run or not, testing if necessary.
|
||||||
- Use `npx can-i-ignore-scripts` to help assessing whether scripts are needed
|
- Use `npx can-i-ignore-scripts` to help assessing whether scripts are needed
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
"private": true,
|
"private": true,
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"setup": "yarn install && npx yarn-deduplicate && yarn allow-scripts && yarn bigint-fix",
|
"setup": "yarn install && npx yarn-deduplicate && yarn allow-scripts && yarn bigint-fix",
|
||||||
"ci": "yarn ci-dupe-check && yarn install --frozen-lockfile --network-concurrency 1 --color=always && yarn allow-scripts && yarn bigint-fix",
|
"ci": "yarn install --frozen-lockfile --network-concurrency 1 --color=always && yarn allow-scripts && yarn bigint-fix",
|
||||||
"ci-dupe-check": "npx yarn-deduplicate --list --fail",
|
"ci-dupe-check": "npx yarn-deduplicate --list --fail",
|
||||||
"bigint-fix": "cd node_modules/bigint-buffer && yarn rebuild && cd ../../",
|
"bigint-fix": "cd node_modules/bigint-buffer && yarn rebuild && cd ../../",
|
||||||
"dev": "rm -rf .next && next dev",
|
"dev": "rm -rf .next && next dev",
|
||||||
|
|
Loading…
Reference in New Issue