Conversation
| if not os.path.exists(cas_path): | ||
| os.makedirs(cas_dir, exist_ok=True) | ||
| with open(cas_path, 'wb') as out: | ||
| out.write(data) |
There was a problem hiding this comment.
Needs os.chmod(cas_path, member.mode) or something to preserve executable files.
There was a problem hiding this comment.
I did this:
if is_exec:
os.chmod(cas_path, 0o755)
|
Before reviewing the code it would be nice if people can try this out for packaging their own projects. That way we can get a better idea of what works and doesn't, it'd get tested as well and you'd have some feedback. You can keep seperate commits for now but once it is ready it should be split into logical parts with proper commit messages or one single commit. |
|
I’ve been trying this on Zulip Desktop. I ran into two issues:
Other than that, this seems to work for me. |
|
Thank you for testing! I've fixed both issues. I'm glad it works for you! As for commit naming, we can squash when merging, or I can just rebase and squash then. |
| 'Please upgrade to pnpm 8+ and regenerate your lockfile.' | ||
| ) | ||
|
|
||
| if not lockfile_version.startswith(_SUPPORTED_VERSIONS): |
There was a problem hiding this comment.
you should check the major version startswith will make unrelated versions pass through.
major = lockfile_version.split('.', 1)[0].
same for the one below.
| raise ValueError(f'{lockfile_path}: missing lockfileVersion field') | ||
|
|
||
| lockfile_version = str(raw_version) | ||
| if lockfile_version.startswith('5'): |
There was a problem hiding this comment.
same here, check the major version
There was a problem hiding this comment.
is there any reason this is separate form the rest? is it for the different message? i'd merge it.
There was a problem hiding this comment.
Good point. I changed that as you suggested.
| print( | ||
| f'ERROR: {tarball_path} not found', | ||
| file=sys.stderr, | ||
| ) | ||
| sys.exit(1) |
There was a problem hiding this comment.
can you raise an exception here instead of sys.exit?
| pkg_name=info['name'], | ||
| pkg_version=info['version'], | ||
| integrity_hex=info['integrity_hex'], | ||
| requires_build=info.get('requires_build', False), |
There was a problem hiding this comment.
where is requires_build actually used?
There was a problem hiding this comment.
I removed it altogether, I was weighing whether to support it during my implementation and decided to keep it out of scope for now, and maybe add in another iteration later.
| # All currently supported lockfile versions (v6/v7/v9) use store v10. | ||
| # Needs to be updated when a new pnpm major changes the store layout | ||
| _STORE_VERSION = 'v10' |
There was a problem hiding this comment.
this should probably be derived from the lockfile version instead of being hardcoded here. we might need to support multiple store versions instead of the latest one and i'm guessing they will be incompatible.
There was a problem hiding this comment.
can you add tests for git resolution?
I was able to hack around this without removing the dependency, as follows.
Would this be easy to support automatically? |
|
readme should be updated. |
| import sys | ||
| import types | ||
| from pathlib import Path | ||
| from typing import ( |
There was a problem hiding this comment.
i just did a large refactor of moving to python 3.10+ and migrating to standard type hints so these should be updated.
node/pyproject.toml
Outdated
| pytest-datadir = "^1.6.1" | ||
| pytest-httpserver = "^1.1.3" | ||
| pytest-xdist = "^3.6.1" | ||
| types-pyyaml = "^6.0.12.20250915" |
There was a problem hiding this comment.
| types-pyyaml = "^6.0.12.20250915" | |
| types-pyyaml = ">=6.0.12.2,<7" |
|
I just rebased onto current master and fixed all the type issues. I also updated the node readme, and squashed all commits as suggested. |
This looks like an issue with tarball/git sources in general. I am getting the same issue with the when running a build with the generated sources. |
|
I'm gonna dedicate some time after this PR to make sure it supports anything pnpm can do. And if it can't, at least make sure there's a good reason for that. But in the interest of keeping scope manageable, I'd rather not add anything else to this one. |
|
I can merge this once the lint issues are fixed (CI is failing). Seems it has worked for some projects and the rest can be iterated later. |
|
Ok, I had an old lock and didn't notice. Should be ok now |
4 participants
Proposed in #383
This PR adds pnpm as a third package manager option for node. The provider parses pnpm lock file, downloads tarballs as flatpak file sources, and at build time, a bundled Python script extracts tarballs and populates pnpm's content-addressable store.
I did some manual testing on this with a real pnpm project. Should work with monorepos with internal dependencies too.
Limitations:
pnpm install --offlinewill probably fail for projects with git deps. Same approach as npm's jq-based patching would be neededrequiresBuildhardcoded tofalse, should be extracted from lockfile metadata. Will cause pnpm to skip native addon rebuilds