-
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Handle existing NPM packages #476
Conversation
I really like the idea behind the PR however I think we should add more guardrails:
|
Also related: #405 |
Yeah, I'm also not too happy about the string matching, but the error I see is:
So not too sure how to better detect this, because just checking 403 is probably also not a good idea 😅 Any pointers on how to detect a multi-release? 🤔 but maybe it's good enough if we simply add a new options to be passed to opt-into this behavior?
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe we should get this in to avoid future situation where this blocks us or it unnecessarily prolongs an incident.
@@ -209,6 +209,16 @@ export class NpmTarget extends BaseTarget { | |||
// Disable output buffering because NPM/Yarn can ask us for one-time passwords | |||
return spawnProcess(bin, args, spawnOptions, { | |||
showStdout: true, | |||
}).catch(error => { | |||
// When publishing a list of packages fails for only one package, | |||
// you can never fix this by re-running publish because it will then _always_ fail due to existing versions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
an admin can check the box in publish that this target has completed -- this will skip the failing check
I'd prefer the existing approach rather than changing how craft behaves here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But if a single step publishes multiple packages, and one of them already exists, this will not work (it does not work right now) - you can then only skip npm
overall.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't matter as that is the right (safest) approach to have by default. You may have out of sync packages published etc. and Craft cannot know that unless you explicitly tell it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mydea in such a case I'd recommend publishing an entirely new version and yanking the partially released one. version numbers are ~free
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See the issue I linked please. This has been discussed earlier extensively and is a breaking change due to a fundamental behavior change. It should at least happen with an explicit flag as @asottile-sentry mentioned.
This issue has gone three weeks without activity. In another week, I will close it. But! If you comment or otherwise update it, I will reset the clock, and if you remove the label "A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀 |
When publishing a JS monorepo, if something goes wrong in the publish process, it can happen that only some packages are released, but others aren't. So you can e.g. have a state for the monorepo packages:
Now there is no way to fix the 1.0.2 release, because any rerun of this will fail when trying to publish package-1 because 1.0.2 already exists for it. See for example: https://github.com/getsentry/publish/actions/runs/5584823217/jobs/10206737755
This PR adds some special casing for this specific error, in which case we simply ignore and skip this. I don't have a great way of testing this directly, if there are any ideas let me know.