feat: e pr download-dist <number> #679
Conversation
src/e-pr.js
Outdated
| if (!(await fs.promises.stat(electronAppPath).catch(() => false))) { | ||
| fatal(`Electron.app not found within the extracted dist.zip.`); | ||
| return; | ||
| } |
There was a problem hiding this comment.
For Mac versions, do we want to automatically remove the quarantine with xattr -c Electron.app since the app will be unsigned, or do we want to leave that to the developer?
I suppose we could either prompt the caller, or add a CLI flag if it doesn't seem safe to automatically remove it
There was a problem hiding this comment.
I was also wondering about this. When I run the script, and double-click the .app, it doesn't seem to show me the popup about it being downloaded from the internet 🤔
There was a problem hiding this comment.
Maybe when I manually downloaded the artifact, that attribute was added by Chrome to the .zip and then propagated to the .app when I extracted the zip. If downloading it via a script doesn't encounter the same problem, then all the better :)
There was a problem hiding this comment.
- Can we implement this without it being a breaking change to
e pr? I know we don't guarantee CLI stability, but it's nice to avoid breaking it in case others are using it (such as other tooling like the Electron Build Tools VS Code extension) - This won't support Windows until we migrate from AppVeyor to GHA (should be soon), might be worth calling out
Agreed. I was able to find a way to do this in 9e2ad26 👍
For now this will fail when it can't the artifacts. |
There was a problem hiding this comment.
I'm a +1 on the general concept, but a couple of thoughts on the implementation:
- Would be nice if there was a built-in way to clean out downloaded artifacts so they don't build up over time.
- I think some guard rails around this would be good, to prevent a user from fat fingering a PR number and potentially running code they didn't intend to on their local machine. Perhaps a confirmation prompt that displays the title of the PR, the author, indicates if it's a fork, etc?
| @@ -28,6 +28,7 @@ | |||
| "command-exists": "^1.2.8", | |||
| "commander": "^9.0.0", | |||
| "debug": "^4.3.1", | |||
| "extract-zip": "^2.0.1", | |||
There was a problem hiding this comment.
extract-zip is unmaintained and the last release was 4 years ago, so I'd prefer to use a maintained alternative if we're adding a new dependency.
IMO https://www.npmjs.com/package/adm-zip is a solid alternative, and it can extract to a Buffer in-memory which could be useful to avoid the temp dir logic (at the expense of higher memory usage) and get straight to the dist.zip file. Quick pseudo-code example:
const distZipEntry = artifactZip.getEntry('dist.zip');
if (!distZipEntry) {
fatal(`dist.zip not found within the artifact.`);
return;
}
const distZip = new AdmZip(artifactZip.readFile(distZipEntry));
distZip.extractAllTo(outputDir);There was a problem hiding this comment.
This is validating actually 👍 I would have reached for that package first, but saw we were using extract-zip in many other places so I was aiming for consistency.
There was a problem hiding this comment.
Yea, historically we've used it but probably time to move on given it's unmaintained. I have loose plans to migrate our other usages of it as appropriate.
|
@dsanders11 here's sample output from the confirmation prompt I added I'm still thinking about how I want to approach cleaning up. Whether it should be another command or automatically checked each time any build-tools command is issued. Also, excellent recommendation with extracting in-memory. It cleaned up a lot of code! |
yarn.lock
Outdated
| "strip-ansi-cjs@npm:strip-ansi@^6.0.1": | ||
| version "6.0.1" | ||
| resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" | ||
| integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== | ||
| dependencies: | ||
| ansi-regex "^5.0.1" | ||
|
|
||
| strip-ansi@^6.0.0, strip-ansi@^6.0.1: | ||
| "strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: |
There was a problem hiding this comment.
I think you're using an older version of Yarn so these are getting folded back into one, which can actually cause some weird issues (not sure it will in this specific case). If I revert these changes and run yarn install with v1.22.22 the only change I get is the adm-zip addition.
There was a problem hiding this comment.
You're correct, I was on v1.22.17 🧠
I'll update and fix.
There was a problem hiding this comment.
@samuelmaddock, once you update this I'm good to go on merging. 👍
|
Opened #680 for cleaning up artifacts. |
|
Bad news regarding |
|
@samuelmaddock, ah, unfortunate. Thanks for the update, makes sense. |
There was a problem hiding this comment.
Blocking on the lockfile change regarding wrap-ansi and friends.
As another safety mechanism I think it would be good to not allow downloading dist for closed PRs. An option could allow it if we think that's a valid use case, but if someone puts up a malicious PR I don't want it to be easy to download the artifacts after we close it.
It's also not clear to me how this PR handles changes to PRs. I think the short SHA should be worked into the artifact names to avoid confusion? There's currently no indicator which commit the artifacts are for, which seems like a recipe for getting confused about which changes are running.
|
@dsanders11 how would you feel about a prompt like this regarding the closed PR issue |
|
@samuelmaddock, with that and the default being N, I think I'm good with that. 👍 |
| await extractZip(distZipPath, { dir: outputDir }); | ||
|
|
||
| const platformExecutables = { | ||
| win32: 'electron.exe', |
There was a problem hiding this comment.
As a heads up, we're looking at a PR in e/e right now to move Windows CI over to GitHub actions that might break this (I think we're changing win32 to win to align with GN upstream: electron/electron@510b87c), but I don't think we need to hold this PR on that change, we can update it after the e/e PR lands 🙂
There was a problem hiding this comment.
For consistency sake in electron/electron#44136, windows artifacts are going to use win instead of win32, so this PR will need to adjust the Windows artifacts names from process.platform to win.
Artifact names will be:
generated_artifacts_win_arm64
generated_artifacts_win_x64
generated_artifacts_win_x86
(eg see https://github.com/electron/electron/actions/runs/12286319546)
Co-authored-by: David Sanders <[email protected]>
samuelmaddock
force-pushed
the
pr-download
branch
from
1dbbd99 to
47acadb
Compare
|
@dsanders11 I've updated the artifact download directory to include the short commit hash (9884569): @VerteDinde @jkleinsc I've replaced win32 with win when downloading artifacts. 47acadb |
e pr download-dist <number>will download a pull request's dist artifacts to~/.electron_build_tools/artifacts/pr_{number}_{commithash}_{platform}_{arch}As a followup, we could add a
electron-fiddle://command to register it as a local build for easier testing. With that, this command could register the downloaded artifact.