Product
Introducing Socket Optimize
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.
@anolilab/multi-semantic-release
Advanced tools
Daniel Bannert's open source work is supported by the community on GitHub Sponsors
This fork of dhoub/multi-semantic-release replaces setImmediate
loops
and execa.sync
hooks with event-driven flow and finally makes possible to run the most release operations in parallel.
π π π
This package should work well, but may not be fundamentally stable enough for important production use as it's pretty dependent on how semantic-release works (so it may break or get out-of-date in future versions of semantic-release).
One of the best things about semantic-release is forgetting about version numbers. In a monorepo though there's still
a lot of version number management required for local deps (packages in the same monorepo referenced in dependencies
or devDependencies
or peerDependencies
). However in multi-semantic-release the version numbers of local deps are
written into package.json
at release time. This means there's no need to hard-code versions any more
(we recommend just using *
asterisk instead in your repo code).
npm install --save-dev @anolilab/multi-semantic-release@latest semantic-release@latest
pnpm add -D @anolilab/multi-semantic-release@latest semantic-release@latest
yarn add -D @anolilab/multi-semantic-release@latest semantic-release@latest
multi-semantic-release
Make sure to have a workspaces
attribute inside your package.json
project file. In there, you can set a list of packages that you might want to process in the msr process, as well as ignore others. For example, let's say your project has 4 packages (i.e. a, b, c and d) and you want to process only a and d (ignore b and c). You can set the following structure in your package.json
file:
{
"name": "msr-test-yarn",
"author": "Dave Houlbrooke <dave@shax.com",
"version": "0.0.0-semantically-released",
"private": true,
"license": "0BSD",
"engines": {
"node": ">=8.3"
},
"workspaces": ["packages/*", "!packages/b/**", "!packages/c/**"],
"release": {
"plugins": ["@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator"],
"noCi": true
}
}
Make sure to have a packages
attribute inside your pnpm-workspace.yaml
in the root of your project.
Note: You need to have the
"workspaces": ["packages/*"]
attribute inside yourpackage.json
project file as well, need from semantic-release.
In there, you can set a list of packages that you might want to process in the msr process, as well as ignore others.
For example, let's say your project has 4 packages (i.e. a, b, c and d) and you want to process only a and d (ignore b and c). You can set the following structure in your pnpm-workspace.yaml
file:
packages:
- "packages/**"
- "!packages/b/**"
- "!packages/c/**"
Make sure to have a bolt.workspaces
attribute inside your package.json
project file.
In there, you can set a list of packages that you might want to process in the msr process, as well as ignore others.
For example, let's say your project has 4 packages (i.e. a, b, c and d) and you want to process only a and d (ignore b and c). You can set the following structure in your package.json
file:
{
"name": "msr-test-bolt",
"author": "Dave Houlbrooke <dave@shax.com",
"version": "0.0.0-semantically-released",
"private": true,
"license": "0BSD",
"engines": {
"node": ">=8.3"
},
"bolt": {
"workspaces": ["packages/*", "!packages/b/**", "!packages/c/**"]
},
"release": {
"plugins": ["@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator"],
"noCi": true
}
}
multi-semantic-release can be configured a number of ways:
.multi-releaserc
file, written in YAML or JSON, with optional extensions: .yaml
/ .yml
/ .json
/ .js
multi-release.config.js
file that exports an objectmulti-release
key in the workspace root package.jsonAlternatively some options may be set via CLI flags.
Note: CLI arguments take precedence over options configured in the configuration file.
Option | Type | CLI Flag | Description |
---|---|---|---|
dryRun | boolean | --dry-run | Dry run mode. |
logLevel | String | --log-level | Sets the internal logger verbosity level: error, warn, info, debug, trace . Defaults to info . |
debug | boolean | --debug | Output debugging information. Shortcut for --logLevel=debug . |
silent | boolean | --silent | Turns off any log outputs. |
extends | String | Array | N/A | List of modules or file paths containing a shareable configuration. If multiple shareable configurations are set, they will be imported in the order defined with each configuration option taking precedence over the options defined in the previous. |
sequentialInit | boolean | --sequential-init | Avoid hypothetical concurrent initialization collisions. |
sequentialPrepare | boolean | --sequential-prepare | Avoid hypothetical concurrent preparation collisions. True by default. |
firstParent | boolean | --first-parent | Apply commit filtering to current branch only. |
ignorePrivate | boolean | --ignore-private | Exclude private packages. True by default. |
ignorePackages | String | Array | --ignore-packages | Packages list to be ignored on bumping process (appended to the ones that already exist at package.json workspaces). If using the CLI flag, supply a comma seperated list of strings. |
tagFormat | String | --tag-format | Format to use when creating tag names. Should include "name" and "version" vars. Default: "${name}@${version}" which generates "package-name@1.0.0" |
deps | Object | N/A | Dependency handling, see below for possible values. |
deps
OptionsOption | Type | CLI Flag | Description |
---|---|---|---|
bump | override | satisfy | inherit | --deps.bump | Define deps version update rule.
|
release | patch | minor | major | inherit | --deps.release | Define release type for dependent package if any of its deps changes.
|
prefix | '^' | '~' | '' | --deps.prefix | Optional prefix to be attached to the next version if bump is set to override . Supported values: ^ | ~ | '' (empty string) ; '' by default. |
{
"multi-release": {
"ignorePackages": ["!packages/b/**", "!packages/c/**"],
"deps": {
"bump": "inherit"
}
}
}
.multi-releaserc
file:{
"ignorePackages": ["!packages/b/**", "!packages/c/**"],
"deps": {
"bump": "inherit"
}
}
$ multi-semantic-release --ignore-packages=packages/a/**,packages/b/** --deps.bump=inherit
MSR requires semrel config to be added in any supported format for each package or/and declared in repo root (globalConfig
is extremely useful if all the modules have the same strategy of release).
NOTE config resolver joins globalConfig
and packageConfig
during execution.
// Load the package-specific options.
const { options: pkgOptions } = await getConfig(dir);
// The 'final options' are the global options merged with package-specific options.
// We merge this ourselves because package-specific options can override global options.
const finalOptions = Object.assign({}, globalOptions, pkgOptions);
Make sure to have a workspaces
attribute inside your package.json
project file. In there, you can set a list of packages that you might want to process in the msr process, as well as ignore others. For example, let's say your project has 4 packages (i.e. a, b, c and d) and you want to process only a and d (ignore b and c). You can set the following structure in your package.json
file:
{
"name": "msr-__tests__-yarn",
"author": "Dave Houlbrooke <dave@shax.com",
"version": "0.0.0-semantically-released",
"private": true,
"license": "0BSD",
"engines": {
"node": ">=8.3"
},
"workspaces": ["packages/*", "!packages/b/**", "!packages/c/**"],
"release": {
"plugins": ["@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator"],
"noCi": true
}
}
You can also ignore it with the CLI:
$ multi-semantic-release --ignore-packages=packages/b/**,packages/c/**
You can also combine the CLI ignore options with the !
operator at each package inside workspaces
attribute. Even though you can use the CLI to ignore options, you can't use it to set which packages to be released β i.e. you still need to set the workspaces
attribute inside the package.json
.
We use this tool to release our JS platform code inhouse (GitHub Enterprise + JB TeamCity) and for our OSS (GitHub + Travis CI). Guaranteed working configurations available in projects.
When releasing a monorepo you may get a npm ERR! code ETARGET
error. This is caused by npm version
creating a reify update on packages with future dependency versions MSR has not updated yet.
The simplest work around is to set workspaces-update to false either in your .npmrc or manually by running npm config set workspaces-update false
When releasing a monorepos you may get EINVALIDNPMTOKEN
error. The more packages, the more chance of error, unfortunately.
INVALIDNPMTOKEN Invalid npm token.
The npm token (https://github.com/semantic-release/npm/blob/master/README.md#npm-registry-authentication) configured in the NPM_TOKEN environment variable must be a valid token (https://docs.npmjs.com/getting-started/working_with_tokens) allowing to publish to the registry https://registry.npmjs.org/.
Do not rush to change your token. Perhaps this is related to npm whoami
request throttling on your registry (just a hypothesis: https://github.com/semantic-release/npm/pull/416). At this point you can:
This error seems to be related to concurrent git invocations (issues/24). Or maybe not.
Anyway we've added a special --sequental-init
flag to queue up these calls.
