@esy-nightly/esy
Advanced tools
Comparing version 0.7.2-99-gf9035e77 to 0.7.3-8-g0e19fbda
{ | ||
"name": "@esy-nightly/esy", | ||
"version": "0.7.2-99-gf9035e77", | ||
"version": "0.7.3-8-g0e19fbda", | ||
"license": "BSD-2-Clause", | ||
@@ -17,7 +17,7 @@ "description": "Package builder for esy.", | ||
"esyInstallRelease.js", | ||
"platform-linux/", | ||
"platform-darwin/", | ||
"platform-darwin-arm64/", | ||
"platform-windows-x64/" | ||
"platform-esy-npm-release-linux-x64-static", | ||
"platform-esy-npm-release-darwin-arm64", | ||
"platform-esy-npm-release-darwin-x64", | ||
"platform-esy-npm-release-win32-x64" | ||
] | ||
} |
@@ -50,59 +50,2 @@ /** | ||
/** | ||
* Since os.arch returns node binary's target arch, not | ||
* the system arch. | ||
* Credits: https://github.com/feross/arch/blob/af080ff61346315559451715c5393d8e86a6d33c/index.js#L10-L58 | ||
*/ | ||
function arch() { | ||
/** | ||
* The running binary is 64-bit, so the OS is clearly 64-bit. | ||
*/ | ||
if (process.arch === 'x64') { | ||
return 'x64'; | ||
} | ||
/** | ||
* All recent versions of Mac OS are 64-bit. | ||
*/ | ||
if (process.platform === 'darwin') { | ||
return 'x64'; | ||
} | ||
/** | ||
* On Windows, the most reliable way to detect a 64-bit OS from within a 32-bit | ||
* app is based on the presence of a WOW64 file: %SystemRoot%\SysNative. | ||
* See: https://twitter.com/feross/status/776949077208510464 | ||
*/ | ||
if (process.platform === 'win32') { | ||
var useEnv = false; | ||
try { | ||
useEnv = !!(process.env.SYSTEMROOT && fs.statSync(process.env.SYSTEMROOT)); | ||
} catch (err) {} | ||
var sysRoot = useEnv ? process.env.SYSTEMROOT : 'C:\\Windows'; | ||
// If %SystemRoot%\SysNative exists, we are in a WOW64 FS Redirected application. | ||
var isWOW64 = false; | ||
try { | ||
isWOW64 = !!fs.statSync(path.join(sysRoot, 'sysnative')); | ||
} catch (err) {} | ||
return isWOW64 ? 'x64' : 'x86'; | ||
} | ||
/** | ||
* On Linux, use the `getconf` command to get the architecture. | ||
*/ | ||
if (process.platform === 'linux') { | ||
var output = cp.execSync('getconf LONG_BIT', {encoding: 'utf8'}); | ||
return output === '64\n' ? 'x64' : 'x86'; | ||
} | ||
/** | ||
* If none of the above, assume the architecture is 32-bit. | ||
*/ | ||
return 'x86'; | ||
} | ||
// implementing it b/c we don't want to depend on fs.copyFileSync which appears | ||
@@ -125,3 +68,3 @@ // only in node@8.x | ||
var copyPlatformBinaries = (platformPath) => { | ||
var platformBuildPath = path.join(__dirname, 'platform-' + platformPath); | ||
var platformBuildPath = path.join(__dirname, platformPath); | ||
@@ -134,3 +77,3 @@ let foldersToCopy, binariesToCopy; | ||
if (platformPath === 'linux') { | ||
if (platformPath === "platform-esy-npm-release-linux-x64-static") { | ||
fs.mkdirSync(path.join(__dirname, 'lib')); | ||
@@ -158,3 +101,3 @@ foldersToCopy = ['bin', 'lib']; | ||
if (platformPath === 'linux') { | ||
if (platformPath === "platform-esy-npm-release-linux-x64-static") { | ||
fs.chmodSync(path.join(__dirname, 'lib', 'esy', 'esyBuildPackageCommand'), 0755); | ||
@@ -172,10 +115,10 @@ fs.chmodSync(path.join(__dirname, 'lib', 'esy', 'esySolveCudfCommand'), 0755); | ||
const platformArch = process.arch; | ||
switch (platform) { | ||
case 'win32': | ||
if (arch() !== 'x64') { | ||
if (platformArch !== 'x64') { | ||
console.warn('error: x86 is currently not supported on Windows'); | ||
process.exit(1); | ||
} | ||
copyPlatformBinaries('windows-x64'); | ||
copyPlatformBinaries('platform-esy-npm-release-win32-x64'); | ||
console.log('Installing native compiler toolchain for Windows...'); | ||
@@ -189,7 +132,7 @@ cp.execSync( | ||
case 'linux': | ||
copyPlatformBinaries(platform); | ||
copyPlatformBinaries(`platform-esy-npm-release-linux-${platformArch}-static`); | ||
// Statically linked binaries dont need postinstall scripts | ||
break; | ||
case 'darwin': | ||
copyPlatformBinaries(platform + (process.arch === 'x64' ? '' : '-arm64')); | ||
copyPlatformBinaries(`platform-esy-npm-release-darwin-${platformArch}`); | ||
require('./esyInstallRelease'); | ||
@@ -196,0 +139,0 @@ break; |
270
README.md
@@ -7,4 +7,3 @@ # esy | ||
This README serves as a development documentation for esy. For user | ||
documentation refer to [esy.sh][] documentation site. | ||
Esy is a package manager for Reason and OCaml centered around the [NPM] workflow. Reason/OCaml are compiled languages and it can be daunting for developers to setup tools and develop a workflow that is intuitive and well documented. Developing apps that are natively compiled are also hard to reproduce and often require additional tooling. Esy tries address these, by offering a familiar `package.json` centered workflow and light-weight sandboxing. | ||
