Commit Graph

48 Commits

Author SHA1 Message Date
Sandro Jäckel
0000005bd6
mkYarnPackage: use provided pname
Before it was unexpectedly overwritten to the name in package.json which
breaks meta.mainProgram and through that nix run nixpkgs#prettierd
2023-07-11 22:12:59 +02:00
Sandro Jäckel
000003825d
yarn2nix: cleanups 2023-07-11 22:11:54 +02:00
Guillaume Desforges
6bf78d8d3d mkYarnPackage: fix uncopied resolutions field
Yarn only uses the "resolutions" field in the top-level package.json
file of a workspace. While it has been taken into account for
mkYarnWorkspace (9801e6e53d), it has not
been fixed for mkYarnPackage yet, which also uses the yarn workspace
mechanism under the hood.

A bit of care was needed because we don't want to introduce any IFD.
2023-04-11 10:58:16 +00:00
figsoda
42d1d60a92
Merge pull request #206773 from SuperSandro2000/cleanup-unused-bindings
treewide: cleanup some unused bindings
2023-02-06 20:07:50 -05:00
Sandro Jäckel
50e0012f9d
treewide: cleanup some unused bindings 2023-02-07 01:36:15 +01:00
Mel Bourgeois
31f7acfbb5
yarn2nix: add easy yarn & nodejs pkg overrides
Projects often require a specific major version of NodeJS, and sometimes
a specific yarn version. Since yarn2nix utilities are accessed from
nixpkgs now, there is no simple way to override versions of nodejs and
yarn without complex solutions like an overlay.

This adds `yarn` and `nodejs` as optional attribute arguments to
`mkYarnModules`, `mkYarnPackage`, and `mkYarnWorkspace`. They default to
the same versions that are currently being used, and the nodejs input to
yarn is overridden so that it will match if only `nodejs` is overridden
by the user.

These arguments will also cascade from `mkYarnWorkspace` ->
`mkYarnPackage` -> `mkYarnModules`, making per-package overrides very
simple.
2023-01-19 19:05:18 -06:00
Ryan Lahfa
5b4485c8cd
Merge pull request #197185 from Smona/handle-multiple-integrity-hashes
yarn2nix: Handle lockfile entries with multiple integrity hashes
2022-12-18 22:40:16 +01:00
Naïm Favier
74ad812b93
mkYarnPackage: fix meta
Correctly inherit meta attributes from `package.json`.
2022-11-23 10:33:22 +01:00
Sandro Jäckel
95567a1283
yarn2nix: allow running scripts 2022-11-09 01:25:30 +01:00
Mel Bourgeois
1948179a74 yarn2nix: limit ssri parsing to supported algorithms
Nix supports md5, sha1, sha256, and sha512 hashes. The first two are
deprecated, but many npm packages provide only a sha1, so we have to
allow that one. This commit continues to leverage `ssri` for reliable
integrity string parsing and algorithm selection, but limits it to only
supported hash algorithms.

It also switches the hash representation in the generated nix file to
base64, since that format is supported by nix (suggested by jtojnar).
This saves a little disk space and computation.

Finally, it adds a .prettierignore file, since prettier called with the
arguments in the format command currently tries to format node_modules.
2022-10-30 17:31:10 -05:00
Mel Bourgeois
965665f788 yarn2nix: format code 2022-10-26 19:30:06 -05:00
Mel Bourgeois
0bb8e94900 yarn2nix: Handle lockfile entries with multiple integrity hashes
Some NPM packages provide multiple integrity hashes with different
algorithms. These are space separated, like below:

```
tar@^4:
  version "4.4.19"
  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.19.tgz#2e4d7263df26f2b914dee10c825ab132123742f3"
  integrity "sha1-Lk1yY98m8rkU3uEMglqxMhI3QvM= sha512-a20gEsvHnWe0ygBY8JbxoM4w3SJdhc7ZAuxkLqh+nvNQN2IOt0B5lLgM490X5Hl8FF0dl0tOf2ewFYAlIFgzVA=="
```

Currently, yarn2nix isn't able to handle these lockfile entries,
producing an error like `error: hash 'Lk1yY98m8rkU3uEMglqxMhI3QvM=
sha512' has wrong length for hash type 'sha1'`. This is because it isn't
aware that spaces could separate multiple hashes.

This commit uses the official Standard Subresource Integrity package
from npm to parse the integrity line, and pick the best available
algorithm. It also replaced many of the local yarn2nix entries with
sha512, even ones that don't include it in the lockfile. Not sure how
that happened, but it works in practice!

