Pull data files from ICU GitHub instead of npm #53
Conversation
|
|
srl295
force-pushed
the
pull-l-from-gh
branch
2 times, most recently
from
3ea0c1b
to
c46cc99
Compare
srl295
force-pushed
the
pull-l-from-gh
branch
from
c46cc99
to
dcf0d5b
Compare
srl295
force-pushed
the
pull-l-from-gh
branch
3 times, most recently
from
0034ab8
to
3a0a45a
Compare
|
okey dokey I'm not sure where all the semicolons went, and it's too noisy, but it seems to work. Set env var |
srl295
force-pushed
the
pull-l-from-gh
branch
from
3a0a45a
to
0818c3f
Compare
|
force push to fix the logic for little endian folks |
|
I would say I'm trying to work myself out of a job, but that kind of took care of itself last year 8-D |
|
in yarnpkg/berry#873 (comment) @arcanis said:
I'm going to take that as a vote against using npm|yarn add |
|
any other comments from @nodejs/npm ? like to make sure i'm fixing a real problem, and that the fix is better than the problem, and that i've well documented why a change is being made. |
|
post install considered harmful by yarn: https://yarnpkg.com/advanced/lifecycle-scripts#a-note-about-postinstall |
|
@srl295 I guess I'm not entirely understanding the process of what is happening with these changes, and how it is not dynamic. If this is an incremental improvement and makes things more reliable it probably makes sense to move forward with it and perhaps explore ways to improve it moving forward. Happy to find time for a quick call if you want to talk through it, feel free to dm me to find time. |
|
I don't have much context on this particular package or change, but as a general tip I got feedback in the past that serving assets directly from GitHub was problematic for users behind certain firewalls (particularly China), cf yarnpkg/berry#982. |
I'm not sure what the problem here is tbh. Is it the postinstall approach or is it "where should we source this content?" If the problem being solve here is "installing platform-specific assets" then this is the same problem that If the problem being solved here is "where do we source the assets from" then we do lose the baked in idempotency we get from the npm registry and also the checksum validation that an npm or yarn install would give. We also, as @arcanis pointed out, lose some availability from behind certain firewalls. Checksums are already baked into the npm registry: $ npm view icu4c-data@67l dist
{
integrity: 'sha512-OIRiop+k1IVf4TBLEOj910duoO9NKwtJLwp++qWT6KT5gRziHNt+5gwhcGuTqRy++RTK2gLoAIbk8KYCNxW++g==',
shasum: '4c5264a9ec6e2d126b8d47b6faa618025ccbaaaf',
tarball: 'https://registry.npmjs.org/icu4c-data/-/icu4c-data-0.67.2.tgz',and I would recommend using those since that's already what will happen when you use the old npm method. This way there is a "guarantee" that there is no difference between the results based on if you use |
Both are problematic. #38 summarizes it: "you can't npm/yarn install (a random asset) from within a postinstall script". Both npm and yarn folks have confirmed this. npm seemed like one possible place to store the data due to the caching and availability mentioned.
It's "ICU version and endianness specific". So not quite platform specific. The ICU version changes once or twice a year. The basic logic is:
Putting it all together, then it attempts to run We don't know a priori what ICU version will be used. When node was installed, the user can do
There's no way to know what version is being used as mentioned. As I mentioned above, the files at https://github.com/unicode-org/icu/releases/tag/release-69-1 are GPG signed, so we could have some way to validate those. |
|
cool… unicode-org/icu@4a8b160 just barely made it into icu4c 70 rc … this means that workaround won't be needed |
srl295
force-pushed
the
pull-l-from-gh
branch
2 times, most recently
from
0c46860
to
d499e98
Compare
Fixes: #36 - fetch from ICU’s GitHub release instead of npm (ICU v50+) - set env FULL_ICU_PREFER_NPM=1 to prefer npm instead - add .eslint (as well as standard) - for ICU 67 and following, fetch from icu4c-___-data-_.zip - otherwise fetch from icu4c-src.zip for little endian - otherwise, use npm as before - work around ICU issue with data file name https://unicode-org.atlassian.net/browse/ICU-21764 - document the FULL_ICU_PREFER_NPM - test with FULL_ICU_PREFER_NPM=1
This avoid permission issues for users that cannot create files in "/", like "/tmpXXXX". It will generate "/tmp/XXX" instead. Ref: #62 d696940 Co-authored-By: Rachid Tarsimi <[email protected]>
srl295
force-pushed
the
pull-l-from-gh
branch
from
d499e98
to
4b0ee36
Compare
|
@wraithgar @MylesBorins think this is ready to merge… perhaps open new issues to track further work? |
|
https://github.com/nodejs/full-icu-npm/pull/53/checks?check_run_id=3758743393#step:4:25 Verifies that install-from-npm stays working |
|
Hi all, I've done an early publish to
|
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - uses: actions/setup-node@v1 |
There was a problem hiding this comment.
v2 also allows native caching https://github.com/actions/setup-node#caching-packages-dependencies if you set it. caching probably isn't needed right now, since there are no lock files
| - uses: actions/setup-node@v1 | |
| - uses: actions/setup-node@v2 |
| fail-fast: false | ||
| matrix: | ||
| container: | ||
| - node:12 |
There was a problem hiding this comment.
May be worth expanding out the matrix to cover supported versions or at least a version with NPM 6 vs NPM 7
There was a problem hiding this comment.
@nschonni makese sense (although probably good for a separate PR), do you have a recommendation?
| @@ -0,0 +1,14 @@ | |||
| language: node_js | |||
There was a problem hiding this comment.
Would probably drop this, since you've got this running on Actions now
install-gh-data.js
Outdated
| const myFetch = require('./myFetch') | ||
| const yauzl = require('yauzl') | ||
|
|
||
| // var isglobal = process.env.npm_config_global === 'true'; |
There was a problem hiding this comment.
Remove commented out code here, and below
| "description": "install 'full-icu' data for your current node", | ||
| "scripts": { | ||
| "lint": "standard", | ||
| "postinstall": "node postinstall.js" | ||
| "lint": "standard && eslint *.js test/*.js", |
There was a problem hiding this comment.
Think you can skip the call to standard since you're using the ESlint plug-in now
| @@ -0,0 +1,69 @@ | |||
| // Copyright (C) 2015-2016 IBM Corporation and Others. All Rights Reserved. | |||
There was a problem hiding this comment.
Not sure if this is right, or just got copied across from some of the other scripts
There was a problem hiding this comment.
it's copied from install-spawn
| @@ -0,0 +1,69 @@ | |||
| // Copyright (C) 2015-2016 IBM Corporation and Others. All Rights Reserved. | |||
There was a problem hiding this comment.
it's copied from install-spawn
feat: Pull from GitHub instead of npm
Fixes: #36
Fixes: #61
Fixes: #38