chore: stop using npm workspaces (#279)

With this change there is now a single "packages/opentelemetry-node/package-lock.json" file that can unambiguously be used for a reproducible distribution (i.e. a Docker image or lambda layer zip file). This moves *away* from using npm workspaces. That's a bit of a bummer. However, AFAICT there is no way to use the package-lock.json when using npm workspaces to create a dist of just the opentelemetry-node package. The goal is to have a docker image build of this package, using the versions in package-lock for reproducible builds. In general a workspaces-package-lock could have a split of deps at the top-level and in packages/opentelemetry-node/node_modules that cannot be correctly resolved into a single node_modules tree without reproducing npm's internal layout logic. Also: * correct test versionRanges to use caret so '20.0.0' doesn't accidentally pass (20.0.0 >= 18.19.0, oops) * update dependabot config for the separate packages; deprecate update-otel-deps in the hopes that dependabot can handle otel updates now
elastic · Aug 1, 2024 · 5284e96 · 5284e96
1 parent 871b238
commit 5284e96
Show file tree

Hide file tree

Showing 23 changed files with 20,770 additions and 15,472 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,5 +1,38 @@
 version: 2
 updates:
+  - package-ecosystem: "npm"
+    directory: "/packages/opentelemetry-node"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "elastic/apm-agent-node-js"
+    groups:
+      opentelemetry:
+        patterns:
+        - "@opentelemetry/*"
+        - "@smithy/*"
+      aws-sdk:
+        dependency-type: "development"
+        patterns:
+        - "@aws-sdk/*"
+        - "@smithy/*"
+      patch-level:
+        update-types:
+        - "patch"
+
+  - package-ecosystem: "npm"
+    directory: "/packages/mockotlpserver"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "elastic/apm-agent-node-js"
+    groups:
+      repo-root:
+        patterns:
+        - "*"
+
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
@@ -8,10 +41,6 @@ updates:
     reviewers:
       - "elastic/apm-agent-node-js"
     ignore:
-      # Ignore otel deps updates because dependabot messes it up. Use
-      # 'npm run maint:update-otel-deps' instead. See
-      # https://github.com/elastic/elastic-otel-node/pull/68 for details.
-      - dependency-name: "@opentelemetry/*"
       # eslint-related deps are skipped until we have upgraded to eslint@9
       # https://github.com/elastic/elastic-otel-node/pull/155
       - dependency-name: "eslint*"
@@ -23,21 +52,27 @@ updates:
       - dependency-name: "minimatch" # minimatch@10 dropped 14, 16, 18
         versions: [ ">=10" ]
     groups:
-      aws-sdk:
-        dependency-type: "development"
-        patterns:
-        - "@aws-sdk/*"
-        - "@smithy/*"
       # eslint:
       #   dependency-type: "development"
       #   patterns:
       #   - "eslint*"
       #   - "@eslint/*"
-      patch-level:
-        update-types:
-        - "patch"
+      repo-root:
+        patterns:
+        - "*"
+
+  - package-ecosystem: "npm"
+    directory: "/examples"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "elastic/apm-agent-node-js"
+    groups:
+      examples:
+        patterns:
+        - "*"
 
-  # GitHub actions
   - package-ecosystem: "github-actions"
     directory: "/"
     reviewers:

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -25,5 +25,5 @@ jobs:
         with:
           node-version: 20
           cache: 'npm'
-      - run: npm ci
+      - run: npm run ci-all
       - run: npm run lint
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -26,7 +26,7 @@ jobs:
           node-version: 'v18.20.2'
           registry-url: 'https://registry.npmjs.org'
 
-      - run: npm ci --ignore-scripts
+      - run: npm run ci-all
 
       - name: npm publish
         working-directory: ./packages/opentelemetry-node

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -42,7 +42,7 @@ jobs:
           - '16'
           - '16.0'
           - '14'
-          - '14.17'
+          - '14.18.0'
 
     runs-on: ubuntu-latest
 
@@ -78,10 +78,10 @@ jobs:
     - uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node }}
-    - name: Update npm to a version that supports workspaces (v7 or later)
-      if: ${{ matrix.node < 16 }}
+    - name: Update npm to a version that supports package-lock lockfileVersion=2.
+      if: ${{ startsWith(matrix.node, '14') }}
       run: npm install -g npm@9 # npm@9 supports node >=14.17.0
-    - run: npm ci
+    - run: npm run ci-all
     - run: npm test
 
   # TODO: test-windows eventually
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -29,6 +29,7 @@ obvious at first sight.
 Ensure your code contribution pass our linting (style and static checking):
 
 ```
+npm run ci-all
 npm run lint
 ```
 
@@ -44,7 +45,7 @@ npm run lint:fix
 tl;dr:
 
 ```shell
-npm ci
+npm run ci-all   # runs 'npm ci' in all package dirs; see note 1
 cd packages/opentelemetry-node
 npm run test-services:start  # requires Docker
 npm test
@@ -53,6 +54,8 @@ npm run test-services:stop
 
 See [TESTING.md](./TESTING.md) for full details.
 
+> *Note 1*: While this repo holds multiple packages, it is *not* using npm workspaces. This means that one must `npm ci` (or `npm install`) in each package directory separately. See [this issue](https://github.com/elastic/elastic-otel-node/pull/279) for why npm workspaces are not being used.
+
 
 ## Commit message guidelines
 

diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -14,7 +14,7 @@ provides a CLI tool for this.
 ```sh
 git clone https://github.com/elastic/elastic-otel-node.git
 cd elastic-otel-node/
-npm ci
+npm run ci-all
 cd packages/mockotlpserver
 npm start -- --help  # mockotlpserver CLI options
 npm start

diff --git a/RELEASING.md b/RELEASING.md
@@ -1,9 +1,10 @@
 # How to release packages in this repo
 
-This is a monorepo with multiple packages. Currently each package releases
-independently -- i.e. their versioning is not tied to each other. A release of
-a package consists of (a) a repo git tag at the appropriate commit and (b) one
-or more release artifacts (typically a release published to npmjs.com).
+This repository holds multiple npm packages (though npm workspaces are not
+being used). Currently each package releases independently -- i.e. their
+versioning is not tied to each other. A release of a package consists of (a) a
+repo git tag at the appropriate commit and (b) one or more release artifacts
+(typically a release published to npmjs.com).
 
 By far the primary package in this repo is [`@elastic/opentelemetry-node`](./packages/opentelemetry-node/).
 The tag name for a release of the primary package will not use a prefix; other
@@ -23,7 +24,7 @@ Assuming "x.y.z" is the release verison:
 
 2. Create a PR with these changes:
     - Bump the "version" in "packages/opentelemetry-node/package.json".
-    - Run `npm install` at the top-level to update "package-lock.json".
+    - Run `npm install` in "packages/opentelemetry-node/" to update "packages/opentelemetry-node/package-lock.json".
     - Update "packages/opentelemetry-node/CHANGELOG.md" as necessary.
     - Name the PR something like "release @elastic/opentelemetry-node@x.y.z".
 
@@ -36,7 +37,7 @@ Assuming "x.y.z" is the release verison:
     ```
     The GitHub Actions "release" workflow will handle the release
     steps -- including the `npm publish`. See the appropriate run at:
-    https://github.com/elastic/elastic-otel-node/actions/workflows/release.yml)
+    https://github.com/elastic/elastic-otel-node/actions/workflows/release.yml
 
 
 ## How to release other packages

diff --git a/examples/.npmrc b/examples/.npmrc
@@ -0,0 +1,2 @@
+lockfile-version=2
+prefer-dedupe=true