The addition of `ssri` may also reduce signs and symptoms of depression.
2022-10-26 19:23:08 -05:00
Sandro Jäckel
9bbc053f1a
yarn2nix: change yarnFlags to append by default
The main usecase for this variable is to append --production to yarn
which now got a whole lot easier because you no longer need to repeat
the defaults.
2022-07-24 16:18:09 +02:00
Sumner Evans
093a003639
yarn2nix: allow setting doDist by calling packages 2022-05-31 09:52:09 -06:00
Naïm Favier
7f9c7443ae yarn2nix: extend NixOS/nix#5128 workaround to 2.4+
The issue was not fixed in later versions, so we need the workaround
for all versions greater than `2.4pre`.
2022-05-03 08:18:11 -04:00
Robert Hensing
200175a701 config.allowAliases: Define as option
This simplifies usages and makes the default value consistent.

In a few cases, the default value was interpreted to be `false`,
but this is useless, because virtually nobody will explicitly
set `allowAliases = true;`.
2022-04-01 11:33:10 +02:00
Silvan Mosberger
c7b52869d8
Merge pull request #128119 from Simspace/yarn2nix-preserve-resolutions
yarn2nix: preserve top-level package.json resolutions field in workspace
2022-03-24 05:00:51 +01:00
Richard Wallace
9801e6e53d yarn2nix: preserve top-level package.json resolutions field in workspace
The `package.json` produced when building node_modules for a workspace
ignores the `resolutions` from the project `package.json`. This results
in dependencies being resolved in a way that conflicts with the
`yarn.lock` file. To fix this, we need to preserve the `resolutions`.
2022-03-23 14:34:01 -07:00
Thomas Baggaley
e3a60c19f8 yarn2nix: support new yarn workspace json 2022-03-05 00:27:42 -05:00
Jan Tojnar
ecb6f035e6 yarn2nix: Add support for nativeBuildInputs in pkgConfig 2022-01-28 17:41:25 +01:00
Jan Tojnar
b121d01d29
Merge pull request #119522 from AmineChikhaoui/yarn2nix-use-integrity-field
yarn2nix: use yarn lockfile integrity field whenever possible
2021-12-09 01:49:46 +01:00
AmineChikhaoui
487aaa905f yarn2nix: use yarn lockfile integrity field whenever possible
Whenever available use the SRI hashes from the integrity field to create
the fetchurl calls instead of entirely relying on the `resolved` sha1
which may or may not exist with recent yarn versions.

Related issues:

- https://github.com/nix-community/yarn2nix/issues/125
- https://github.com/NixOS/nixpkgs/issues/77238
2021-12-04 08:02:10 +01:00
Shamrock Lee
60950f739e lib/meta: add getLicenseFromSpdxId function
Move function spdxLicense, internally used in yarn2nix
to lib/meta.nix, and
rename to getLicenseFromSpdxId

A similar function is implemented in poetry2nix,
but the one originally in yarn2nix seems beter.
since it falls back to an license-like attrset
for mismatched case
instead of a plain string
2021-12-02 18:33:48 +08:00
Yureka
1d525f51fb yarn2nix: add nix-prefetch-git to PATH 2021-10-31 14:37:51 +01:00
Yureka
7bec541117 yarn2nix: no sha1 for github tarballs
Since b27d18a412 we fetch packages with codeload.github.com tarballs as
resolved field with fetchgit. The sha1 of the tarball is irrelevant,
instead nix-prefetch-git will be used to determine the expected fetchgit
FOD hash.

Fixes #143828
2021-10-31 14:37:51 +01:00
Yureka
84e02be598 fetchYarnDeps, mkYarnModules: verify the FOD hash is up-to-date 2021-10-20 11:39:16 +02:00
Yureka
cf6f772676 mkYarnModules: allow passing custom offlineCache 2021-10-20 11:39:16 +02:00
Yureka
30aeeaded4 yarn2nix: fix running without --no-patch 2021-10-14 18:46:22 +02:00
Yuka
4c7e1a10b4
yarn2nix: fix "rev is not defined" (#141207)
Must have slipped in when incorporating comments on #136922
2021-10-10 23:30:24 +02:00
Yureka
b7e7d35ccc yarn2nix: workaround for NixOS/nix#5128 2021-10-10 16:26:47 +09:00
Yuka
b27d18a412
yarn2nix: handle codeload.github.com uris in IFD mode (#136922) 2021-10-08 14:18:57 +02:00
Maximilian Bosch
ca4e61d586 yarn2nix: run nix-prefetch-git with --fetch-submodules
`pkgs.fetchgit` uses `fetchSubmodules = true;` by default, however
`nix-prefetch-git` doesn't. This means that hashes for a Git repository
with fetched submodules will be wrong in `yarn.nix`.