@@ -24,198 +23,18 @@ <!-- START doctoc generated TOC please keep comment here to allow auto update --> | ||
## Repository structure | ||
## Installation | ||
The following snippet lists esy repository structured (omitting irrelevant or | ||
obvious items) with further explanations: | ||
Esy is available on NPM. | ||
├── CHANGELOG.md | ||
├── LICENSE | ||
├── README.md | ||
│ | ||
├── Makefile | ||
│ Common tasks and workflows for esy development. | ||
│ | ||
├── bin/esy | ||
│ symlink (wrapper on Windows) for esy command, used for running tests | ||
│ | ||
├── bin/esyInstallRelease.js | ||
│ postinstall step for npm releases produced with `esy npm-release` | ||
│ command. This is a built JS file which is developed in a separate flow | ||
│ inside `esy-install-npm-release/` subdirectory (see below). | ||
│ | ||
├── docs | ||
│ esy end user documentation in markdown format. | ||
│ | ||
├── dune | ||
├── dune-project | ||
│ | ||
├── esy | ||
│ This dune library implements sandbox builder - a routine which builds | ||
│ the entire dependency graph and provides other introspection APIs. | ||
│ | ||
├── esy/bin | ||
│ This dune executable implements "esy" command. | ||
│ | ||
├── esy-solve | ||
│ This dune library implements solver. | ||
│ | ||
├── esy-fetch | ||
│ This dune library implements installer - fetching and installing of package sources | ||
│ | ||
├── esy-build-package | ||
│ This dune library implements package builder. esy library uses this to | ||
│ build each package. | ||
│ | ||
├── esy-build-package/bin | ||
│ This dune executable implements "esy-build-package" command. | ||
│ | ||
├── esy-install-npm-release | ||
│ Sources for `bin/esyInstallRelease.js`. | ||
│ | ||
├── esy-command-expression | ||
│ Parser for #{...} syntax used in esy manifests. | ||
│ | ||
├── esy-shell-expansion | ||
│ A simple shell expansion. | ||
│ | ||
├── esy-lib | ||
│ A collection of utility modules shared between other libraries. | ||
│ | ||
├── site | ||
│ Sources for https://esy.sh | ||
│ | ||
├── esy.lock | ||
│ Lock files. Esy uses itself for development | ||
│ | ||
├── package.json | ||
│ Manifest for yarn to manage NPM dependencies of this project | ||
│ | ||
├── scripts | ||
│ | ||
├── test | ||
│ Unit tests. | ||
│ | ||
├── test-e2e-slow | ||
│ End-to-end test suite which takes a significant amount of time since they're | ||
│ not mocked or rarely so. | ||
│ We execute it on CI by placing `@slowtest` token in commit messages. | ||
│ | ||
└── test-e2e | ||
End-to-end test suite that dont need the network. Heavily mocked | ||
## Workflow | ||
To make changes to `esy` and test them locally: | ||
``` | ||
% git clone --recurse-submodules git://github.com/esy/esy.git | ||
% cd esy # Change to the cloned directory | ||
% esy # install and build dependencies | ||
``` | ||
And then run newly built `esy` executable from anywhere by adding `PATH_TO_REPO/_build/install/default/bin` | ||
to the $PATH during the shell's session. On Windows, append `PATH_TO_REPO/bin` too. | ||
### Updating `bin/esyInstallRelease.js` | ||
`bin/esyInstallRelease.js` is developed separately within the `esy-install-npm-release/` directory. | ||
Run: | ||
``` | ||
% make bin/esyInstallRelease.js | ||
``` | ||
to update the `bin/esyInstallRelease.js` file with the latest changed, don't | ||
forget to commit it. | ||
### Running Tests | ||
`esy` has primarily 3 kinds of tests. | ||
1. Unit tests - useful when developing parsers etc | ||
2. Slow end-to-end tests | ||
3. Fast end-to-end tests | ||
#### Unit Tests | ||
These are present inline in the `*.re` files. To run them, | ||
``` | ||
esy b dune runtest | ||
``` | ||
#### Fast end-to-end tests | ||
These are present in `test-e2e` folder and are written in JS. They're run by `jest` | ||
``` | ||
yarn jest | ||
``` | ||
#### Slow end-to-end tests | ||
They're present in `test-e2e-slow` and are written in JS. They're supposed to mimick the user's workflow | ||
as closely as possible. | ||
By placing `@slowtest` token in commit messages, we mark the commit ready for the slow tests framework | ||
(tests that hit the network). They are run with `node test-e2e-slow/run-slow-tests.js` | ||
#### Windows | ||
In cases e2e tests fail with `Host key verification failed.`, you might have to create ssh keys | ||
in the cygwin shall and add them to your github profile. | ||
