Improve the workflow for publishing packages to npm #11780
Comments
gziolo
added
npm Packages
OTP prompts are now implemented in Lerna and we have already upgraded the version we use. This part can be considered done. |
gziolo
added
the
[Type] Project Management
There is a rule that could help us in this regard:
I'm not sure how we could implement this rule with Lerna though to be honest, as the files in the repo (even tagged releases) still require |
|
Observations whilst looking to publish package updates to npm: Background: This PR has not been published to npm and is causing issues due to semantic versioning of packages included in the Being able to publish updates to npm in this situations where a package that is becoming highly depended upon should be something that we should be able to do without having to wait for a WordPress major/minor release. Note: I believe this is currently possibly, just undocumented. My best guess based on the Packages Releases and WordPress Core Updates docs was to cherry pick the commit referenced from the above PR into the That's where I got to and have not gone any further. |
I'm sure, it's enough to cherry pick this individual commit directly into |
Thanks, will give this a go I've created a pull request in #19381 to document the procedure. |
|
#19764 automates version bumps by updating CHANGELOG files with the recommended version and publish date. |
|
I think the workflow is in good shape. We still test published packages manually. However, we now have packages-update script in @wordpress/script package that makes it easier to update npm packages. We also regularly update those packages in WordPress core and gutenberg-examples repositories so it’s very unlikely that we ship something completely broken. |
It was dicussed on November 13th during weekly WordPress core JavaScript chat. See transcript for more details.
We should join the discussion in RFC: Improving
lerna publishissue in Lerna repository and re-share what's included below.When working on the WordPress 5.0 release cycle we noticed that our workflow for publishing packages to npm isn't ideal. Using Lerna helps a lot but it doesn't solve all issues. We should work towards improving the workflow and address the following items.
✅ Improve the way version bumps are maintained
At the moment we defer to Lerna performing version increments for all packages. We only express our intent for the change inside of the corresponding changelog files when working on PRs. The biggest downside of this approach is that we need to scan all existing changelog files during publishing and re-apply manually the proper version bump for each package. It would be a nice improvement if we could update both changelog and
package.jsonwith a new version at the same time when PR gets merged. Lerna could use that and skip the step to ask what version should be applied.There is also this issue that some packages get updated only because they depend on other updated packages. This is where Lerna is the most helpful because it's almost impossible to detect it manually when you have to maintain 50 packages with independent versioning.
We should investigate whether from-git option would fit in our scenario as it allows to automate version bumps in some ways.
One thing which didn't work well in the past is pushing publish commit. It takes some time to provide all version increments and publish all packages. We had the case where new commit was pushed to
masterwhich broke the flow two-fold. We had to rebase the branch before pushing changes which caused that git hash references weren't working properly anymore. Next time we asked Lerna to list which packages have changed, it had to use the previous hash which wasn't ideal.✅ Help Lerna maintainers to improve publish failures
In the past, we had publishing failures caused by 2FA timeout where we had more packages to publish than it could be handled in 30 seconds. The following steps don't quite work well in the majority of cases:
git push --tagsto send them to upstream (ensure you didn’t create your own tags).git pushto send it to upstream (ensure your history is in the proper state).package.jsonfiles (e.x."@wordpress/compose": "^1.0.0").cdto each package that needs to be published and runnpm publish --otp=******.It's tons of manual work and we had 2 releases where we published local paths inside
package.jsonfiles instead of the latest version of dependencies. Example package which was published by accident with the local path instead of npm version:https://unpkg.com/@wordpress/block-library@2.2.0/package.json
There is an open issue where improved 2FA Support is discussed. However, 2FA isn't the only thing that could go wrong in the process so it would be nice to see publish re-tries in the flow and prompts for new OTP token when the current one expires.
☑️ Add on-demand verification for published packages
The last item which I would love to see is a way to verify if published packages are healthy. As mentioned above, we had 2 cases where 2FA timeout caused some issues which led to having broken
package.jsonfiles on npm. It might happen again, so we should be at least able to detect it immediately and take proper actions.The text was updated successfully, but these errors were encountered: