-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NPM Ownership #23
Comments
Note for when we're figuring this out: |
Later H2 |
I would think @arbrandes should weigh in on this item's relative importance / size. |
I think doing this makes a lot of sense I'll assign this to myself and do a little discovery on what kind of effort will be required. (Hopefully it'll be pretty easy to do.) |
Adding some related context from a recent issue:
However, we are also using the same NPM token for publishing over in the edX github organization (in frontend-component-footer-edx). As we rotated this secret in the openedx org, it's no longer valid in the edX org, causing our edX-specific NPM releases to fail. I've escalated the issue of needing to rotate the NPM token for the edx github org to 2U SRE, but wanted to flag here that having distinct NPM tokens for the 2 Github organizations would be advantageous so there is no coupling between Open edX and 2U moving forward. I'd also be happy to discuss the impacts of moving existing NPM packages to a new |
@arbrandes please review this proposed migration plan for fixing the NPM ownership. I've created the new Context
Proposed Plan
|
In general, looks good to me. The largest (in terms of work) will, of course, be 3.iv. Otherwise: On 3. iii: We're effectively renaming the packages, technically a breaking change that warrants major version bumps. (Or a restart to 1.0.0, which is what happened when react-intl was renamed to formatjs, but I think that would be a tad too extreme.) Doing so would also be a clear signal that this is the intended direction: as a user, you'll only get new versions under the new namespace. This also obviates the need to publish the same version under a new namespace. Can't think of a downside except that it's not obvious just from comparing package names and versions that nothing changed except the name... which, again, would be confusing in an of itself, as a name change is a pretty big deal in the first place. |
Just throwing this in here, as it may come in handy whatever we do: It contains instructions on how to manually trigger releases, which is something we might have to do. |
So I think the next steps for this are to:
|
Part of openedx/axim-engineering#23 This updates the brand alias to point to the package at the `openedx` scope. This does not impact imports because this package is used via an alias.
Part of openedx/axim-engineering#23 This updates the brand alias to point to the package at the `openedx` scope. This does not impact imports because this package is used via an alias.
@Mashal-m yes, the move of that particular package has already been completed. Since it was an alias already that one was a lot easier to move than most of the others. |
Quoting @brian-smith-tcril from this Slack thread, this is the current plan:
|
…x#2099) * chore: Update to the new version of paragon in the new scope. Part of openedx/axim-engineering#23 This replaces the `@edx/paragon` packag to point to the `paragon` package at the `openedx` scope(`@openedx/paragon`). Imports have been updated to use the same locations in the new package. * fix: Update webpack configs to transpile openedx packages. This babel-loader config is pulled from frontend-build@13.0.4 We had to do this because frontend-build is currently too far behind and can't easily be updated to a newer version without upgrading webpack and many other libraries. By making this small change we unblock the paragon upgrade to the new scope and latest version. * chore: Static asset compilation. * build: Add an nvmrc file to be clear about the node version. This is now best practice in repos with JS code so that it's easy to be using the right version of node. This repo is still on node 16 because edx-platform is still on node 16
There is an edx organization on NPM that currently publishes many packages. An organization can't be renamed but there is a process for moving packages between organizations. The
edx
organization orscope
as NPM calls it, has both packages that are a part of the Open edX ecosystem as well as packages that are specific to edx.org. To reduce confusion we'll be moving the openedx packages to a newopenedx
scope in NPM.Impact
Any downstream packages that depend on a package that has moved will need to update its dependencies and imports to pull the same files from the new package location and version.
Tasks
Tasks
@edx/brand
to@openedx/brand
#948Tentative Plan
openedx
NPM org. (Done)openedx-npm-release-bot
github and NPM users. (Done)openedx
NPM org and create some API tokens for it. (Done)openedx
GitHub org and create a personal access token. (we use this user when semantic release has changes to commit back to the repo as part of the release.) (Done)OPENEDX_NPM_RELEASE_GITHUB_TOKEN
andOPENEDX_NPM_RELEASE_NPM_TOKEN
openedx
GitHub org secrets. (Done)openedx
NPM org.openedx
org at the same version as in theedx
org.openedx
org that use this package to use the newopenedx
scoped one.edx-semantic-release
GitHub user from theopenedx
org.edx-semantic-release
user back to the 2U SRE team so they can take full control of this useredx
NPM org.Links
The text was updated successfully, but these errors were encountered: