@@ -18,6 +18,8 @@ main() {
1818 VSCODE_SRC_PATH=" lib/vscode"
1919 VSCODE_OUT_PATH=" $RELEASE_PATH /lib/vscode"
2020
21+ create_shrinkwraps
22+ 2123 mkdir -p " $RELEASE_PATH "
2224
2325 bundle_code_server
@@ -55,15 +57,6 @@ bundle_code_server() {
5557EOF
5658 ) > " $RELEASE_PATH /package.json"
5759 rsync yarn.lock " $RELEASE_PATH "
58- 59- # To ensure deterministic dependency versions (even when code-server is installed with NPM), we seed
60- # an npm-shrinkwrap file from our yarn lockfile and the current node-modules installed.
61- synp --source-file yarn.lock
62- npm shrinkwrap
63- # HACK@edvincent: The shrinkwrap file will contain the devDependencies, which by default
64- # are installed if present in a lockfile. To avoid every user having to specify --production
65- # to skip them, we carefully remove them from the shrinkwrap file.
66- json -f npm-shrinkwrap.json -I -e " Object.keys(this.dependencies).forEach(dependency => { if (this.dependencies[dependency].dev) { delete this.dependencies[dependency] } } )"
6760 mv npm-shrinkwrap.json " $RELEASE_PATH "
6861
6962 rsync ci/build/npm-postinstall.sh " $RELEASE_PATH /postinstall.sh"
@@ -105,11 +98,44 @@ bundle_vscode() {
10598 " $VSCODE_SRC_PATH /package.json" > " $VSCODE_OUT_PATH /package.json"
10699
107100 rsync " $VSCODE_SRC_PATH /remote/yarn.lock" " $VSCODE_OUT_PATH /yarn.lock"
101+ mv " $VSCODE_SRC_PATH /remote/npm-shrinkwrap.json" " $VSCODE_OUT_PATH /npm-shrinkwrap.json"
108102
109103 # Include global extension dependencies as well.
110104 rsync " $VSCODE_SRC_PATH /extensions/package.json" " $VSCODE_OUT_PATH /extensions/package.json"
111105 rsync " $VSCODE_SRC_PATH /extensions/yarn.lock" " $VSCODE_OUT_PATH /extensions/yarn.lock"
106+ mv " $VSCODE_SRC_PATH /extensions/npm-shrinkwrap.json" " $VSCODE_OUT_PATH /extensions/npm-shrinkwrap.json"
112107 rsync " $VSCODE_SRC_PATH /extensions/postinstall.mjs" " $VSCODE_OUT_PATH /extensions/postinstall.mjs"
113108}
114109
110+ create_shrinkwraps () {
111+ # yarn.lock or package-lock.json files (used to ensure deterministic versions of dependencies) are
112+ # not packaged when publishing to the NPM registry.
113+ # To ensure deterministic dependency versions (even when code-server is installed with NPM), we create
114+ # an npm-shrinkwrap.json file from the currently installed node_modules. This ensures the versions used
115+ # from development (that the yarn.lock guarantees) are also the ones installed by end-users.
116+ # These will include devDependencies, but those will be ignored when installing globally (for code-server), and
117+ # because we use --omit=dev when installing vscode.
118+ 119+ # We first generate the shrinkwrap file for code-server itself - which is the current directory
120+ create_shrinkwrap_keeping_yarn_lock
121+ 122+ # Then the shrinkwrap files for the bundled VSCode
123+ pushd " $VSCODE_SRC_PATH /remote/"
124+ create_shrinkwrap_keeping_yarn_lock
125+ popd
126+ 127+ pushd " $VSCODE_SRC_PATH /extensions/"
128+ create_shrinkwrap_keeping_yarn_lock
129+ popd
130+ }
131+ 132+ create_shrinkwrap_keeping_yarn_lock () {
133+ # HACK@edvincent: Generating a shrinkwrap alters the yarn.lock which we don't want (with NPM URLs rather than the Yarn URLs)
134+ # But to generate a valid shrinkwrap, it has to exist... So we copy it to then restore it
135+ cp yarn.lock yarn.lock.temp
136+ npm shrinkwrap
137+ cp yarn.lock.temp yarn.lock
138+ rm yarn.lock.temp
139+ }
140+ 115141main " $@ "
0 commit comments