Automatically finds packages as long as workspaces are configured as-per the workspace-feature of one of the support package managers.
I'm aware Lerna is the best-known tool right now, but in future it seems clear it will be replaced by functionality in Yarn and NPM directly. If you use Yarn workspaces today (January 2019), then publishing is the only remaining feature Lerna is really required for (though it'd be lovely if Yarn added parallel script execution). Thus using multi-semantic-release means you can probably remove Lerna entirely from your project.
Other packages that enable semantic-release for monorepos work by iterating into each package and running the semantic-release
command. This is conceptually simple but unfortunately not viable because:
A key requirement is handling local dep version numbers elegantly. multi-semantic-release does the following:
patch
bump on that package toopackage.json
file (overwriting any existing value)The above means that, possibly, if someone upgrades dependencies and pulls down a package from NPM during the multirelease (before all its deps have been published at their next versions), then their npm install
will fail (it will work if they try again in a few minutes). On balance I thought it was more important to be atomically correct (this situation should be fairly rare assuming projects commit their lockfiles).
This is the jankiest part of multi-semantic-release and most likely part to break relies. I expect this to cause maintenance issues down the line. In an ideal world semantic-release will bake-in support for monorepos (making this package unnecessary).
The way I ended up integrating is to create a custom "inline plugin" for semantic-release, and passing that in to semanticRelease()
as the only plugin. This then calls any other configured plugins to retrieve and potentially modify the response.
The plugin starts all release at once, then pauses them (using Promises) at various points to allow other packages in the multirelease to catch up. This is mainly needed so the version number of all packages can be established before any package is released. This allows us to do a patch
bump on releases whose local deps have bumped, and to accurately write in the version of local deps in each package.json
The inline plugin does the following:
context.commits
with a list of commits filtered to the folder onlyplugins.analyzeCommits()
to get the next release type (e.g. from @semantic-release/commit-analyzer)patch
if that's trueplugins.generateNotes()
to get the notes (e.g. from @semantic-release/release-notes-generator)dependencies
, devDependencies
, peerDependencies
in package.json
git push
asynchronously, multiple releases at once fail because Git refs aren't locked β semantic-release should use execa.sync()
so Git operations are atomic)The integration with semantic release is pretty janky β this is a quick summary of the reasons this package will be hard to maintain:
context.commits
object before it was used by @semantic-release/commit-analyzer
(so it only lists commits for the corresponding directory).context.commits
was very difficult! I did it eventually creating an inline plugin and passing it into semanticRelease()
via options.plugins
plugins.analyzeCommits()
with an overridden context.commits
β see createInlinePluginCreator.jsdependencies
in package.json points to an internal package) this step also does a patch
bump if any of them did a bump..releaserc
and then per-directory overrides for individual packages).git tag
is done asynchronouslyexeca()
in semantic release should be replaced with execa.sync()
to ensure Git's internal state is atomic.Synchronizer
is the neat part. It is critical to make the tag and commit publishing phases strictly sequential. Event emitter allows:
Releases always use a tagFormat
of my-pkg-1@1.0.1
for Git tags, and always overrides any gitTag
set in semantic-release configuration.
I can personally see the potential for this option in coordinating a semantic-release (e.g. so two packages with the same tag always bump and release simultaneously). Unfortunately with the points of integration available in semantic-release, it was effectively impossible when releasing to stop a second package creating a duplicate tag (causing an error).
To make the tagFormat
option work as intended the following would need to happen:
v1.0.0
will have the same effect as Lerna's fixed mode (all changed monorepo packages released at same time)Libraries in this ecosystem make the best effort to track Node.jsβ release schedule. Hereβs a post on why we think this is important.
If you would like to help take a look at the list of issues and check our Contributing guild.
Note: please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
FAQs
A multi semantic release tool for a monorepo.
The npm package @anolilab/multi-semantic-release receives a total of 1,423 weekly downloads. As such, @anolilab/multi-semantic-release popularity was classified as popular.
We found that @anolilab/multi-semantic-release demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.
Product
We're excited to announce that Socket now supports the Java programming language.
Security News
Socket detected a malicious Python package impersonating a popular browser cookie library to steal passwords, screenshots, webcam images, and Discord tokens.