Commit 243bd56f authored by Lukas 'Eipi' Eipert's avatar Lukas 'Eipi' Eipert

Add danger check for duplicate yarn dependencies

This danger check utilises `yarn-deduplicate` in order to show duplicate
dependencies in the yarn.lock dependency tree.
Often when introducing new dependencies or updating existing ones, yarn
does not seem to build the most optimal dependency tree.

In order to prevent those unnecessary dependency updates we are nudging
developers and maintainers to resolve these issues in MRs. Automating
this with danger especially helps, as yarn.lock files are not that easy
to review.
parent 8b460204
......@@ -8,5 +8,6 @@ danger.import_dangerfile(path: 'danger/database')
danger.import_dangerfile(path: 'danger/documentation')
danger.import_dangerfile(path: 'danger/frozen_string')
danger.import_dangerfile(path: 'danger/commit_messages')
danger.import_dangerfile(path: 'danger/duplicate_yarn_dependencies')
danger.import_dangerfile(path: 'danger/prettier')
danger.import_dangerfile(path: 'danger/eslint')
# frozen_string_literal: true
return unless helper.all_changed_files.include? 'yarn.lock'
duplicate = `node_modules/.bin/yarn-deduplicate --list --strategy fewer yarn.lock`
.split(/$/)
.map(&:strip)
.reject(&:empty?)
return if duplicate.empty?
warn 'This merge request has introduced duplicated yarn dependencies.'
markdown(<<~MARKDOWN)
## Duplicate yarn dependencies
The following dependencies should be de-duplicated:
* #{duplicate.map { |path| "`#{path}`" }.join("\n* ")}
Please run the following command and commit the changes to `yarn.lock`:
```
node_modules/.bin/yarn-deduplicate --strategy fewer yarn.lock \\
&& yarn install
```
MARKDOWN
......@@ -158,7 +158,8 @@
"nodemon": "^1.18.4",
"prettier": "1.15.2",
"vue-jest": "^3.0.1",
"webpack-dev-server": "^3.1.10"
"webpack-dev-server": "^3.1.10",
"yarn-deduplicate": "^1.0.5"
},
"engines": {
"yarn": "^1.10.0"
......
......@@ -900,6 +900,11 @@
resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.1.tgz#5c85d662f76fa1d34575766c5dcd6615abcd30d8"
integrity sha512-FZdkNBDqBRHKQ2MEbSC17xnPFOhZxeJ2YGSfr2BKf3sujG49Qe3bB+rGCwQfIaA7WHnGeGkSijX4FuBCdrzW/g==
"@yarnpkg/lockfile@^1.1.0":
version "1.1.0"
resolved "https://registry.yarnpkg.com/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz#e77a97fbd345b76d83245edcd17d393b1b41fb31"
integrity sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ==
abab@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/abab/-/abab-2.0.0.tgz#aba0ab4c5eee2d4c79d3487d85450fb2376ebb0f"
......@@ -2301,7 +2306,7 @@ combined-stream@^1.0.6, combined-stream@~1.0.6:
dependencies:
delayed-stream "~1.0.0"
commander@2, commander@^2.18.0, commander@^2.19.0:
commander@2, commander@^2.10.0, commander@^2.18.0, commander@^2.19.0:
version "2.19.0"
resolved "https://registry.yarnpkg.com/commander/-/commander-2.19.0.tgz#f6198aa84e5b83c46054b94ddedbfed5ee9ff12a"
integrity sha512-6tvAOO+D6OENvRAh524Dh9jcfKTYDQAqvqezbCW82xj5X0pSrcpxtvRKHLG0yBY6SD7PSDrJaj+0AiOcKVd1Xg==
......@@ -10450,6 +10455,15 @@ yargs@^11.0.0:
y18n "^3.2.1"
yargs-parser "^9.0.2"
yarn-deduplicate@^1.0.5:
version "1.0.5"
resolved "https://registry.yarnpkg.com/yarn-deduplicate/-/yarn-deduplicate-1.0.5.tgz#e56016f1c29e77e323f401ea838f5e8c7cdbfd42"
integrity sha512-4nds6N7dxuXcfUZAVaSUVSlI4TvwEdMaZg/DRBf/KM3iFezNBdkhcTYptcwKaecAYAfVxx3g0Ex21kssSr8YsA==
dependencies:
"@yarnpkg/lockfile" "^1.1.0"
commander "^2.10.0"
semver "^5.3.0"
yeast@0.1.2:
version "0.1.2"
resolved "https://registry.yarnpkg.com/yeast/-/yeast-0.1.2.tgz#008e06d8094320c372dbc2f8ed76a0ca6c8ac419"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment