fix: package json can have no dependencies

derberg · derberg · commit 033aa3445057 · 2020-12-04T14:19:07.000+01:00
diff --git a/README.md b/README.md
@@ -15,7 +15,25 @@ GitHub Action that handles automated update of dependencies in package.json betw
 
 ## Why I Created This Action?
 
-//TODO
+GitHub Action that handles automated update of dependencies in package.json between projects from the same GitHub organization.
+
+The main goal was to automate bump of dependencies between packages from the same organization. You might have several projects depending on each other, and your option to efficiently work with them should not only be a monorepo. In my opinion, people reach for monorepo to quickly, letting themselves to solve one complex problem by introducing another one. 
+
+You cannot apply monorepo everywhere, sometimes it doesn't make sense, and you still have some dependencies that you need to bump manually. This action doesn't have such a problem.
+
+## How It Works?
+
+tl;dr To find dependent projects, GitHub Search is utilized.
+
+1. You run this action in package `@myorg/test`
+1. After releasing `@myorg/test`, you want latest version of the package to be bumped in other packages in your organization/user called `myorg`
+1. The following search is performed `"@myorg/test" user:myorg in:file filename:package.json`
+1. Search is not perfect, quotations from `"@myorg/test"` are ignored and result can also contain repositories that have only `@myorg/test-sdk` as dependency
+1. All found repositories are cloned (except of `@myorg/test`)
+1. Action verifies if you really have `@myorg/test` in dependencies or devDependencies
+1. Now the rest, bumping + pushing + creating a pull request
+
+Approach with using GitHub search has only one disadvantage, bumping will not work in forks, as forks do not show up in search results. It is still better than cloning all repositories from your organization.
 
 ## Action Flow
 
@@ -48,11 +66,4 @@ repos_to_ignore | Comma-separated list of repositories that should not get updat
 # GITHUB_REPOSITORY provide name of org/user and the repo in which this workflow is suppose to run
 # PACKAGE_JSON_LOC=test is a path to package.json file against you want to test
 GITHUB_TOKEN=token PACKAGE_JSON_LOC=test GITHUB_REPOSITORY="lukasz-lab/.github" npm start
-```
-
-## TODO
-
-This action should not be used yet. I need to:
-- write decent amount of tests as this action can do some harm
-- make final clarification of search usage
-- provide examples
+```
diff --git a/dist/index.js b/dist/index.js
@@ -11420,14 +11420,19 @@ const { createBranch, clone, push } = __webpack_require__(374);
 const { getReposList, createPr, getRepoDefaultBranch } = __webpack_require__(119);
 const { readPackageJson, parseCommaList, verifyDependencyType, installDependency } = __webpack_require__(918);
 
+/* eslint-disable sonarjs/cognitive-complexity */
+/**
+ * Disabled the rule for this function as there is no way to make it shorter in a meaningfull way.
+ * It looks complex because of extensive usage of core package to log as much as possible
+ */
 async function run() {
   try {
     const gitHubKey = process.env.GITHUB_TOKEN || core.getInput('github_token', { required: true });
     const committerUsername = core.getInput('committer_username') || 'web-flow';
     const committerEmail = core.getInput('committer_email') || 'noreply@github.com';
     const commitMessageProd = core.getInput('commit_message_prod') || 'Update dependency';
     const commitMessageDev = core.getInput('commit_message_dev') || 'Update devDependency';
-    const packageJsonPath = process.env.PACKAGE_JSON_LOC || core.getInput('packagejson_loc');
+    const packageJsonPath = process.env.PACKAGE_JSON_LOC || core.getInput('packagejson_loc') || './';
     const reposToIgnore = core.getInput('repos_to_ignore');
 
     const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
@@ -11436,7 +11441,7 @@ async function run() {
     //by default repo where workflow runs should always be ignored
     ignoredRepositories.push(repo);
 
-    const { name: dependencyName, version: dependencyVersion} = await readPackageJson(__webpack_require__.ab + "org-projects-dependency-manager/" + packageJsonPath || './' + '/package.json');
+    const { name: dependencyName, version: dependencyVersion} = await readPackageJson(__webpack_require__.ab + "org-projects-dependency-manager/" + packageJsonPath + '/package.json');
     core.info(`Identified dependency name as ${dependencyName} with version ${dependencyVersion}. Now it will be bumped in dependent projects.`);
 
     const reposList = await getReposList(octokit, dependencyName, owner);
@@ -11448,7 +11453,7 @@ async function run() {
     for (const {path: filepath, repository: { name, html_url, node_id }} of reposList) {
       if (ignoredRepositories.includes(name)) continue;
 
-      const cloneDir = __webpack_require__.ab + "clones/" + name;
+      const cloneDir = path.join(process.cwd(), './clones', name);
       await mkdir(cloneDir, {recursive: true});
 
       const branchName = `bot/bump-${dependencyName}-${dependencyVersion}`;
@@ -11465,7 +11470,7 @@ async function run() {
       const packageJson = await readPackageJson(packageJsonLocation);
       const dependencyType = await verifyDependencyType(packageJson, dependencyName);
       if (dependencyType === 'NONE') {
-        core.info(`This is super strange. We could not find ${dependencyName} neither in dependencies property nor in the devDependencies property. This repo should not show up on the list as it should not show up in search results. On to the next one`);
+        core.info(`We could not find ${dependencyName} neither in dependencies property nor in the devDependencies property. No further steps will be performed. It was found as GitHub search is not perfect and you probably use a package with similar name.`);
         continue;
       }
 
@@ -12128,8 +12133,8 @@ function verifyDependencyType(json, dependencyName) {
   const prodDependencies = json.dependencies;
   const devDependencies = json.devDependencies;
 
-  const isProd = prodDependencies[dependencyName];
-  const isDev = devDependencies[dependencyName];
+  const isProd = prodDependencies && prodDependencies[dependencyName];
+  const isDev = devDependencies && devDependencies[dependencyName];
 
   if (isProd && isDev) return 'PROD';
   if (!isProd && !isDev) return 'NONE';
diff --git a/lib/index.js b/lib/index.js
@@ -8,14 +8,19 @@ const { createBranch, clone, push } = require('./git');
 const { getReposList, createPr, getRepoDefaultBranch } = require('./api-calls');
 const { readPackageJson, parseCommaList, verifyDependencyType, installDependency } = require('./utils');
 
+/* eslint-disable sonarjs/cognitive-complexity */
+/**
+ * Disabled the rule for this function as there is no way to make it shorter in a meaningfull way.
+ * It looks complex because of extensive usage of core package to log as much as possible
+ */
 async function run() {
   try {
     const gitHubKey = process.env.GITHUB_TOKEN || core.getInput('github_token', { required: true });
     const committerUsername = core.getInput('committer_username') || 'web-flow';
     const committerEmail = core.getInput('committer_email') || 'noreply@github.com';
     const commitMessageProd = core.getInput('commit_message_prod') || 'Update dependency';
     const commitMessageDev = core.getInput('commit_message_dev') || 'Update devDependency';
-    const packageJsonPath = process.env.PACKAGE_JSON_LOC || core.getInput('packagejson_loc');
+    const packageJsonPath = process.env.PACKAGE_JSON_LOC || core.getInput('packagejson_loc') || './';
     const reposToIgnore = core.getInput('repos_to_ignore');
 
     const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
@@ -24,7 +29,7 @@ async function run() {
     //by default repo where workflow runs should always be ignored
     ignoredRepositories.push(repo);
 
-    const { name: dependencyName, version: dependencyVersion} = await readPackageJson(path.join(process.cwd(), packageJsonPath || './', 'package.json'));
+    const { name: dependencyName, version: dependencyVersion} = await readPackageJson(path.join(process.cwd(), packageJsonPath, 'package.json'));
     core.info(`Identified dependency name as ${dependencyName} with version ${dependencyVersion}. Now it will be bumped in dependent projects.`);
 
     const reposList = await getReposList(octokit, dependencyName, owner);
@@ -53,7 +58,7 @@ async function run() {
       const packageJson = await readPackageJson(packageJsonLocation);
       const dependencyType = await verifyDependencyType(packageJson, dependencyName);
       if (dependencyType === 'NONE') {
-        core.info(`This is super strange. We could not find ${dependencyName} neither in dependencies property nor in the devDependencies property. This repo should not show up on the list as it should not show up in search results. On to the next one`);
+        core.info(`We could not find ${dependencyName} neither in dependencies property nor in the devDependencies property. No further steps will be performed. It was found as GitHub search is not perfect and you probably use a package with similar name.`);
         continue;
       }
 
diff --git a/lib/utils.js b/lib/utils.js
@@ -30,8 +30,8 @@ function verifyDependencyType(json, dependencyName) {
   const prodDependencies = json.dependencies;
   const devDependencies = json.devDependencies;
 
