From e1efb4d7acbacf57d94888087e6f03e48bad64c7 Mon Sep 17 00:00:00 2001 From: kumavis Date: Wed, 25 Sep 2019 20:01:10 +0800 Subject: [PATCH] ci - install deps - limit install scripts to whitelist (#7208) * ci - install deps - limit install scripts to those needed for build * Update .circleci/scripts/deps-install.sh Co-Authored-By: Mark Stacey * ci - install deps - expand install scripts needed for tests * ci - install deps - expand install scripts needed for integration tests * ci - install deps - fix node-sass script ref * github - set codeowners for scripts/deps-install * development - add utility to show deps with install scripts * lint fix * deps - move read-installed to devDeps --- .circleci/config.yml | 2 +- .circleci/scripts/deps-install.sh | 22 ++++++++ .github/CODEOWNERS | 2 +- development/show-deps-install-scripts.js | 28 ++++++++++ package.json | 1 + yarn.lock | 68 +++++++++++++++++++++++- 6 files changed, 119 insertions(+), 4 deletions(-) create mode 100755 .circleci/scripts/deps-install.sh create mode 100644 development/show-deps-install-scripts.js diff --git a/.circleci/config.yml b/.circleci/config.yml index 9edcd1871..789434345 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -95,7 +95,7 @@ jobs: - run: name: Install deps command: | - yarn --frozen-lockfile --har + .circleci/scripts/deps-install.sh - run: name: Collect yarn install HAR logs command: | diff --git a/.circleci/scripts/deps-install.sh b/.circleci/scripts/deps-install.sh new file mode 100755 index 000000000..20954ec0b --- /dev/null +++ b/.circleci/scripts/deps-install.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +set -x + +yarn --frozen-lockfile --ignore-scripts --har + +# run each in subshell so directory change does not persist +# scripts can be any of: +# preinstall +# install +# postinstall + +# for build +(cd node_modules/node-sass && yarn run postinstall) +(cd node_modules/optipng-bin && yarn run postinstall) +(cd node_modules/gifsicle && yarn run postinstall) +(cd node_modules/jpegtran-bin && yarn run postinstall) + +# for test +(cd node_modules/scrypt && yarn run install) +(cd node_modules/weak && yarn run install) +(cd node_modules/chromedriver && yarn run install) +(cd node_modules/geckodriver && yarn run postinstall) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index adef939d1..90936ceea 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -5,4 +5,4 @@ package.json @danjm @whymarrh @Gudahtt yarn.lock @danjm @whymarrh @Gudahtt ui/ @danjm @whymarrh @Gudahtt app/scripts/controllers/transactions @frankiebee - +.circleci/scripts/deps-install.sh @kumavis @Gudahtt \ No newline at end of file diff --git a/development/show-deps-install-scripts.js b/development/show-deps-install-scripts.js new file mode 100644 index 000000000..03a9bb859 --- /dev/null +++ b/development/show-deps-install-scripts.js @@ -0,0 +1,28 @@ +// This script lists all dependencies that have package install scripts +const path = require('path') +const readInstalled = require('read-installed') + +const installScripts = ['preinstall', 'install', 'postinstall'] + +readInstalled('./', { dev: true }, function (err, data) { + if (err) throw err + + const deps = data.dependencies + Object.entries(deps).forEach(([packageName, packageData]) => { + const packageScripts = packageData.scripts || {} + const scriptKeys = Reflect.ownKeys(packageScripts) + + const hasInstallScript = installScripts.some(installKey => scriptKeys.includes(installKey)) + if (!hasInstallScript) return + + const matchingScripts = {} + if (packageScripts.preinstall) matchingScripts.preinstall = packageScripts.preinstall + if (packageScripts.install) matchingScripts.install = packageScripts.install + if (packageScripts.postinstall) matchingScripts.postinstall = packageScripts.postinstall + const scriptNames = Reflect.ownKeys(matchingScripts) + + const relativePath = path.relative(process.cwd(), packageData.path) + + console.log(`${packageName}: ${relativePath} ${scriptNames}`) + }) +}) diff --git a/package.json b/package.json index ef98d6880..388db4506 100644 --- a/package.json +++ b/package.json @@ -202,6 +202,7 @@ "css-loader": "^2.1.1", "deep-freeze-strict": "^1.1.1", "del": "^3.0.0", + "read-installed": "^4.0.3", "deps-dump": "^1.1.0", "envify": "^4.0.0", "enzyme": "^3.4.4", diff --git a/yarn.lock b/yarn.lock index ce216be05..1686d3ec2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3650,7 +3650,7 @@ arrify@^1.0.0, arrify@^1.0.1: resolved "https://registry.yarnpkg.com/arrify/-/arrify-1.0.1.tgz#898508da2226f380df904728456849c1501a4b0d" integrity sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0= -asap@^2.0.6, asap@~2.0.3: +asap@^2.0.0, asap@^2.0.6, asap@~2.0.3: version "2.0.6" resolved "https://registry.yarnpkg.com/asap/-/asap-2.0.6.tgz#e50347611d7e690943208bbdafebcbc2fb866d46" integrity sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY= @@ -7887,6 +7887,11 @@ debug@^4.0.0, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@~4.1.0: dependencies: ms "^2.1.1" +debuglog@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492" + integrity sha1-qiT/uaw9+aI1GDfPstJ5NgzXhJI= + decamelize-keys@^1.0.0: version "1.1.0" resolved "https://registry.yarnpkg.com/decamelize-keys/-/decamelize-keys-1.1.0.tgz#d171a87933252807eb3cb61dc1c1445d078df2d9" @@ -8323,6 +8328,14 @@ detectrtc@^1.3.6: resolved "https://registry.yarnpkg.com/detectrtc/-/detectrtc-1.3.6.tgz#dabc0353981a3da7732de969071c08b6dddd5b59" integrity sha1-2rwDU5gaPadzLelpBxwItt3dW1k= +dezalgo@^1.0.0: + version "1.0.3" + resolved "https://registry.yarnpkg.com/dezalgo/-/dezalgo-1.0.3.tgz#7f742de066fc748bc8db820569dddce49bf0d456" + integrity sha1-f3Qt4Gb8dIvI24IFad3c5Jvw1FY= + dependencies: + asap "^2.0.0" + wrappy "1" + di@^0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/di/-/di-0.0.1.tgz#806649326ceaa7caa3306d75d985ea2748ba913c" @@ -18933,6 +18946,16 @@ nopt@^4.0.1: abbrev "1" osenv "^0.1.4" +normalize-package-data@^2.0.0: + version "2.5.0" + resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.5.0.tgz#e66db1838b200c1dfc233225d12cb36520e234a8" + integrity sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA== + dependencies: + hosted-git-info "^2.1.4" + resolve "^1.10.0" + semver "2 || 3 || 4 || 5" + validate-npm-package-license "^3.0.1" + normalize-package-data@^2.3.2, normalize-package-data@^2.3.4: version "2.4.0" resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.4.0.tgz#12f95a307d58352075a04907b84ac8be98ac012f" @@ -22155,6 +22178,20 @@ read-all-stream@^3.0.0: pinkie-promise "^2.0.0" readable-stream "^2.0.0" +read-installed@^4.0.3: + version "4.0.3" + resolved "https://registry.yarnpkg.com/read-installed/-/read-installed-4.0.3.tgz#ff9b8b67f187d1e4c29b9feb31f6b223acd19067" + integrity sha1-/5uLZ/GH0eTCm5/rMfayI6zRkGc= + dependencies: + debuglog "^1.0.1" + read-package-json "^2.0.0" + readdir-scoped-modules "^1.0.0" + semver "2 || 3 || 4 || 5" + slide "~1.1.3" + util-extend "^1.0.1" + optionalDependencies: + graceful-fs "^4.1.2" + read-only-stream@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/read-only-stream/-/read-only-stream-2.0.0.tgz#2724fd6a8113d73764ac288d4386270c1dbf17f0" @@ -22162,6 +22199,18 @@ read-only-stream@^2.0.0: dependencies: readable-stream "^2.0.2" +read-package-json@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/read-package-json/-/read-package-json-2.1.0.tgz#e3d42e6c35ea5ae820d9a03ab0c7291217fc51d5" + integrity sha512-KLhu8M1ZZNkMcrq1+0UJbR8Dii8KZUqB0Sha4mOx/bknfKI/fyrQVrG/YIt2UOtG667sD8+ee4EXMM91W9dC+A== + dependencies: + glob "^7.1.1" + json-parse-better-errors "^1.0.1" + normalize-package-data "^2.0.0" + slash "^1.0.0" + optionalDependencies: + graceful-fs "^4.1.2" + read-pkg-up@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/read-pkg-up/-/read-pkg-up-1.0.1.tgz#9d63c13276c065918d57f002a57f40a1b643fb02" @@ -22272,6 +22321,16 @@ readable-stream@~2.0.6: string_decoder "~0.10.x" util-deprecate "~1.0.1" +readdir-scoped-modules@^1.0.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/readdir-scoped-modules/-/readdir-scoped-modules-1.1.0.tgz#8d45407b4f870a0dcaebc0e28670d18e74514309" + integrity sha512-asaikDeqAQg7JifRsZn1NJZXo9E+VwlyCfbkZhwyISinqk5zNS6266HS5kah6P0SaQKGF6SkNnZVHUzHFYxYDw== + dependencies: + debuglog "^1.0.1" + dezalgo "^1.0.0" + graceful-fs "^4.1.2" + once "^1.3.0" + readdirp@^2.0.0: version "2.1.0" resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-2.1.0.tgz#4ed0ad060df3073300c48440373f72d1cc642d78" @@ -24057,7 +24116,7 @@ slice-ansi@^2.1.0: astral-regex "^1.0.0" is-fullwidth-code-point "^2.0.0" -slide@^1.1.5: +slide@^1.1.5, slide@~1.1.3: version "1.1.6" resolved "https://registry.yarnpkg.com/slide/-/slide-1.1.6.tgz#56eb027d65b4d2dce6cb2e2d32c4d4afc9e1d707" integrity sha1-VusCfWW00tzmyy4tMsTUr8nh1wc= @@ -26709,6 +26768,11 @@ util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1: resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8= +util-extend@^1.0.1: + version "1.0.3" + resolved "https://registry.yarnpkg.com/util-extend/-/util-extend-1.0.3.tgz#a7c216d267545169637b3b6edc6ca9119e2ff93f" + integrity sha1-p8IW0mdUUWljeztu3GypEZ4v+T8= + util.promisify@1.0.0, util.promisify@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/util.promisify/-/util.promisify-1.0.0.tgz#440f7165a459c9a16dc145eb8e72f35687097030"