From 3d2dfaccdef8d608cbf3c4baeeefdd2098a47ed3 Mon Sep 17 00:00:00 2001
From: Jan Lehnardt <jan@apache.org>
Date: Mon, 15 Jul 2019 14:14:50 +0200
Subject: [PATCH] fix(monorepo): avoid fetching infos for internal dependencies

yarn monorepos are identified by packageJson.workspaceRoot.
if we are handling one of those, we might encounter a [sub-]
package.json that specifies a dependency like this:
"@reponame/dependency": "*" which looks like a scoped npm
dependency, but is in reality a in-monorepo dependency.
For those dependencies, we should not try to fetch infos
from npm, because the dependencies are not there.
---
 .../initial-branch-utils.js.snap              | 36 ++++++++++++++++
 test/utils/initial-branch-utils.js            | 42 +++++++++++++++++++
 utils/initial-branch-utils.js                 | 14 +++++++
 3 files changed, 92 insertions(+)
 create mode 100644 test/utils/__snapshots__/initial-branch-utils.js.snap

diff --git a/test/utils/__snapshots__/initial-branch-utils.js.snap b/test/utils/__snapshots__/initial-branch-utils.js.snap
new file mode 100644
index 00000000..796b4582
--- /dev/null
+++ b/test/utils/__snapshots__/initial-branch-utils.js.snap
@@ -0,0 +1,36 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`initial branch utils getDependenciesFromPackageFiles duplicate dependency across dep type 1`] = `
+Array [
+  Object {
+    "name": "@finnpauls/dep",
+    "type": "devDependencies",
+    "version": "1.0.0",
+  },
+]
+`;
+
+exports[`initial branch utils getDependenciesFromPackageFiles single devDependency 1`] = `
+Array [
+  Object {
+    "name": "@finnpauls/dep",
+    "type": "devDependencies",
+    "version": "1.0.0",
+  },
+]
+`;
+
+exports[`initial branch utils getDependenciesFromPackageFiles workspace 1`] = `
+Array [
+  Object {
+    "name": "@finnpauls/blup",
+    "type": "devDependencies",
+    "version": "1.0.0",
+  },
+  Object {
+    "name": "florp",
+    "type": "dependencies",
+    "version": "1.2.3",
+  },
+]
+`;
diff --git a/test/utils/initial-branch-utils.js b/test/utils/initial-branch-utils.js
index 952bb457..53328cf9 100644
--- a/test/utils/initial-branch-utils.js
+++ b/test/utils/initial-branch-utils.js
@@ -87,3 +87,45 @@ describe('create initial branch', () => {
     expect(updatedDependencies[0].newVersion).toEqual('2.0.0')
   })
 })
+
+/*
+function getDependenciesFromPackageFiles (packagePaths, packageJsonContents) {
+*/
+
+const { getDependenciesFromPackageFiles } = require('../../utils/initial-branch-utils')
+describe('initial branch utils', () => {
+  test('getDependenciesFromPackageFiles single devDependency', () => {
+    const paths = [
+      'foobar/package.json'
+    ]
+    const contents = { 'foobar/package.json': { devDependencies: { '@finnpauls/dep': '1.0.0' } } }
+    const result = getDependenciesFromPackageFiles(paths, contents)
+    expect(result).toMatchSnapshot()
+  })
+
+  test('getDependenciesFromPackageFiles duplicate dependency across dep type', () => {
+    const paths = [
+      'foobar/package.json',
+      'bazquux/package.json'
+    ]
+    const contents = {
+      'foobar/package.json': { devDependencies: { '@finnpauls/dep': '1.0.0' } },
+      'bazquux/package.json': { devDependencies: { '@finnpauls/dep': '1.0.0' } }
+    }
+    const result = getDependenciesFromPackageFiles(paths, contents)
+    expect(result).toMatchSnapshot()
+  })
+
+  test('getDependenciesFromPackageFiles workspace', () => {
+    const paths = [
+      'package.json',
+      'bazquux/package.json'
+    ]
+    const contents = {
+      'package.json': { devDependencies: { '@finnpauls/blup': '1.0.0' }, workspaceRoot: 'bazquux/' },
+      'bazquux/package.json': { devDependencies: { '@finnpauls/dep': '*' }, dependencies: { 'florp': '1.2.3' } }
+    }
+    const result = getDependenciesFromPackageFiles(paths, contents)
+    expect(result).toMatchSnapshot()
+  })
+})
diff --git a/utils/initial-branch-utils.js b/utils/initial-branch-utils.js
index 300b0ee4..b9c26173 100644
--- a/utils/initial-branch-utils.js
+++ b/utils/initial-branch-utils.js
@@ -14,11 +14,25 @@ const registryUrl = env.NPM_REGISTRY
   }]
 */
 function getDependenciesFromPackageFiles (packagePaths, packageJsonContents) {
+  /*
+    yarn monorepos are identified by packageJson.workspaceRoot.
+    if we are handling one of those, we might encounter a [sub-]
+    package.json that specifies a dependency like this:
+    "@reponame/dependency": "*" which looks like a scoped npm
+    dependency, but is in reality a in-monorepo dependency.
+    For those dependencies, we should not try to fetch infos
+    from npm, because the dependencies are not there.
+  */
+  const isMonorepo = !!_.get(packageJsonContents['package.json'], 'workspaceRoot')
+  const isMonorepoStar = ({ name, version, type }) => {
+    return !(isMonorepo && version === '*')
+  }
   return _.compact(_.uniqWith(_.flatten(packagePaths.map(path => {
     return _.flatten(
       ['dependencies', 'devDependencies', 'optionalDependencies'].map(type => {
         if (packageJsonContents[path]) {
           return _.map(packageJsonContents[path][type], (version, name) => ({ name, version, type }))
+            .filter(isMonorepoStar)
         }
       })
     )