-  const isProd = prodDependencies[dependencyName];
-  const isDev = devDependencies[dependencyName];
+  const isProd = prodDependencies && prodDependencies[dependencyName];
+  const isDev = devDependencies && devDependencies[dependencyName];
 
   if (isProd && isDev) return 'PROD';
   if (!isProd && !isDev) return 'NONE';
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -6,7 +6,7 @@
   "scripts": {
     "start": "rimraf ./clones && node lib/index.js",
     "dev": "DEBUG=simple-git npm start",
-    "package": "ncc build lib/index.js -o dist",
+    "package": "ncc build lib/index.js -o dist && rimraf dist/org-projects-dependency-manager",
     "gitAdd": "git add dist/index.js",
     "gen-readme-toc": "markdown-toc -i README.md",
     "lint": "eslint --max-warnings 0 .",
diff --git a/test/package.json b/test/package.json
@@ -1,5 +1,4 @@
 {
     "name": "@asyncapi/generator",
-    "version": "1.0.1"
-  }
-  
+    "version": "1.0.0-rc.15"
+  }
diff --git a/test/utils.test.js b/test/utils.test.js
@@ -0,0 +1,110 @@
+const { parseCommaList, verifyDependencyType } = require('../lib/utils');
+
+describe('parseCommaList()', () => {
+  it('parses role model string without issues', () => {
+    const list = 'test1, test2, test3, test4';
+    const parsed = parseCommaList(list);
+
+    expect(parsed).toStrictEqual(['test1', 'test2', 'test3', 'test4']);
+  });
+
+  it('parses string with many spaces between commas', () => {
+    const list = 'test1   , test2,    test3, test4';
+    const parsed = parseCommaList(list);
+
+    expect(parsed).toStrictEqual(['test1', 'test2', 'test3', 'test4']);
+  });
+
+  it('parses string if quotes are used', () => {
+    const list = '\'test1\'   , \'test2\',    "test3", "test4"';
+    const parsed = parseCommaList(list);
+
+    expect(parsed).toStrictEqual(['test1', 'test2', 'test3', 'test4']);
+  });
+});
+
+describe('verifyDependencyType()', () => {
+  it('returns NONE type if neither dependencies nor devDependencies are in the file', () => {
+    const parsedPackageJson = {
+      name: '@my/test1',
+      version: '1.0.0'
+    };
+
+    const nameOfDependencyToCheck = '@my/test1';
+    const verifyResult = verifyDependencyType(parsedPackageJson, nameOfDependencyToCheck); 
+    
+    expect(verifyResult).toStrictEqual('NONE');
+  });
+
+  it('returns NONE type if verified package is neither in dependencies nor in devDependencies', () => {
+    const parsedPackageJson = {
+      name: '@my/test1',
+      version: '1.0.0',
+      dependencies: {
+        '@my/test2': '0.0.1'
+      },
+      devDependencies: {
+        '@my/test2': '0.0.1'
+      }
+    };
+
+    const nameOfDependencyToCheck = '@my/test1';
+    const verifyResult = verifyDependencyType(parsedPackageJson, nameOfDependencyToCheck); 
+    
+    expect(verifyResult).toStrictEqual('NONE');
+  });
+
+  it('returns PROD type if verified package is in dependencies', () => {
+    const parsedPackageJson = {
+      name: '@my/test1',
+      version: '1.0.0',
+      dependencies: {
+        '@my/test1': '0.0.1'
+      },
+      devDependencies: {
+        '@my/test2': '0.0.1'
+      }
+    };
+
+    const nameOfDependencyToCheck = '@my/test1';
+    const verifyResult = verifyDependencyType(parsedPackageJson, nameOfDependencyToCheck); 
+    
+    expect(verifyResult).toStrictEqual('PROD');
+  });
+
+  it('returns DEV type if verified package is in devDependencies', () => {
+    const parsedPackageJson = {
+      name: '@my/test1',
+      version: '1.0.0',
+      dependencies: {
+        '@my/test2': '0.0.1'
+      },
+      devDependencies: {
+        '@my/test1': '0.0.1'
+      }
+    };
+
+    const nameOfDependencyToCheck = '@my/test1';
+    const verifyResult = verifyDependencyType(parsedPackageJson, nameOfDependencyToCheck); 
+    
+    expect(verifyResult).toStrictEqual('DEV');
+  });
+
+  it('returns PROD type if verified package is in dependencies and devDependencies', () => {
+    const parsedPackageJson = {
+      name: '@my/test1',
+      version: '1.0.0',
+      dependencies: {
+        '@my/test1': '0.0.1'
+      },
+      devDependencies: {
+        '@my/test1': '0.0.1'
+      }
+    };
+
+    const nameOfDependencyToCheck = '@my/test1';
+    const verifyResult = verifyDependencyType(parsedPackageJson, nameOfDependencyToCheck); 
+    
+    expect(verifyResult).toStrictEqual('PROD');
+  });
+});

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@asyncapi/generator",`
`3`		`- "version": "1.0.1"`
`4`		`- }`
`5`		`-`
	`3`	`+ "version": "1.0.0-rc.15"`
	`4`	`+ }`