1. Enter cygwin installed by esy (not the global one) | ||
```sh | ||
.\node_modules\esy-bash\re\_build\default\bin\EsyBash.exe bash | ||
npm i -g esy | ||
``` | ||
2. Generate ssh keys | ||
## Documentation | ||
```sh | ||
ssh-keygen | ||
``` | ||
You can find the Esy documentation [on the website](https://esy.sh/). You can also find them under the [docs folder](./docs) of the source tree. | ||
3. Add the public key to you Github profile | ||
## Contributing | ||
4. Add the following to the bash rc of the cygwin instance | ||
Please refer the documents in [docs/contributing](./docs/contributing). You'll find instructions for building the source, CI setup, release process, esy internal concepts and other documentation to help you get started hacking on esy. You can also find them on the website [under the contributing section](https://esy.sh/docs/contributing/building-from-source) | ||
```sh | ||
eval $(ssh-agent -s) | ||
ssh-add ~/.ssh/id_rsa | ||
``` | ||
### Branches | ||
There are two branches: | ||
- `master` — the active development, we cut new versions out of there regularly. | ||
- `0.0.x` — maintainance branch for 0.0.x releases. | ||
- `0.2.x` — maintainance branch for 0.2.x releases. | ||
- `0.3.x` — maintainance branch for 0.3.x releases. | ||
## Workflow for esy.sh | ||
To make changes to [esy.sh][]: | ||
1. Bootstrap site's dev environment: | ||
``` | ||
% make site-bootstrap | ||
``` | ||
2. Run site locally: | ||
``` | ||
% make site-start | ||
``` | ||
3. When you are happy with the changes: | ||
``` | ||
% make site-publish | ||
``` | ||
## Issues | ||
@@ -225,74 +44,13 @@ | ||
## Publishing Releases | ||
## History and motivation | ||
esy is released on npm. | ||
See [`package.json` for compilers](https://github.com/jordwalke/PackageJsonForCompilers) | ||
Because esy is written in OCaml/Reason and compiled into a native executable we | ||
need to acquire a set of prebuilt binaries for each supported platform (Windows, | ||
macOS and Linux). We employ CI servers (thanks Azure) to build platform specific | ||
releases. | ||
## Maintenance and Sponsorship | ||
The release workflow is the following: | ||
This project was originally authored by [Andrey Popp](https://github.com/andreypopp), and is currently maintained by [ManasJayanth](https://github.com/ManasJayanth). The project is currently not funded and could benefit from generous sponsorships. | ||
1. Ensure you are on `master` branch and assuming you want to release the | ||
version currently defined in `package.json` (see step 6.), run | ||
``` | ||
% make release-tag | ||
% git push && git push --tags | ||
``` | ||
2. Wait till CI finishes its task and release `@esy-nightly/esy` package. | ||
You can test it manually. | ||
3. Run | ||
``` | ||
% make release-prepare | ||
``` | ||
which downloads the nightly corresponding to the current commit working | ||
directory is at and "promotes" it to a release. It will create | ||
`_release/package` directory. | ||
4. Ensure release inside `_release/package` directory is ok. | ||
You can `cd _release/package && npm pack && npm install -g ./esy-*.tgz` to test how | ||
release installs and feels. | ||
5. Run | ||
``` | ||
% make release-publish | ||
``` | ||
to upload the release on npm. | ||
Use | ||
``` | ||
% make NPM_RELEASE_TAG=next release-publish | ||
``` | ||
to publish the release under `next` tag (so users won't get it automatically but | ||
only explicitly requested). | ||
6. Bump version in `package.json` to the next patch version. | ||
We expect the next version to be mostly a patch version. In case you | ||
want to release new minor or major version you need to bump it before the | ||
release. | ||
[hello-ocaml]: https://github.com/esy-ocaml/hello-ocaml | ||
[hello-reason]: https://github.com/esy-ocaml/hello-reason | ||
[esy/esy]: https://github.com/esy/esy | ||
[esy-ocaml/esy-opam]: https://github.com/esy-ocaml/esy-opam | ||
[opam]: https://opam.ocaml.org | ||
[npm]: https://npmjs.org | ||
[reason]: https://reasonml.github.io | ||
[ocaml]: https://ocaml.org | ||
[dune]: http://dune.readthedocs.io | ||
[ocamlbuild]: https://github.com/ocaml/ocamlbuild/blob/master/manual/manual.adoc | ||
[pjc]: https://github.com/jordwalke/PackageJsonForCompilers | ||
[NPM]: https://npmjs.org | ||
[esy.sh]: http://esy.sh | ||
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 17 instances in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 8 instances in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
269857905
41
45983
54
4
58
43