Considering that this got unnoticed before, it seems as if this case is
an exception to a certain degree.

An exemplary problem is the last `hedgedoc` update[1] where
`js-sequence-diagrams` - a Git repo with submodules - from upstream's
package.json caused a hash mismatch. This got unnoticed because
`nix-build --check` doesn't seem to reveal these issues for fixed-output
derivations.

[1] https://github.com/NixOS/nixpkgs/pull/139238
2021-09-26 21:05:28 +02:00
Felix Buehler
6ee7f33833 yarn2nix: replace simple mkDerivation with runCommandLocal 2021-08-22 19:35:42 +09:00
Felix Buehler
43b5d5ae70 yarn2nix: deprecate phases 2021-08-16 22:37:41 +02:00
Robert Hensing
a201246bac treewide: runCommandNoCC -> runCommand in generated code
This has been synonymous for ~5y.

Note that many of these runCommand bindings are unused, but that's
ok for generated code.
2021-08-15 17:36:41 +02:00
Robert Hensing
0d859a070e yarn2nix-moretea: Generate runCommand instead of -NoCC
This has been synonymous for ~5y.
2021-08-15 17:36:41 +02:00
Sandro
476f69bc5e
Merge pull request #101521 from egasimus/patch-2 2021-06-09 12:54:50 +02:00
Maximilian Bosch
fea2b25c74 yarn2nix: set name to ${pname}-${version} by default 2021-06-02 19:21:31 +09:00
lassulus
23d75e6be0 yarn2nix: improve naming regexes
Originally submitted in https://github.com/nix-community/yarn2nix/pull/128
2021-01-01 21:30:43 +01:00
lassulus
6e687b6325 yarn2nix: yarn update 2021-01-01 17:35:05 +01:00
lassulus
32c9918ba6 yarn2nix: Handle codeload.github.com tarballs
This was submitted originally in https://github.com/nix-community/yarn2nix/pull/130
2020-12-30 19:01:48 +01:00
Gabriel Ebner
b184f8f883 mkYarnPackage: allow overriding version 2020-12-13 13:42:56 +01:00
Adam Avramov
4ef1e5b8de yarn2nix: expose yarnPostBuild
The way I see it, there's no point in the argument being there if it can't be used.
Right now its lack currently prevents a workaround for an issue I can't wrap my head around - first encountered [here](https://logs.nix.samueldr.com/nixos-dev/2019-08-28#2532857;).
2020-12-08 23:54:40 +01:00
Maximilian Bosch
0c49f1896e
yarn2nix-moretea: re-add support for git:// URLs from yarn.lock
@lheckemann already added it to `yarn2nix` a while ago[1], but it seems
as it was forgotten to include when adding `yarn2nix` sources to
`nixpkgs` itself.

Without this patch, you cannot add dependencies to your `package.json`
with URLs like `git://github.com/.../` as building the expression would
fail like this:

```
curl: (1) Protocol "git" not supported or disabled in libcurl
error: cannot download git___github.com_sstur_nodeftpd.git from any mirror
```

Co-authored-by: Linus Heckemann <git@sphalerite.org>

[1] https://github.com/nix-community/yarn2nix/pull/141
2020-10-09 09:55:35 +02:00
Silvan Mosberger
75ee18766a
yarn2nix: Don't pass yarnNix to mkDerivation (#92856)
The generated yarnNix file doesn't need to be part of the mkDerivation.
And doing so prevents other platforms from reproducibly instantiating
it. With this change you can e.g. do

  darwinPkgs.yarn2nix.mkYarnPackage {
    # ...
    yarnNix = pkgs.yarn2nix.mkYarnNix {
      yarnLock = ./yarn.lock;
    };
  }

Which is a darwin derivation, but can still be instantiated reproducibly on Linux.
2020-07-10 16:24:03 +00:00
Milan
ed90e59fc2 yarn2nix-moretea: v1.0.0-36-g3f2dbb0 -> v1.0.0-39-g9e7279e (#73911)
Includes the following upstream commits:

- Fix for package.json without a version (moretea/yarn2nix#113)
- Don't access package.json via filtered src (moretea/yarn2nix#115)
- remove redundant rec (moretea/yarn2nix#119)
2019-11-22 14:27:11 +00:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
WilliButz
f748b501e8
yarn2nix-moretea: init at 2019-04-10 2019-07-25 17:15:00 +02:00