-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: e pr download-dist <number> #679
base: main
Are you sure you want to change the base?
Conversation
src/e-pr.js
Outdated
if (!(await fs.promises.stat(electronAppPath).catch(() => false))) { | ||
fatal(`Electron.app not found within the extracted dist.zip.`); | ||
return; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For Mac versions, do we want to automatically remove the quarantine with xattr -c Electron.app
since the app will be unsigned, or do we want to leave that to the developer?
I suppose we could either prompt the caller, or add a CLI flag if it doesn't seem safe to automatically remove it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was also wondering about this. When I run the script, and double-click the .app, it doesn't seem to show me the popup about it being downloaded from the internet 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe when I manually downloaded the artifact, that attribute was added by Chrome to the .zip
and then propagated to the .app
when I extracted the zip. If downloading it via a script doesn't encounter the same problem, then all the better :)
Co-authored-by: Will Anderson <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Can we implement this without it being a breaking change to
e pr
? I know we don't guarantee CLI stability, but it's nice to avoid breaking it in case others are using it (such as other tooling like the Electron Build Tools VS Code extension) - This won't support Windows until we migrate from AppVeyor to GHA (should be soon), might be worth calling out
Agreed. I was able to find a way to do this in 9e2ad26 👍
For now this will fail when it can't the artifacts.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a +1 on the general concept, but a couple of thoughts on the implementation:
- Would be nice if there was a built-in way to clean out downloaded artifacts so they don't build up over time.
- I think some guard rails around this would be good, to prevent a user from fat fingering a PR number and potentially running code they didn't intend to on their local machine. Perhaps a confirmation prompt that displays the title of the PR, the author, indicates if it's a fork, etc?
@@ -28,6 +28,7 @@ | |||
"command-exists": "^1.2.8", | |||
"commander": "^9.0.0", | |||
"debug": "^4.3.1", | |||
"extract-zip": "^2.0.1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
extract-zip
is unmaintained and the last release was 4 years ago, so I'd prefer to use a maintained alternative if we're adding a new dependency.
IMO https://www.npmjs.com/package/adm-zip is a solid alternative, and it can extract to a Buffer
in-memory which could be useful to avoid the temp dir logic (at the expense of higher memory usage) and get straight to the dist.zip
file. Quick pseudo-code example:
const distZipEntry = artifactZip.getEntry('dist.zip');
if (!distZipEntry) {
fatal(`dist.zip not found within the artifact.`);
return;
}
const distZip = new AdmZip(artifactZip.readFile(distZipEntry));
distZip.extractAllTo(outputDir);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is validating actually 👍 I would have reached for that package first, but saw we were using extract-zip
in many other places so I was aiming for consistency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yea, historically we've used it but probably time to move on given it's unmaintained. I have loose plans to migrate our other usages of it as appropriate.
Co-authored-by: David Sanders <[email protected]>
@dsanders11 here's sample output from the confirmation prompt I added
I'm still thinking about how I want to approach cleaning up. Whether it should be another command or automatically checked each time any build-tools command is issued. Also, excellent recommendation with extracting in-memory. It cleaned up a lot of code! |
"strip-ansi-cjs@npm:strip-ansi@^6.0.1": | ||
version "6.0.1" | ||
resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" | ||
integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== | ||
dependencies: | ||
ansi-regex "^5.0.1" | ||
|
||
strip-ansi@^6.0.0, strip-ansi@^6.0.1: | ||
"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you're using an older version of Yarn so these are getting folded back into one, which can actually cause some weird issues (not sure it will in this specific case). If I revert these changes and run yarn install
with v1.22.22 the only change I get is the adm-zip
addition.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're correct, I was on v1.22.17 🧠
I'll update and fix.
Opened #680 for cleaning up artifacts. |
Bad news regarding |
@samuelmaddock, ah, unfortunate. Thanks for the update, makes sense. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocking on the lockfile change regarding wrap-ansi
and friends.
As another safety mechanism I think it would be good to not allow downloading dist for closed PRs. An option could allow it if we think that's a valid use case, but if someone puts up a malicious PR I don't want it to be easy to download the artifacts after we close it.
It's also not clear to me how this PR handles changes to PRs. I think the short SHA should be worked into the artifact names to avoid confusion? There's currently no indicator which commit the artifacts are for, which seems like a recipe for getting confused about which changes are running.
// Cleanup temporary files | ||
try { | ||
await fs.promises.rm(tempDir, { recursive: true }); | ||
} catch { | ||
// ignore | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this can just go in a finally
block rather than repeating it in both blocks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue is that fatal()
will call process.exit(1)
and the cleanup won't happen. I'll refactor this to use process.exitCode = 1
src/e-pr.js
Outdated
const { proceed } = await inquirer.prompt([ | ||
{ | ||
type: 'confirm', | ||
name: 'proceed', | ||
message: `You are about to download artifacts from: | ||
|
||
“${pullRequest.title} (#${pullRequest.number})” by ${pullRequest.user.login} | ||
${pullRequest.head.repo.html_url}${isElectronRepo ? ' (fork)' : ''} | ||
|
||
Proceed?`, | ||
}, | ||
]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I think I'd prefer this default to false so users can't fat finger through, but it's not a sticking point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reasonable preference, I'll add it 👍
@dsanders11 how would you feel about a prompt like this regarding the closed PR issue
|
@samuelmaddock, with that and the default being N, I think I'm good with that. 👍 |
e pr download-dist <number>
will download a pull request's dist artifacts to~/.electron_build_tools/artifacts/pr_{number}_{platform}_{arch}
As a followup, we could add a
electron-fiddle://
command to register it as a local build for easier testing. With that, this command could register the downloaded artifact.