feat: migrate from yarn to pnpm

[roninjin10]

Migrates package manager to pnpm

• lots of documentation updated
• lots of scripts updated
• sometimes I remove the cache completely because pnpm is much faster and wasn't worth optimizing for cache like in case of github actions
• prefer to use npx or let package runner infer the script runner when possible
• pnpm does not allow hoisted node modules. Must be explicit about ALL deps for all packages
• pnpm doesn't run prefoo scripts. WE depend on them so we override this default
• Some packages didn't exist in yarn workspaces before. I added them to pnpm workspaces though
• rari-capital/solmate redirecting to transmissions11/solmate caused pnpm issues so made it use t11 instead
• ds-test was using a commit 1 commit before @smartcontracts added a package.json. this made pnpm angry so I bumped commit one commit to @smartcontracts commit
• had to add prettier-plugin-solidity to prettier config
• pnpm to reduce duplication and be space efficient puts all packages in the pnpm store at the root of the repo and symlinks them out to create the node_modules structure. Other package managers just copy the same files over and over again. Becasue of this we need to update foundry to allow these files
• The docs have a giant hack to use yarn to install it's packages in a postinstall script. This is shameful

Pnpm saves space and time of installing node modules.
It installs node modules into a pnpm store and then symlinks them in the places npm would copy them to.
By default, it does not hoist node modules
Hoisting is something npm and yarn do to save time/space that pnpm avoids needing to do
Hoisting makes it so dependencies must always be explicit. With yarn and npm contracts-bedrock at any time can import a dependency only declared in sdk. With pnpm this is impossible. More robust code
Pnpm in docker is better because you can run pnpm fetch after only COPY pnpm-lock.yaml. Pnpm will then install node modules with only the lockfile for maximum cache hits.
Pnpm has a robust escape hatch that allows you to modify package.json of dependent packages that comes in handy compared to trying to bang head against the wall with yarn resolutions
Pnpm commands are the same as npm but with a p in front for the most part

[changeset-bot]

⚠️ No Changeset found

Latest commit: 353e9e8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[netlify]

✅ Deploy Preview for opstack-docs canceled.

Name	Link
🔨 Latest commit	353e9e8
🔍 Latest deploy log	https://app.netlify.com/sites/opstack-docs/deploys/649ccd5382c69500074da97b

[roninjin10]

Current dependencies on/for this PR:

• develop
  • PR feat: migrate from yarn to pnpm #6120 👈
    • PR feat: Clean up package.json post pnpm #6180
      • PR update rari-capital solmate to just solmate #6181

This comment was auto-generated by Graphite.

[tynes]

should this base into the pnpm pr?

[mergify]

Hey @roninjin10! This PR has merge conflicts. Please fix them before continuing review.

[tynes]

@roninjin10 i pushed a couple of commits, some things are still failing but otherwise its mostly working, idk how to fix some of this stuff

[roninjin10]

Nice I think we can get this ready by monday I'm pretty motivated this weekend to ship this and some other things I'm working on

[mergify]

Hey @roninjin10! This PR has merge conflicts. Please fix them before continuing review.

[mergify]

Hey @roninjin10! This PR has merge conflicts. Please fix them before continuing review.

[mergify]

Hey @roninjin10! This PR has merge conflicts. Please fix them before continuing review.

[semgrep-app]

Semgrep found 2 path-join-resolve-traversal findings:

• packages/contracts-bedrock/tasks/generate-deploy-config.ts: L12, L12

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

View Dataflow Graph

flowchart LR
    classDef invis fill:white, stroke: none
    classDef default fill:#e7f5ff, color:#1c7fd6, stroke: none

    subgraph File0["<b>packages/contracts-bedrock/tasks/generate-deploy-config.ts</b>"]
        direction LR
        %% Source

        subgraph Source
            direction LR

            v0("<b>[Line: 10]</b> hre")
        end
        %% Intermediate

        subgraph Traces0[Traces]
            direction TB

            v2("<b>[Line: 10]</b> hre")
        end
        %% Sink

        subgraph Sink
            direction LR

            v1("<b>[Line: 12]</b> hre.network.name")
        end
    end
    %% Class Assignment
    Source:::invis
    Sink:::invis

    Traces0:::invis
    File0:::invis

    %% Connections

    Source --> Traces0
    Traces0 --> Sink

    %% Clickable

    click v0 href "https://github.com/ethereum-optimism/optimism/blob/0d9f85b4fe80fc730fe0addbaa5c04dc1cb7528f/packages/contracts-bedrock/tasks/generate-deploy-config.ts#L10" "View in source" _blank
    click v1 href "https://github.com/ethereum-optimism/optimism/blob/0d9f85b4fe80fc730fe0addbaa5c04dc1cb7528f/packages/contracts-bedrock/tasks/generate-deploy-config.ts#L12" "View in source" _blank
    click v2 href "https://github.com/ethereum-optimism/optimism/blob/0d9f85b4fe80fc730fe0addbaa5c04dc1cb7528f/packages/contracts-bedrock/tasks/generate-deploy-config.ts#L10" "View in source" _blank

Loading

_{Ignore this finding from path-join-resolve-traversal.}

[mergify]

Hey @roninjin10! This PR has merge conflicts. Please fix them before continuing review.

[clabby]

Double checked docker image builds and scanned through the changes; LGTM! Thanks for getting this over the line @roninjin10 @tynes 🚀

[tynes]

Not sure what they deal with netlify is here

[roninjin10]

@tynes I know how to fix netlify from the gateway version of the pr

[roninjin10]

ugghhh netlify not sure looking into it

[roninjin10]

Ok netlify should be good now had to change some settings on netlify

[semgrep-app]

Semgrep found 1 context-todo finding:

• op-challenger/fault/agent.go: L55

Consider to use well-defined context

_{Ignore this finding from context-todo.}

[roninjin10]

I want to see this go green, then squash, then merge