Move vcpkg-ce development into the vcpkg-tool repo. #428
Conversation
This change obsoletes https://github.com/microsoft/vcpkg-ce , which will be archived shortly after this merges. ce development did not maintain a linear history but vcpkg-tool does maintain a linear history, so I have not attempted to preserve "blame". The following files were not copied over: * `.git/**/*` * `.github/**/*` (workflows changes merged into pipelines.yaml) * `.scripts/verify-pr.yaml` * `.scripts/signing/**/*` * `LICENSE.md` * `test/vcpkg-ce.test.build.log` * `azure-pipelines.yml` The following files were modified: * `.vscode/**/*` was placed in the root, had paths rewritten to target the "ce" subdirectory, and a few tasks renamed to indicate that they target the "ce" subset. * `CODE_OF_CONDUCT.md`/`SECURITY.md`/`SUPPORT.md`/`PolicheckExclusion.xml` were placed in the root. * `.gitattributes` was merged with the existing one in the root. * `.gitignore` had a few things explicitly copied into the root but most were discarded. * `readme.md` had some content merged.
|
Why is yarn.js 155k lines and checked in? Can't we just require users to install yarn via npm the same way they would install all the other dependencies? |
| @@ -0,0 +1,21 @@ | |||
| MIT License | |||
There was a problem hiding this comment.
Shouldn't this be at LICENSE instead of ce/ce/LICENSE?
There was a problem hiding this comment.
This is a Node/npm artifact; ce is getting emitted as an npm package here so it needs its own copy of the license. (And I didn't think deduping this file was worth digging through npm's guts to tell it to find it somewhere else)
There was a problem hiding this comment.
It can get dropped once it's building the static binary. Since there isn't any standalone usage anymore
There was a problem hiding this comment.
I am strongly against to checking in yarn.ts.
I am 0.75 against checking in an arbitrarily modified tar stream library. I would vastly prefer either assuming the existence of tar on all machines (e.g. not work on Win7) or to use an unmodified version of the library (via npm). If we've made important bugfixes, then those fixes should be submitted upstream. If upstream is unresponsive, we shouldn't be using the library.
Having custom implementations of tar, bzip, gzip, xz, etc and corresponding test files for that is suspect. As long as the test assets are small enough, I'm ok with merging for now under the assertion that we will eliminate this later.
| // Copyright (c) Microsoft Corporation. | ||
| // Licensed under the MIT License. | ||
|
|
||
| export const project = 'environment.yaml'; |
There was a problem hiding this comment.
environment.yaml is not a supported file name, iiuc
| export const latestVersion = '*'; | ||
| export const vcpkgDownloadFolder = 'VCPKG_DOWNLOADS'; | ||
| export const globalConfigurationFile = 'vcpkg-configuration.global.json'; | ||
| export const profileNames = ['vcpkg-configuration.json', 'vcpkg-configuration.yaml', 'environment.yaml', 'environment.yml', 'environment.json']; |
There was a problem hiding this comment.
I believe vcpkg-configuration.json is the only supported filename.
There was a problem hiding this comment.
I really don't want to make functionality changes like that in this PR. I think the search behavior being wrong is already tracked by https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems/edit/1494960
| @@ -0,0 +1,58 @@ | |||
| { | |||
| "name": "tar-stream", | |||
There was a problem hiding this comment.
I'm really not keen on checking in this entire separate package including its binary test assets.
@fearthecowboy Do you know what this file is in here for? This is also the one that causes problems by tripping over policheck.
I don't think this PR is the place to address a problem like this. tar-stream is itself here to force it to get not vulnerable versions of its dependencies, see microsoft/vcpkg-ce#16 / https://github.com/BillyONeal/vcpkg-ce/pull/1
Again, this is the status quo and is here from when ce was a separate product. I do think soon we should be funneling all extraction to |
|
https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_build/results?buildId=5865809&view=results was a successful build before I fixed a few nitpicks here. https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_build/results?buildId=5868553&view=results is a build identical to the commit sha here in progress. |
|
You can remove yarn entirely. It's not necessary - it was used to bootstrap ce by itself without having to deal with npm. That's gone now, so just drop it. |
|
The tar-stream library is checked in because the upstream uses some libraries that replicate the built-in node libraries in later versions of node. The libraries allow the usage under earlier versions of node, but they caused issues with the compliance scanner, and in this case were not only completely unnecessary, but caused a bunch of bloat for no value. Stripping them out fixed the problem. If you want to replace it with calls to native tar, I have no problem with it. |
|
…atch what vcpkg expects. Note that the "VCPKG_BASE_VERSION" unset path will be substantially modified after microsoft#428 , this change always rebootstraps CE. (I can see an argument for it to never rebootstrap CE?)
…atch what vcpkg expects. Note that the "VCPKG_BASE_VERSION" unset path will be substantially modified after microsoft#428 , this change always rebootstraps CE. (I can see an argument for it to never rebootstrap CE?) Resolves https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems/edit/1494969
|
With yarn removed, I ran First, Second, Third, I don't see a single reference to the images in |
|
The |
…atch (#440) * Detect changes in the 'ce' version and rebootstrap it if it doesn't match what vcpkg expects. Note that the "VCPKG_BASE_VERSION" unset path will be substantially modified after #428 , this change always rebootstraps CE. (I can see an argument for it to never rebootstrap CE?) Resolves https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems/edit/1494969 * Add msg::print_error and msg::print_warning.
Co-authored-by: Robert Schumacher <roschuma@microsoft.com>
There was a problem hiding this comment.
Thanks @BillyONeal, that addresses my size concerns.
(Note: I have not reviewed any significant portion of the individual files in this merge.)
* Add back missing .vscode directory lost by .gitignore in #428 * [vcpkg-ce] Fix hash checks. Resolves https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems/edit/1495068 I'm not a fan of the stringly-typed API here allowing this kind of mistake to be silently made but I'm a fan of leaving this broken for a long time while we design something better worse. * Minimize VS Code support files.
This change obsoletes https://github.com/microsoft/vcpkg-ce , which will be archived shortly after this merges.
ce development did not maintain a linear history but vcpkg-tool does maintain a linear history, so I have not attempted to preserve "blame".
The following files were not copied over:
.git/**/*.github/**/*(workflows changes merged into pipelines.yaml).scripts/verify-pr.yaml.scripts/signing/**/*LICENSE.mdSUPPORT.mdtest/vcpkg-ce.test.build.logazure-pipelines.ymlThe following files were modified:
.vscode/**/*was placed in the root, had paths rewritten to target the "ce" subdirectory, and a few tasks renamed to indicate that they target the "ce" subset.CODE_OF_CONDUCT.md/SECURITY.md/SUPPORT.md/PolicheckExclusion.xmlwere placed in the root..gitattributeswas merged with the existing one in the root..gitignorehad a few things explicitly copied into the root but most were discarded.readme.mdhad some content merged.