[FOLIO-2566] SPIKE: improve dependency management on 'platform-' release branches Created: 17/Apr/20  Updated: 08/Sep/20  Resolved: 08/Sep/20

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P2
Reporter: Jakub Skoczen Assignee: John Malconian
Resolution: Done Votes: 0
Labels: devops-backlog
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-2756 Reconfigure Renovate on platform-core... Closed
relates to FOLIO-2781 Update snapshot reference builds to u... Closed
relates to FOLIO-2786 Adjust documentation for adding new b... Closed
Sprint: DevOps: Sprint 96
Development Team: FOLIO DevOps

 Description   

Document tasks/action that must be executed when creating a new release branch:

  • branch creation with initial packages
  • maintenance of the branch (adding bugfix releases)
  • etc


 Comments   
Comment by Wayne Schneider [ 22/Jun/20 ]

This raised its head again with the q1-2020 branch of platform-complete. We put a lid on it with this PR: https://github.com/folio-org/platform-complete/pull/579. Before this PR, ui-plugin-create-item was pulling in its own copy of ui-inventory (v3.0.0), which brought with it ui-quickmarc! In addition, the acquisitions plugins were pulling in their own copies of stripes-acq-components (v2.1.x), which actually contains a breaking change from v2.0.x and so probably should have been a major version update.

This begins to become an issue when modules declare dependencies separately from the dependencies declared in the platform's package.json, e.g. the platform may declare stripes-acq-components as a 2.0.0 dependency, but ui-plugin-find-order may declare it as ^2.0.0, which allows for a different minor version update to be pulled in just fro that plugin, apparently regardless of what is available from the platform itself.

The strategy I used was to pin dependencies using the resolutions key of package.json. Perhaps we need to either:

  • Adopt this method of pinning dependencies from the start in a release branch
  • Create a CI gate using the output of yarn list to ensure that multiple copies of modules in the @folio namespace are not imported
Comment by John Malconian [ 04/Sep/20 ]

The bulk of this work has been completed in FOLIO-2756 Closed . I've updated the release procedure documentation for platform-core and platform-complete in the following PR: https://github.com/folio-org/folio-org.github.io/pull/625

At this point, I'm going to re-assign this issue to David Crossley for PR approval and merge to master. The issue can be closed once PR is merged.

Comment by David Crossley [ 08/Sep/20 ]

That doc PR is merged now, and the upgraded instructions are at
https://dev.folio.org/guidelines/release-procedures/#add-to-platforms

There is now a follow-up documentation task at FOLIO-2786 Closed .

Comment by Jakub Skoczen [ 08/Sep/20 ]

John Malconian This is perfect. One thing we discussed on Tuesday is that, now, insall-extras.json on a release branch should represent the complete dependency graph for a FOLIO release. It would be great if we could automatically check that this graph is complete – e.g by asking Okapi not to provide any additional dependencies (beyond what's in the install-extras) during install.

Generated at Thu Feb 08 23:21:35 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.