Make packagemanager PNPM configurable #11200
Conversation
Signed-off-by: Thomas Scheer <scheer@semvox.de>
| * Ignore "pnpmfile" when analyzing projects. Defaults to ""--ignore-scripts" | ||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_scripts: Boolean, |
There was a problem hiding this comment.
Would you have a rationale, why this needs to be configurable?
In particular, in which cases would one want to set these to false?
There was a problem hiding this comment.
In particular, in which cases would one want to set these to
false?
I've seen cases where scripts generate files for other package managers in a multi-package-manager-setup.
There was a problem hiding this comment.
Can you please share one such case?
And also, are you sure this realted to --ignore-scripts, which to my understanding is for post installation, which in turn is for dependencies, not for (ORT) projects. And multi-package-manager-setup to me sounds like a project thing.
There was a problem hiding this comment.
Can you please share one such case?
Unfortunately not, it has been a private repository. But this project has a similar concept where react-native integration is run from scripts.
And also, are you sure this realted to --ignore-scripts, which to my understanding is for post installation,
I'm not sure, but the docs are very generic and say "Do not execute any scripts defined in the project package.json and its dependencies" (emphasis mine), so it sounds not to be limited to post-install scripts.
And multi-package-manager-setup to me sounds like a project thing.
I'm not sure what that means. There certainly are project setups where you need to know in which order to build things to get the right results, i.e. use ORT's mustRunAfter functionality.
What's the problem with making this configurable?
There was a problem hiding this comment.
In our case, the pnpmfile-mechanism is used to generate code during the build. The pnpm install won't work with --ignore-pnpmfile.
I added the second variable only for completness.
There was a problem hiding this comment.
What's the problem with making this configurable?
If it's needed to make it configurable, there is no problem at all.
I just wanted to understand the need. If there is no need I believe then it shouldn't be done.
But for ignore-scripts I found further evidence that configuration makes sense, see https://www.npmjs.com/package/can-i-ignore-scripts.
There was a problem hiding this comment.
How is the need for ignore_pnpmfile? Does this have to be configurable, or could it always be ignored?
There was a problem hiding this comment.
I guess we generally should make things configurable if they deviate from the package manager's default. PNPM's default is to not ignore scripts, and if we'd hard-code to do ignore script, that might be different from what users expect.
There was a problem hiding this comment.
I guess we generally should make things configurable if they deviate from the package manager's default.
I believe we used to follow the rule to make things configurable only if needed, and not if it deviates from default.
It would be relatively easy to come up with a list of counter examples, invalidating this rule. For exmaple, we do set the node-linker and this should not be configurable.
| /** | ||
| * The version of PNPM to use when analyzing projects. Defaults to the version 10.24.0 | ||
| */ | ||
| val pnpmVersion: String?, |
| * Ignore "pnpmfile" when analyzing projects. Defaults to "--ignore-pnpmfile" | ||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_pnpmfile: Boolean, |
There was a problem hiding this comment.
Please stick to camel-case option names.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| /** | ||
| * Ignore "pnpmfile" when analyzing projects. Defaults to "--ignore-pnpmfile" | ||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_pnpmfile: Boolean, |
Check warning
Code scanning / detekt
Constructor parameter names should follow the naming convention set in the projects configuration. Warning
| /** | ||
| * Ignore "pnpmfile" when analyzing projects. Defaults to ""--ignore-scripts" | ||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_scripts: Boolean, |
Check warning
Code scanning / detekt
Constructor parameter names should follow the naming convention set in the projects configuration. Warning
| * Ignore "pnpmfile" when analyzing projects. Defaults to ""--ignore-scripts" | ||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_scripts: Boolean, |
Check warning
Code scanning / detekt
Rule to mandate/forbid trailing commas at declaration sites Warning
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_scripts: Boolean, | ||
|
|
||
|
|
Check warning
Code scanning / detekt
Reports consecutive blank lines Warning
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_scripts: Boolean, | ||
|
|
||
|
|
Check warning
Code scanning / detekt
Detects trailing spaces Warning
| factory = PackageManagerFactory::class | ||
| ) | ||
| class Pnpm(override val descriptor: PluginDescriptor = PnpmFactory.descriptor) : | ||
| class Pnpm(override val descriptor: PluginDescriptor = PnpmFactory.descriptor, private val config: PnPMConfig) : |
Check warning
Code scanning / detekt
Detects trailing spaces Warning
| class Pnpm(override val descriptor: PluginDescriptor = PnpmFactory.descriptor) : | ||
| class Pnpm(override val descriptor: PluginDescriptor = PnpmFactory.descriptor, private val config: PnPMConfig) : | ||
| NodePackageManager(NodePackageManagerType.PNPM) { | ||
|
|
Check warning
Code scanning / detekt
Detects trailing spaces Warning
| } | ||
|
|
||
| private fun installDependencies(workingDir: File, scopes: Collection<Scope>) { | ||
|
|
Check warning
Code scanning / detekt
Reports methods that have an empty first line. Warning
| } | ||
|
|
||
| private fun installDependencies(workingDir: File, scopes: Collection<Scope>) { | ||
|
|
Check warning
Code scanning / detekt
Detects trailing spaces Warning
| * Ignore "pnpmfile" when analyzing projects. Defaults to "--ignore-pnpmfile" | ||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_pnpmfile: Boolean, |
Check notice
Code scanning / QDJVMC
Property naming convention Note
| * Ignore "pnpmfile" when analyzing projects. Defaults to ""--ignore-scripts" | ||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_scripts: Boolean, |
Check notice
Code scanning / QDJVMC
Property naming convention Note
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #11200 +/- ##
=========================================
Coverage 57.47% 57.48%
Complexity 1704 1704
=========================================
Files 346 346
Lines 12855 12861 +6
Branches 1222 1224 +2
=========================================
+ Hits 7389 7393 +4
Misses 4992 4992
- Partials 474 476 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| val pnpmVersion: String?, | ||
|
|
||
| /** | ||
| * Ignore "pnpmfile" when analyzing projects. Defaults to "--ignore-pnpmfile" |
There was a problem hiding this comment.
If the KDoc mention the default value, it should imho use the Boolean type.
3 participants
To be able to configure the PNPM packagemanager via config.yml or ort.yml, it is necessary to provide the Config in Pnpm.kt