We are building a Node.js app. As we are practicing Continuous Delivery with Trunk Based Development we would only have one branch and one build to work with.
For several reasons including legal requirements we are expected to deliver a patch version for the currently released version any time we are developing a next feature release. What's more: There are features and/or activities that would not make it to the next feature version.
Obviously any new features have to be excluded from the patch release, any we-will-not-make-the-next-feature-release stuff has to be excluded from the next release.
In order to test (and ship betas) we are building and testing three versions of the product, say 1.0, 1.1 and 1.2.
Exclusion of features is done using feature toggles.
Question: How could I exclude dependencies only valid for next feature release or even later from being put into the node_modules during build?
If it were for two lines I would try something using the optional dependencies of package.json.
Is there any other way to make sure:
dependencies for 1.1 and after are not making it into 1.0
dependencies for 1.2 and after are not making it into 1.0 and 1.1
require(...) does not fail for not existing dependencies (wrapping with feature toggle???)
Is there a way to avoid keeping three package.json's and pick the "just right" one during build of each version?
Related
I'm maintaining some large NodeJS applications(micro-services, apps), which consume many(at least 100+) dependencies.
Updating those dependencies to fix a security vulnerability forces me to spend valuable development time.
Is there any way to automate package updates across repositories?
We're using GitLab for SCM.
I had thought of some options like:
Separating out core dependencies into a base level library.
Maintain a repository that specifies security-cleared dependency versions and repositories to be updated whenever the cleared list changes.
Any additional suggestions/examples?
Just to help shortlist approaches mentioned in the question:
1. Separating core dependencies into a "Core" library.
This can reduce the number of updates. But the libraries based on "Core" sill still have their own dependencies, which may be prone to vulnerabilities and the update cycle must be repeated for them manually. This approach just procrastinate the manual updates.
2. Maintain a repository that specifies security-cleared dependency versions and repositories to be updated whenever the cleared list changes.
Couple of options here:
Article on automating via pipeline scripts
GitHub: Use next-update + Hub CLI
GitLab: Use next-update + Lab CLI
Implement dependabot-core(GitHub) or dependabot-gitlab(GitLab)
Implement renovate.
I am analyzing the monorepo strategy for some of my framework node modules / libraries that are currently part of different repos. I have around two dozen node modules / libraries and not all of them are used by a single application. Few applications just use a single node module / library whereas others use 5+ of them. I am using a semver for these modules.
If i move to monorepo, what would be the best GIT branching strategy in the following scenario
I planned to support only the two major versions of a module at any time. (latest & latest -1). Latest should have all enhancements & breaking changes. latest - 1 is to support bug fixes of previous release. What would be the best branching model for this scenario ? Note, another developer in my team may modify a different module for bug fixing or he / she may add new enhancements to a module. How do we separate our changes inside a single repo ? what is a proven branching model in this scenario
I'm currently struggling with automatic merges of a semantic versioned node project. In my current setup I have to maintain multiple older (minor) versions of the applications. To ensure that bug fixes in older versions are also applied to newer versions I'm using release branches in combination with bit buckets feature of auto merging. It works great apart from permanent auto merge conflicts with the version of the application that has to be stored in the package.json. Each time an auto merge happens there is a version conflict with the newer release versions.
Is there any way to avoid those merge conflicts? I fiddled around with a custom merging driver (https://gist.github.com/jphaas/ad7823b3469aac112a52), it kind of works but in my opinion there should be an easier solution like storing the version in a dedicated file (e.g .npmversion) and using build in merge drivers.
Here's my project development process:
feature/feature1
feature/feature2
feature/etc..
master
production
I develop my features on the features branches, when I have finished with a branch, I merge it on master and delete it via github ui. CircleCI detect the merge and deploy the master on a staging server.
Later I merge manually the master branch onto the production one, and CircleCI deploy to my productions server.
I would like my package.json version to bump each time I merge a feature branch to the master branch (via github UI). But I have no idea if
Github allow to do so (if yes please can you explain to me?)
It's a good process
I'm aware I could do it via npm version command when I merge master onto production, but I do need the version to be updated on the master automatically when I merge a branch into it.
Don't hesitate to criticize my way to proceed and tell me yours. :)
Thank you
I don't think Github offers any such feature. But there are some grunt modules that do this during build time. You could probably script this or have a make file that does this for you as well.
I don't think this is good way of versioning. After you are done with a feature, you have to decide if the changes you have made are minor or major. Some times you might commit breaking changes. Just incrementing the version number form 1.0.1 to 1.0.2 or say 1.1.0 to 1.1.1 (every time) will not convey the magnitude of these changes. Best Practice: Software Versioning
The best practices for versioning are already covered here.
We manage versioning manually where I work. Before each release we create a tag (v1.0.3, v1.1.4..etc) and then create a release on Github. In the description of the release we put all new commits. Going through the commit message gives us a good idea of the changes that were made. If the changes only involve bug fixes and minor feature additions we will increment the minor number ie. 1.2.1 to 1.2.2.
If a major new feature is added, we increment the major version number ie. 1.2.2 to 1.3.0. When we add many breaking changes we go from 1.3.0 to 2.0.0.
Sometimes we are loose with versioning. Our API is not public and the only reason we use versioning is for deploying and for rolling back. If you are expecting to make you work open source and or expecting to make your work available through some kind of package manager, like say npm, you should follow semver versioning strictly.
I am working on a SaaS application with node.js using npm for managing dependencies. I am trying to decide what to do about the version number. Our release model will be to market features and release when ready, rather than marketing versions.
I am looking for advice on the version field for package.json. Since we won't be publishing the app to the npm registry, I can really use whatever version number I want. I really don't want to maintain a typical version number like 1.0, 1.2, 2.0, etc. Since a release is simply a project that ships when ready, dates make better versions for me, like "RELEASE_20130104", but npm requires that the version field in package.json be parseable by semver rules.
I am interested in hearing what the rest of the community has done for SaaS npm-based apps.
Requirements:
Effortless - I don't want to waste time debating between 1.2.0 or 2.0. It's just the next release.
Must satisfy the npm version syntax rules.
Nice-to-haves:
Scriptable through a build process, like extracting SVN branch and
revision number.
Version means something, like the release date.
Solutions I have come up with:
Strictly follow semver major.minor.patch pattern. This will require separate scripts for different release types and will be a nightmare for pre-release builds.
Express the release date in semver format like "2013.01.04"
SVN revision number + branch or tag name like "21484-BugFix21". Downside there is that non-release builds' versions don't tell you what release version they are branched from.
Pick a dummy version and never change it like "1.0.0". Track the version in the format I want in a separate field, like "appRelease": "2013.01.04".
I don't expect right or wrong answers. There are a ton of solutions. I am looking to see what approaches others have taken in the past.