Consider that there are two npm projects, package-a and package-b, which are hosted in a private gitlab instance. package-a depends on package-b via git+ssh protocol.
Now as an engineer I need to modify some code in package-b. Before I merge my change to the trunk branch, I hope that I can test my change with package-a to avoid unexpected bugs. How can I let package-a use the package-b that contain the un-merged changes?
Gitlab provides a corresponding refs/merge-requests/$iid/merge for the merge result of the merge, which could be used for this purpose.
Let's say, your merge request id in project-b is 106, then you can run the following command in the project-a to test with your merge request
npm install 'git+ssh://git#git.yourcompany.com:products/package-b.git#merge-requests/106/merge'
More reading: https://gitlab.com/gitlab-org/gitlab-foss/-/issues/47110
Related
I would like to know how to manage dependencies updates between branches.
Example:
Working on branch A with a module in v3
Updating the module via npm on branch B
Working on branch A again
Since modules in node_modules are the same between branches, the module is still in v4 when back on branch A.
This generates an error because a function doesn't exist in v4 anymore.
Is there a way to manage this without having to re-install the correct version each time we switch branches ?
When I run "npm install" in a project it often modifies package-lock.json, for example if I work on the same project from another computer (with different node or npm version).
But at the same time the documentation suggests that the file is supposed to be added to version control (git in my case):
https://docs.npmjs.com/files/package-lock.json
This file is intended to be committed into source repositories, and
serves various purposes: ...
So should I commit the changes made by npm back and forth when switching work machines or when somebody else does npm install? This would be a nightmare.
Currently I just discard any changes to package-lock.json made by npm, and it's been working fine. So I might as well add it to .gitignore...
Am I doing it wrong? Should I use npm ci instead? I wouldn't call my computer a "CI", it's just a development machine, why should I use it there?
Basically I have the same question as this gentleman:
https://github.com/npm/npm/issues/18103#issuecomment-370401935
(Sadly I can't add a comment on that issue or create a new issue at all, the npm repo has issues disabled)
Yes you want to commit your package-lock.json file to source control. The reasoning behind this is to ensure that all of the same versions of each package are downloaded and installed for each user that pulls down the code. There are some other reasons to include the file such as tracking changes to your package tree for auditing.
I am following standard gitflow, and I have different environments for testing the dev builds, and release builds. master goes to production.
I also have my JS app divided into multiple private npm modules which goes into private npm repository.
Q1
Is there any way I can version my npm packages, against the branches they are built on in a standard way?
What I have tried is, I have prerelease pre-ids added to the versions. like
1.0.0-rc.0 //for master
1.0.0-beta.0 //for release
1.0.0-alpha.0 //for dev
But if I create a feature branch from master, it contains the master's version. When I try to raise a PR from it to dev, then it shows conflict, since dev has -alpha.x in its version. To resolve the conflict, I'll have to consume the target branch's versioning. Same issue when it goes for merging on release branch too.
And when it comes to merging to master, the release version (one with -beta.0) completely replaces the master.
So it becomes like this: on master,
| It was | After Merge | After version bump |
| ------------- |:-------------:| -------------------:|
| 1.0.0-rc.0 | 1.0.0-beta.0 | 1.0.0-rc.0 |
Ideally after the version bump i would have wanted it to be 1.0.0-rc.1
Is it possible to keep package JSONs out of versioning.
Q2
How do I control the versioning in the package JSON of the application where these NPM modules are consumed? It too is on gitflow and feature branching model, and I would want that the App, when it is building on dev branch, it builds with artifacts that are published from their respective dev branches.
Honestly, I might be misusing gitflow too, but as of now, too confused to figure out where I'm going wrong.
Any Help will be appreciated.
Thanks in Advance
The way I solved it is,
//${buildNumber} and ${branch} are available as env variables in the build agent(at least available in jenkins/bamboo)
tagversion="1.0.0-${branch}.${buildNumber}"
echo $tagversion
npm version $tagversion
so my builds are created and published as
1.0.0-master.1 //for master
1.0.0-release.1 //for release
1.0.0-dev.1 //for dev
You can user merge strategy as ours for package.json file in all branches. Details steps as below:
Configure merge.ours.driver as true
git config --global merge.ours.driver true
Add .gitattributes file on each branch
Add .gitattributes file with below content on each branch as below:
echo 'package.json merge=ours' >> .gitattributes
More details, you can refer last part (Merge Strategies) in Git Attributes.
Until now, for most situations, package.json file won't be overwritten during merge.
Note: pakage.json file will be overwritten for recursive merge. When merging changes from branch1 to branch2, if the file package.json is only changed on branch1, the merge commit will keep the package.json file with the version from branch1 by recursive merge strategy.
Such as on master branch, the version 1.0.0-rc.0 has not changed; while on release branch, the version has changes to 1.0.0-beta.0. When merging changes from release branch into master branch, the version will be 1.0.0-beta.0 (as you mentioned).
So for recursive merge situation, you need to manually change the package.json file version after merging:
# On the merged branch, as master in above example
git checkout head~ -- package.json
git commit -m 'use the original package.json after recursive merge'
Obviously if you try to npm publish without updating the version number of your module you will get an error. Is there any way to verify that the version number is valid for publishing before actually running npm publish?
My use case: I'm using CircleCI to build my module when pushing to any git branch. If somebody creates a pull request to master, I want to verify that the version number has been updated. However, I don't want to actually publish the package until the pull request to master has been accepted.
You can get your current package version by: npm view <pkg> version (npm v5), than compare it with the version in the code.
It is easy to check whether the version has change, a simple === is enough. If you need to check whether the new version is valid, you should use look for a module for that.
https://www.npmjs.com/package/semver for example if you use JS code to check, or https://github.com/cloudflare/semver_bash if you use bash
I am developing a very complex app that is using internally developed, open source NPM modules.
I often need to change one of those modules (extra features, bug fixing, etc.) in order for the main application to work.
At the moment, I have:
A directory called my_modules, each containing a git repository one for each module. For example module1, module2.
A directory called my_apps, where for example there is app1 which has module1 as a dependency
Under my_apps/app1/node_modules I have module1 and module2, installed via NPM
In the server, deploy by pulling the git repository, running an npm install and npm dedupe, and running the server with forever.
At this stage, if I have to fix something in one of the modules, I:
Fix it within my_apps/app1/node_modules/module1 (not git)
When it's all working, COPY the files over to my_modules/module1 and do a git push and npm publish
The server will pull the latest modules after deploy thanks to npm install
This is way, way less than ideal. It's just too error-prone. However:
Having a symbolic link link my_apps/app1/node_modules/module1 => my_modules/module1 means that module1 will look for dependencies in its own path, which often causes problems (for example, I need to make sure that EVERY module uses the same copy of module1, which is imperative)
Having a git repo under my_apps/app1/node_modules/module1 feels dangerous, in case I accidentally overwrite changes using NPM on the module. Also, once fixed the change in the local git repo, I would still then need to pull the changes in my_modules/module1. Yes a step forward from copying files over...
What's the "recommended" way of dealing with this? Any best practices?