-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Print debug information #36
Conversation
@@ -126,6 +134,9 @@ jobs: | |||
if: ${{ inputs.post-install-steps }} | |||
uses: ./.github/tmp/post-install-steps | |||
|
|||
- name: Print installed dependencies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will be a ton of output; are you sure it’s helpful?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it hurt? What are the downsides?
I'm not sure, tbh, how useful this is on OSS side of things, but at work this has been a life saver in numerous occassions:
- tracking down npm bugs (e.g. when lockfiles are not respected: [BUG]
npm ci
respects thepackage-lock=false
config flag npm/cli#4185, [BUG]npm ci
succeeds whenpackage-lock.json
doesn't matchpackage.json
npm/cli#2701) - tracking down whether a specific (malicious) version of a package has ever been installed
- tracking down regressions in dependencies by comparing the trees between successful builds
The later two can be somewhat solved by using lockfiles, but there's opinions about that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What opinions? The latter two absolutely are covered by lockfiles.
Also, GitHub actions are almost exclusively used by open source projects, so that’s what we should be optimizing for.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The downsides are that it might cause actually important log output to be truncated if the log gets too large - I’m not sure what GitHub’s log size limit is, but this specific output caused that problem on projects for me on Travis in the past, so i don’t do it anymore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What opinions
I meant that while lockfiles cover the issues mentioned, there are opinions about using lockfiles. Esp. in the context of OSS libraries a lot of people don't use them?
not sure what GitHub’s log size limit is
https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy does not mention any size limits.
I do recall them recently posting a blog post about how they rewrote the log viewer to cater for larger log files 🤔 https://github.blog/2021-03-25-how-github-actions-renders-large-scale-logs/ mentions that they need to support at least 50k lines. Surely that should be enough to list the dependencies 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh definitely there are opinions about that :-) but by not using a lockfile, I’d use --before locally to investigate anyways, which the full tree output wouldn’t help with.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how much time does it add to list and log the entire dep tree?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does say 0s
here: https://github.com/dominykas/pkgjs-action/runs/4685158763?check_suite_focus=true (randome poke). Other places say 1s
. Ofc that's a very small tree, but I doubt it would go much over that.
Regarding the log lines, it could be attached as an artifact, but that would probably add another second... Not sure it's worth that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough :-) altho actually it might be much more useful to attach the lockfile itself - or, the one npm would have produced - as an artifact.
I guess i can see the usefulness of both, based on what you’ve described. The lockfile could be looked into as a follow up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought it may be redundant, but the detailed output can be useful to spot why a run was successful and a subsequent one fails.
Closes #10