base-setup: simplify caching and support pnpm#266
Conversation
| if [ -f pnpm-lock.yaml ]; then | ||
| echo "manager=pnpm" >> $GITHUB_OUTPUT | ||
| elif [ -f yarn.lock ]; then | ||
| echo "manager=yarn" >> $GITHUB_OUTPUT | ||
| elif [ -f package-lock.json ]; then | ||
| echo "manager=npm" >> $GITHUB_OUTPUT | ||
| fi |
There was a problem hiding this comment.
- Do we know of any repositories where the lock file is in a subdirectory?
- What happens if there is no lock file, e.g. a repo does not include frontnend code? I think
jupyter-airepo is one example that falls in that category. Should we skip installing node in that case?
There was a problem hiding this comment.
Do we know of any repositories where the lock file is in a subdirectory?
Yes there are some, for example https://github.com/voila-dashboards/voici/blob/main/python/voici-core/yarn.lock
What happens if there is no lock file, e.g. a repo does not include frontnend code? I think jupyter-ai repo is one example that falls in that category. Should we skip installing node in that case?
For Python monorepos probably it would make sense to not install Node. But not sure how disruptive this could be for those assuming Node was always available.
There was a problem hiding this comment.
OK, just pushed a change to use the built-in hashFiles to more easily detect any lock files that may be located in subfolders.
Maybe we can look into skipping the setup-node separately.
There was a problem hiding this comment.
Maybe we can look into skipping the
setup-nodeseparately.
Opened #271
3 participants
Changes
pnpmto help with:jlpmand recent NPM supply chain attacks jupyterlab#17913jlpmforpnpmgeojupyter/jupytergis#1002