|
| 1 | +import fse from 'fs-extra' |
| 2 | +import path from 'path' |
| 3 | + |
| 4 | +import type { PackageManager } from '../types.js' |
| 5 | + |
| 6 | +/* |
| 7 | + * Build scripts pnpm v11 must be allowed to run for the projects create-payload-app scaffolds; |
| 8 | + * otherwise the install fails with ERR_PNPM_IGNORED_BUILDS. esbuild/sharp/unrs-resolver cover the |
| 9 | + * default templates; workerd is required by with-cloudflare-d1. |
| 10 | + * TODO(follow-up): the CI drift guard only verifies the blank template — extend it across every |
| 11 | + * getValidTemplates() entry so this single list can't drift per-template. |
| 12 | + */ |
| 13 | +const ALLOWED_BUILDS = ['esbuild', 'sharp', 'unrs-resolver', 'workerd'] |
| 14 | + |
| 15 | +/** |
| 16 | + * pnpm v11 fails installs that have unapproved dependency build scripts, reading approvals only from |
| 17 | + * pnpm-workspace.yaml (the `pnpm` field in package.json is ignored). create-next-app now scaffolds a |
| 18 | + * placeholder `allowBuilds` block (sharp/unrs-resolver left unset) plus an `ignoredBuiltDependencies` |
| 19 | + * denylist, so we must merge rather than skip: force Payload's build scripts to `true` and remove them |
| 20 | + * from the denylist. No-op for non-pnpm package managers. |
| 21 | + */ |
| 22 | +export async function ensurePnpmBuildApprovals(args: { |
| 23 | + packageManager: PackageManager |
| 24 | + projectDir: string |
| 25 | +}): Promise<void> { |
| 26 | + const { packageManager, projectDir } = args |
| 27 | + if (packageManager !== 'pnpm') { |
| 28 | + return |
| 29 | + } |
| 30 | + |
| 31 | + const workspacePath = path.join(projectDir, 'pnpm-workspace.yaml') |
| 32 | + const existing = (await fse.pathExists(workspacePath)) |
| 33 | + ? await fse.readFile(workspacePath, 'utf-8') |
| 34 | + : '' |
| 35 | + |
| 36 | + await fse.writeFile(workspacePath, upsertBuildApprovals(existing)) |
| 37 | +} |
| 38 | + |
| 39 | +type WorkspaceBlock = { |
| 40 | + key: null | string |
| 41 | + lines: string[] |
| 42 | +} |
| 43 | + |
| 44 | +/** |
| 45 | + * Merges Payload's required build approvals into a pnpm-workspace.yaml string. Pure and idempotent: |
| 46 | + * sets each required package to `true` under `allowBuilds` (adding the block if missing) and strips |
| 47 | + * those packages from any `ignoredBuiltDependencies` denylist. Top-level keys are detected by a |
| 48 | + * zero-indent `key:`, with their two-space children grouped beneath them. |
| 49 | + */ |
| 50 | +export function upsertBuildApprovals(content: string): string { |
| 51 | + const blocks = toTopLevelBlocks(content) |
| 52 | + |
| 53 | + const ignored = blocks.find((block) => block.key === 'ignoredBuiltDependencies') |
| 54 | + if (ignored) { |
| 55 | + ignored.lines = ignored.lines.filter((line, index) => { |
| 56 | + if (index === 0) { |
| 57 | + return true |
| 58 | + } |
| 59 | + const name = /^\s*-\s*'?([^'\s]+)'?\s*$/.exec(line)?.[1] |
| 60 | + return !(name && ALLOWED_BUILDS.includes(name)) |
| 61 | + }) |
| 62 | + } |
| 63 | + |
| 64 | + const allow = blocks.find((block) => block.key === 'allowBuilds') |
| 65 | + if (allow) { |
| 66 | + for (const name of ALLOWED_BUILDS) { |
| 67 | + const pattern = new RegExp(`^\\s+'?${escapeRegExp(name)}'?:`) |
| 68 | + const index = allow.lines.findIndex((line) => pattern.test(line)) |
| 69 | + if (index >= 0) { |
| 70 | + allow.lines[index] = ` ${name}: true` |
| 71 | + } else { |
| 72 | + allow.lines.push(` ${name}: true`) |
| 73 | + } |
| 74 | + } |
| 75 | + } else { |
| 76 | + blocks.push({ |
| 77 | + key: 'allowBuilds', |
| 78 | + lines: ['allowBuilds:', ...ALLOWED_BUILDS.map((name) => ` ${name}: true`)], |
| 79 | + }) |
| 80 | + } |
| 81 | + |
| 82 | + const output = blocks.flatMap((block) => block.lines).join('\n') |
| 83 | + return output.endsWith('\n') ? output : `${output}\n` |
| 84 | +} |
| 85 | + |
| 86 | +function toTopLevelBlocks(content: string): WorkspaceBlock[] { |
| 87 | + const lines = content.length ? content.replace(/\n$/, '').split('\n') : [] |
| 88 | + const blocks: WorkspaceBlock[] = [] |
| 89 | + |
| 90 | + for (const line of lines) { |
| 91 | + const key = /^[^\s#]/.test(line) ? /^([^:]+):/.exec(line)?.[1] : undefined |
| 92 | + const current = blocks[blocks.length - 1] |
| 93 | + if (key !== undefined) { |
| 94 | + blocks.push({ key, lines: [line] }) |
| 95 | + } else if (current) { |
| 96 | + current.lines.push(line) |
| 97 | + } else { |
| 98 | + blocks.push({ key: null, lines: [line] }) |
| 99 | + } |
| 100 | + } |
| 101 | + |
| 102 | + return blocks |
| 103 | +} |
| 104 | + |
| 105 | +function escapeRegExp(value: string): string { |
| 106 | + return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') |
| 107 | +} |
0 commit comments