fix(cmd-api-server): plugins interfere with API server deps #1192 #1204

petermetz · 2021-08-11T00:28:48Z

Migrates to the lmify package to install plugins at runtime
instead of doing it via vanilla npm which was causing problems
with conflicting dependency versions where the API server would
want semver 7.x and one of the plugins (through some transient
dependency of the plugin itself) would install semver 5.x which
would then cause the API server to break down at runtime due to
the breaking changes between semver 7 and 5.

The magic sauce is the --prefix option of npm which, when specified
instructs npm to ignore the usual parent directory traversal algorithm
when evaluating/resolving dependency trees and instead just do a full
installation to the specified directory path as dictated by the
--prefix option. This means that we can install each plugin in their
own directory the code being isolated from the API server and also
from other plugins that might also interfere.

Fixes hyperledger#1192

Depends on hyperledger#1203

Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com

codecov-commenter · 2021-08-11T01:59:18Z

Codecov Report

Merging #1204 (2c9f4d9) into main (7b424d4) will decrease coverage by 0.02%.
The diff coverage is 82.14%.

❗ Current head 2c9f4d9 differs from pull request most recent head 4b4a066. Consider uploading reports for the commit 4b4a066 to get more accurate results

@@            Coverage Diff             @@
##             main    #1204      +/-   ##
==========================================
- Coverage   71.98%   71.95%   -0.03%     
==========================================
  Files         270      270              
  Lines        9440     9438       -2     
  Branches     1113     1112       -1     
==========================================
- Hits         6795     6791       -4     
- Misses       2072     2075       +3     
+ Partials      573      572       -1

Impacted Files	Coverage Δ
...erver/src/main/typescript/config/config-service.ts	`74.41% <ø> (ø)`
...s-cmd-api-server/src/main/typescript/api-server.ts	`86.77% <82.14%> (+1.25%)`	⬆️
...ain/typescript/plugin-factory-consortium-manual.ts	`75.00% <0.00%> (-25.00%)`	⬇️
...ory/src/main/typescript/plugin-factory-keychain.ts	`66.66% <0.00%> (-16.67%)`	⬇️
...n-keychain-vault/src/main/typescript/public-api.ts	`85.71% <0.00%> (-14.29%)`	⬇️
...-keychain-memory/src/main/typescript/public-api.ts	`85.71% <0.00%> (-14.29%)`	⬇️
...onsortium-manual/src/main/typescript/public-api.ts	`90.90% <0.00%> (-9.10%)`	⬇️
...typescript/plugin-keychain-vault-remote-adapter.ts	`61.53% <0.00%> (-2.57%)`	⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7b424d4...4b4a066. Read the comment docs.

jonathan-m-hamilton

LGTM

…er-cacti#1192 Migrates to the lmify package to install plugins at runtime instead of doing it via vanilla npm which was causing problems with conflicting dependency versions where the API server would want semver 7.x and one of the plugins (through some transient dependency of the plugin itself) would install semver 5.x which would then cause the API server to break down at runtime due to the breaking changes between semver 7 and 5. The magic sauce is the --prefix option of npm which, when specified instructs npm to ignore the usual parent directory traversal algorithm when evaluating/resolving dependency trees and instead just do a full installation to the specified directory path as dictated by the --prefix option. This means that we can install each plugin in their own directory the code being isolated from the API server and also from other plugins that might also interfere. Fixes hyperledger-cacti#1192 Depends on hyperledger-cacti#1203 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

petermetz added bug Something isn't working API_Server dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities labels Aug 11, 2021

petermetz added this to the v0.8.0 milestone Aug 11, 2021

petermetz requested a review from takeutak August 11, 2021 00:28

petermetz self-assigned this Aug 11, 2021

petermetz requested a review from jonathan-m-hamilton as a code owner August 11, 2021 00:28

github-actions bot added the dependent label Aug 11, 2021

jonathan-m-hamilton approved these changes Aug 11, 2021

View reviewed changes

takeutak approved these changes Aug 11, 2021

View reviewed changes

github-actions bot removed the dependent label Aug 12, 2021

petermetz force-pushed the fix-1192 branch from 7b19e68 to 05dd233 Compare August 12, 2021 19:45

petermetz added 4 commits August 12, 2021 16:15

Merge branch 'main' into fix-1192

f201892

Merge branch 'main' into fix-1192

50f0d76

Merge branch 'main' into fix-1192

c832ebe

Merge branch 'main' into fix-1192

4b4a066

petermetz merged commit a96ce68 into hyperledger-cacti:main Aug 13, 2021

petermetz deleted the fix-1192 branch August 13, 2021 23:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(cmd-api-server): plugins interfere with API server deps #1192 #1204

fix(cmd-api-server): plugins interfere with API server deps #1192 #1204

petermetz commented Aug 11, 2021 •

edited

Loading

codecov-commenter commented Aug 11, 2021 •

edited

Loading

jonathan-m-hamilton left a comment

fix(cmd-api-server): plugins interfere with API server deps #1192 #1204

fix(cmd-api-server): plugins interfere with API server deps #1192 #1204

Conversation

petermetz commented Aug 11, 2021 • edited Loading

codecov-commenter commented Aug 11, 2021 • edited Loading

Codecov Report

jonathan-m-hamilton left a comment

Choose a reason for hiding this comment

petermetz commented Aug 11, 2021 •

edited

Loading

codecov-commenter commented Aug 11, 2021 •

edited

Loading