fix(fetcher): offline mirror name collision w/ private registries and scopes #4822
Conversation
|
This change will decrease the build size from 10.24 MB to 9.94 MB, a decrease of 301.14 KB (3%)
|
|
The two failures in one of the travis builds look to me like unrelated test flakes; the code I touched shouldn't affect either of those two operations. Is there a way to retrigger the build to see if it duplicates? |
There was a problem hiding this comment.
Thanks a lot for doing this!
I have 3 requests before merging tho:
- A more concise and accurate PR summary. Right now I understand the problem but I cannot determine if it is the offline mirror or just the cache. I'm guessing it is the cache.
- Naming those constants you have changed. What is
4and why is it4? Why does it mean scoped? These are not obvious from the code. - At least one test that was failing without your fix and passing with the fix.
Sounds good?
… packages When using artifactory as an internal npm registry in conjunction with scoped packages, yarn install was failing (about 50% of the time) with messages of the form Hashes don't match when extracting file "https://artifactory.internal.site:443/artifactory/api/npm/external-mirror/@types/react/-/react-15.6.4.tgz". Expected "3bb57bd43183a05919ceb025a264287348f47e9d" but got "da39a3ee5e6b4b0d3255bfef95601890afd80709" The problem was that yarn was writing both @types/react-15.6.4.tgz and react-15.6.4.tgz to the same location within the offline mirror due to making an assumption about no additional leading paths before the scope name in the URL -- an assumption which was true for registry.npmjs.org, but not for artifactory npm repositories.
newren
force-pushed
the
fix/yarn-local-mirror-scoping-issue
branch
from
d7111f6 to
b85ab09
Compare
newren
changed the title
|
Thanks for the review! I've tried to address each of your three issues, but I'm still a newbie to the web development side of programming, so if I missed anything or there's further changes you'd like to see, just let me know. |
|
The failed builds look like flakes to me; my code didn't touch the codepaths of the tests that failed, plus some were just timeouts. Is there a way to retrigger those tests or something? |
|
Hey, @BYK was just curious if my changes still needed further fixes or if they're now to your liking. (As mentioned above, the test failures look like unrelated flakes and I don't seem to have perms to retrigger the builds.) If you're just busy, I understand; just pinging in case my update fell through the cracks. |
|
Woops, sorry for the silence. This fell off my radar. Doing another pass now. |
BYK
dismissed
their stale review
I changed the code a bit so need @arcanis to review
BYK
changed the title
BYK
changed the title
There was a problem hiding this comment.
Thanks for circling back! It's good to see this moving forward again. We're internally using a fork of yarn, but really don't want to do that forever. Your changes look like they'd handle most cases, but I think there's an issue with internal team-scoped packages.
src/fetchers/tarball-fetcher.js
Outdated
| @@ -17,6 +17,8 @@ const stream = require('stream'); | |||
| const gunzip = require('gunzip-maybe'); | |||
| const invariant = require('invariant'); | |||
|
|
|||
| const RE_URL_NAME_MATCH = /\/(?:(@[^/]+)\/)?[^/]+\/-\/([^/]+)$/; | |||
There was a problem hiding this comment.
I think this will fail for some packages. For example, looking at some sample resolved urls in a random local yarn.lock, it appears that most would match your regex, such as ones of the form
https://publish.internal.site:443/artifactory/api/npm/external-npm/abab/-/abab-1.0.3.tgz
or
https://publish.internal.site:443/artifactory/api/npm/external-npm/@types/react/-/react-15.0.38.tgz
However, there are also some of the form
It looks like all internally team-scoped packages appear to have an extra "/@team/" between the "/-/" and the tarballBasename.
There was a problem hiding this comment.
That's quite weird and it was also what I feared. We can tune the regex to handle these too but ideally, we should not be extracting the scope information from the URL anyway.
Since changing the names of these files would invalidate any existing offline mirror, we need to find a migration path when doing this in a better way.
There was a problem hiding this comment.
I've pushed a new change but I also need to extend and refactor the tests to cover this new scenario. Feel free to add them since I can't look at this patch until tomorrow.
…readdir_files * upstream/master: fix(cli): Write Node4+ error message to stderr (yarnpkg#5094) test(jest): Upgrade jest to latest available version (yarnpkg#5018) fix(git): Ignores irrelevant output from ls-remote (yarnpkg#5081) test(integration): Fix failing react-scripts test due to unexpected warning (yarnpkg#5076) feat(help) Add command descriptions to commander output (yarnpkg#5033) ci(circle): Fix cache key setup for proper node_modules sharing (yarnpkg#5060) fixed (yarnpkg#5034) fix(fetcher): offline mirror name collision w/ private registries and scopes (yarnpkg#4822) fix(add): Make semver flags compatible with versioned requests (yarnpkg#4999) [yarnpkg#5021] Add help comment to --json flag (yarnpkg#5045) fix(git): match git dependencies by name instead of whole url fix(install): connectionOptions passes in localhost as its host to prevent popup on MacOsx. (yarnpkg#5006) chore(eslint): ignore packages dir (yarnpkg#4963)
…readdir_files * upstream/master: fix(cli): Write Node4+ error message to stderr (yarnpkg#5094) test(jest): Upgrade jest to latest available version (yarnpkg#5018) fix(git): Ignores irrelevant output from ls-remote (yarnpkg#5081) test(integration): Fix failing react-scripts test due to unexpected warning (yarnpkg#5076) feat(help) Add command descriptions to commander output (yarnpkg#5033) ci(circle): Fix cache key setup for proper node_modules sharing (yarnpkg#5060) fixed (yarnpkg#5034) fix(fetcher): offline mirror name collision w/ private registries and scopes (yarnpkg#4822) fix(add): Make semver flags compatible with versioned requests (yarnpkg#4999) [yarnpkg#5021] Add help comment to --json flag (yarnpkg#5045) fix(git): match git dependencies by name instead of whole url fix(install): connectionOptions passes in localhost as its host to prevent popup on MacOsx. (yarnpkg#5006) chore(eslint): ignore packages dir (yarnpkg#4963)
…readdir_files * upstream/master: fix(cli): Write Node4+ error message to stderr (yarnpkg#5094) test(jest): Upgrade jest to latest available version (yarnpkg#5018) fix(git): Ignores irrelevant output from ls-remote (yarnpkg#5081) test(integration): Fix failing react-scripts test due to unexpected warning (yarnpkg#5076) feat(help) Add command descriptions to commander output (yarnpkg#5033) ci(circle): Fix cache key setup for proper node_modules sharing (yarnpkg#5060) fixed (yarnpkg#5034) fix(fetcher): offline mirror name collision w/ private registries and scopes (yarnpkg#4822) fix(add): Make semver flags compatible with versioned requests (yarnpkg#4999) [yarnpkg#5021] Add help comment to --json flag (yarnpkg#5045) fix(git): match git dependencies by name instead of whole url fix(install): connectionOptions passes in localhost as its host to prevent popup on MacOsx. (yarnpkg#5006) chore(eslint): ignore packages dir (yarnpkg#4963)
Summary
When using artifactory as an internal npm registry in conjunction with scoped packages, yarn install was failing (about 50% of the time) with messages of the form
The problem was that yarn was writing both
@types/react-15.6.4.tgzandreact-15.6.4.tgzto the same location within the offline mirror due to making an assumption about no additional leading paths before the scope name in the URL -- an assumption which was true for registry.npmjs.org, but not for artifactory npm repositories.Test plan
Added a new unit test.