fix(core): fix the value check for publishConfig.provenance
#6781
+55
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
smorimoto
force-pushed
the
fix-value-check-publishconfig-provenance
branch
from
d79f2ff to
a138eff
Compare
|
The failure of CI has nothing to do with this PR, and #6776 needs to be merged first. |
clemyan
requested changes
May 7, 2025
There was a problem hiding this comment.
It is not possible for workspace.manifest.publishConfig to have a provenance key but set to undefined, because workspace.manifest is parsed from JSON. So using in here is correct. In fact, this change causes { "publishConfig": { "provenance": false } } to be ignored.
The fact that publishConfig.provenance in manifests do not take effect is not a bug with the publish code, but rather a bug with the manifest parser in Manifest.ts in the core.
smorimoto
force-pushed
the
fix-value-check-publishconfig-provenance
branch
from
a138eff to
ddfbfc1
Compare
smorimoto
changed the title
publishConfig.provenancepublishConfig.provenance
|
@clemyan Correct! I just updated the PR! |
Signed-off-by: Sora Morimoto <sora@morimoto.io>
smorimoto
force-pushed
the
fix-value-check-publishconfig-provenance
branch
from
ddfbfc1 to
9ba6b4e
Compare
clemyan
approved these changes
May 28, 2025
|
When do you expect this PR to be merged and released? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's the problem this PR addresses?
This PR resolves an issue where the
publishConfig.provenancefield inpackage.jsonwasn't being read correctly.Specifically:
publishConfig.provenance: truewas set inpackage.json, Yarn'snpm publishcommand wouldn't generate provenance statementsPublishConfiginterface hadprovenance?: booleandefined, theloadmethod inManifest.tswas missing the processing logic for theprovenancefield when handlingpublishConfigaccess,main,module,browser,registry,bin,executableFiles) were being processed correctly, butprovenancewas the only one being omittedHow did you fix it?
I added the following code to the
publishConfigprocessing section within theloadmethod inpackages/yarnpkg-core/sources/Manifest.ts:This fix ensures:
publishConfig.provenancefield inpackage.jsonis read correctly when it's a boolean valueworkspace.manifest.publishConfig.provenancenpm publishcommand (publish.tslines 109-120) functions properlyAdditionally, to ensure the accuracy of the fix, I added test cases to
packages/yarnpkg-core/tests/Manifest.test.ts:provenance: trueis setprovenance: falseis setWith this fix, when
publishConfig.provenanceis configured inpackage.json, provenance statements will be generated as expected.Checklist