This script will be very useful for the `rules_js` migration, as it
allows us to quickly spot differences between the local `npm_package`
target and the valid golden (based on the snapshot repository).
Migrates the `@angular-devkit/architect` package to the `rules_js` npm
package rule, consuming the direct `rules_ts` output JS files.
Notably, substitution is FAR different than what it used to be with
`rules_nodejs`, so we needed some extra work to leverage `make_template`
for substitutions in `package.json` files. **Keep in mind** that for
now, this does not apply to any other files; so we only substitute in
the `package.json`, but not in e.g. `.js` files as before. We will
follow-up on this.
The other jq merging/filtering for snapshot or tar references in
`package.json` files is kept as is, and is temporarily duplicated. This
is acceptable as the migration should be pretty smooth and quick.
I often struggle with spacing around block comments, so I've decided to add the `lines-around-comment` lint rule to help manage this.
For more details, see the https://eslint.style/rules/js/lines-around-comment
This commit bundles the Critters library to ensure compatibility with Nodeless environments. Additionally, all licenses for bundled libraries, including Critters, are now included in the package. This helps maintain compliance with open-source license requirements.
The `@typescript-eslint/eslint-plugin` package has been updated to v8.0.1.
With new major versions of the package, additional rules are added to the
default recommended list. Several such new rules have been disabled to
minimize the code changes to update the package. Several minor type only
fixes were however included to reduce the number of disabled rules.
Several smaller code changes to improve type information and remove now
unneeded code structures based on improvements to both Node.js, TypeScript,
and underlying dependencies.
The saucelabs connect tunnel utility is now only downloaded when a
saucelabs related test is executed. Previously it was part of the
root `package.json` and downloaded whenever a package install was
executed. The utility archive was also not an actual package which
incidentally worked with npm but does not work with newer versions
of yarn. A SHA256 check is also now performed prior to executing
the utility to verify the expected file is present.
Updates for all angular.io links to the new angular.dev domain. Additionally, adjustment to new resources where the equivalent does not exist on the new site (e.g. Tour of Heroes tutorial)
Dependency know leverages the Github dependency review action instead
of the previous custom solution. The action uses the Github dependency
API to analyze dependencies. This not only should provide more accurate
results but also lower the maintenance costs for the license checking.
The initial allowed licenses list is based on the previous checker list
with licenses that are no longer used removed.
Action Documentation: https://github.com/actions/dependency-review-action
The separate `lodash.template` package appears to no longer be updated.
To address https://github.com/angular/angular-cli/security/dependabot/87
the package has been switch to `lodash` which is the main package and
was updated to address the linked issue. This package is used within
the build infrastructure tooling for the repository.
The admin create script previously only updated the package.json dependencies
for direct dependencies. This did not ensure that all built packages were used
due to some built packages being used as transitive dependencies. The npm
`overrides` field is now also used to ensure that these dependencies are also
properly redirected to the built packages.
Previously, the release process encountered an error due to ts-node's inability to transform `packages/schematics/angular/utility/latest-versions.ts`, resulting in the following error:
```
export const latestVersions: Record<string, string> & {
^^^^^^
SyntaxError: Unexpected token 'export'
at internalCompileFunction (node:internal/vm:73:18)
at wrapSafe (node:internal/modules/cjs/loader:1274:20)
at Module._compile (node:internal/modules/cjs/loader:1320:27)
at Module._extensions..js (node:internal/modules/cjs/loader:1414:10)
at Module.load (node:internal/modules/cjs/loader:1197:32)
at Module._load (node:internal/modules/cjs/loader:1013:12)
at ModuleWrap.<anonymous> (node:internal/modules/esm/translators:202:29)
at ModuleJob.run (node:internal/modules/esm/module_job:195:25)
at async ModuleLoader.import (node:internal/modules/esm/loader:336:24)
at async checkSchematicsAngularLatestVersion (file:///usr/..../git/angular-cli/scripts/release-checks/dependency-ranges/latest-versions-check.mts:9:46)
```
To resolve this issue, we now utilize the `package.json` directly to retrieve dependency versions.
This update addresses an issue where an older version of the CLI tarball was mistakenly employed in creating a new application via `yarn admin create`.
Additionally, `yarn admin create` now accommodates extra options that can be utilized with `ng new`.
Example:
```
yarn admin create my-app --ssr
```
This should fix
```
fatal: 'c22bda9
' is not a valid tag name.
Command failed: git "tag", "c22bda9\n"
file:///home/runner/work/angular-cli/angular-cli/scripts/devkit-admin.mts:39
console.error(err.stack);
```
The helpers are unneeded and behavior can be reproduced with direct
string usage. Also, this removes a runtime dependency on the packages
being validated.
The main release build script now has the infrastructure needed to build
using the `local` bazel configuration. This is not yet used within the build
process but provides the base infrastructure to support local builds of the
packages in the future. `local` builds are package builds that contain file
path dependencies to the other built package archives in the workspace and
are used for local development and testing purposes only.
Previously, the `@angular/core` package which was being built was used
during the build process. This package was only used for logging and
has now been replaced with the Console instead. This prevents potential
logging issues if there are bugs or errors within the package being built.
The `fs-monkey`, `memfs` and `spdx-license-ids` packages all now have valid license
fields and allowed licenses. All three have been removed from the exceptions
list.
Several SPDX license aliases have been removed as they are no longer used
by any dependencies within the project. The aliases only existed due to
previous non-standard SPDX identifiers present in used packages.
Additionally, the license validator automatically handles SPDX combination
syntax and combinations do not need to be listed explicitly.
The file searching within the build system (both Webpack and esbuild) now use the
`fast-glob` package for globbing which provides a small performance improvement.
Since the assets option in particular is within the critical path of the buil pipeline,
the performance benefit from the switch will be most prevalent in asset heavy projects.
As an example, the Angular Material documentation site saw the asset discovery time
reduced by over half with the switch. `fast-glob` is also the package used by Vite
which provides additional benefit by ensuring that the Angular CLI behavior matches
that of the newly integrated Vite development server.
Adds an automatic check that runs before cutting releases. This
will help avoiding issues where we forget to update peer dependencies
or the `latest-versions.ts` file.
General cleanup of the main repository `tsconfig.json` file that is used by the IDE and as a base for the build and test tsconfig files. This includes removal of options that contain default values and removal of no longer existing paths from several options. A project relative path in one of the development scripts was also fixed to use a relative path to be consist with all other paths.
Instead of encoding the GitHub snapshot robot access token in a file that needs to be decoded by an
ambiguously named secret called `KEY`, the token can be directly stored in the secrets of CircleCI
given easier maintenance and the same risk.
The leakage of the secret still means the GitHub token file could be decoded. We are switching to a
similar model as in the components repo, which also simplifies key rotations etc.
When performing a release via the dev-infra `ng-dev` tooling, the release
builds for the packages that will be published are now performed using bazel.
Prior to this, the release builds were performed using a custom build script
that programmatically invoked TypeScript APIs. The Bazel build and discovery
process for the releasable packages is performed by a script that is based on
the scripts from components and framework repositories. Several small modifications
were performed to match the behavior and structure of the cli repository:
* Use of `packages` as the source root in the bazel query
* Use of `pkg_npm` rule in the bazel query
* Partial transition to native Node.js `fs` APIs instead of `shelljs`
* Directory creation per package when copying output (supports multiple package scopes)
* Copying of archives (tgz) for each package
The snapshot and local build capabilities are not modified as part of this change
but will be merged in a followup as part of a larger transition to use bazel
throughout the package build process.
