|
1 | | -# package-import-method=hardlink |
2 | | -# module-exists will report false answers for the test apps |
3 | | -# unless we avoid hoisting |
4 | | -# while this is "true" this actually sets hoisting to "false" |
5 | | -# because we have a hoist-pattern. This basically just lets us |
6 | | -# use the very narrowly scoped hoist-pattern. |
7 | | -hoist=true |
8 | | -# Fastboot Doesnt respect node_modules resolution for whitelisted deps |
9 | | -# https://github.com/ember-fastboot/ember-cli-fastboot/issues/901 |
10 | | -hoist-pattern[]=*node-fetch* |
11 | | - |
12 | | -# we want true but cannot use true until the below issue is fixed |
13 | | -# https://github.com/pnpm/pnpm/issues/5340 |
14 | | -strict-peer-dependencies=true |
15 | | -auto-install-peers=false # probably apps should set this to true, but we need to test with it false to be sure we aren't the bad citizen |
16 | | -dedupe-peer-dependents=false # this currently introduces more bugs than it fixes |
17 | | -resolve-peers-from-workspace-root=false # if its not declared we don't want it resolved: ensure tests are truly isolated |
| 1 | +## Woo! A Config File! |
| 2 | +## |
| 3 | +## This file is used to configure the behavior of pnpm. |
| 4 | +## If adjusting settings, please document the "why" in comments. |
| 5 | +## |
| 6 | +## It may also be good to understand that we intentionally are |
| 7 | +## not using `hoisting` and using `injected` workspace packages |
| 8 | +## to ensure properly isolated dep trees for test apps. |
| 9 | +# |
| 10 | +## things like `moduleExists` from @embroider/macros will report false answers |
| 11 | +## for the test apps unless we avoid hoisting. |
| 12 | +## |
| 13 | +## Note, if we ever need to hoist something, we can use hoist-pattern[]="" |
| 14 | +## For instance: hoist-pattern[]=*node-fetch* |
| 15 | +## to hoist the specific thing we need and set this to `true`. When true |
| 16 | +## and a hoist-pattern is present only the hoist-pattern will be hoisted. |
| 17 | +# |
| 18 | +hoist=false |
| 19 | + |
| 20 | +## We should consider removing these |
| 21 | +## But historically this was the default for pnpm |
| 22 | +## and there is cleanup to do to make things work |
| 23 | +## without these |
| 24 | +## Its also just useful to have these tools top-level |
| 25 | +# |
| 26 | +public-hoist-pattern[]=*eslint* |
| 27 | +public-hoist-pattern[]=*prettier* |
| 28 | + |
| 29 | +## Ideally this would be dynamic as in CI we only have 4 CPUs |
| 30 | +## While locally we have 10-16 CPUs. The more CPUs we use during |
| 31 | +## install, generally the faster the install will be. |
| 32 | +## |
| 33 | +child-concurrency=10 |
| 34 | + |
| 35 | +## This is the default but its good to be explicit |
| 36 | +## This helps us to ensure we are using the workspace |
| 37 | +## version of a package. |
| 38 | +## |
18 | 39 | save-workspace-protocol=rolling |
| 40 | + |
| 41 | +## The current default is "highest" but we want to be explicit |
| 42 | +## Since we also just want to ensure we are always using the |
| 43 | +## latest versions of things we can. |
| 44 | +## |
19 | 45 | resolution-mode=highest |
20 | | -dedupe-direct-deps=true |
21 | | -child-concurrency=10 |
22 | | -ignore-dep-scripts=true |
23 | | -dedupe-injected-deps=false |
24 | | -link-workspace-packages=deep |
25 | | -hoist-workspace-packages=false |
| 46 | + |
| 47 | +## This is documented in a slightly different place in the pnpm |
| 48 | +## docs. If this setting is true (the default) then pnpm will |
| 49 | +## run the pre* and post* versions of a script when running other |
| 50 | +## scripts. For instance running "build" would also run "prebuild" |
| 51 | +## and "postbuild". This is not the behavior we want. |
| 52 | +## |
26 | 53 | enable-pre-post-scripts=false |
| 54 | + |
| 55 | +## We use volta to manage our node and pnpm versions, so we do not |
| 56 | +## want pnpm to manage these for us. |
| 57 | +## |
27 | 58 | manage-package-manager-versions=false |
| 59 | + |
| 60 | +## This is now the default but we want to be explicit |
| 61 | +## This prevents security exploits from packages running |
| 62 | +## arbitrary code during install. It also speeds up install times. |
| 63 | +## Our own packages will still run their installation scripts |
| 64 | +## |
| 65 | +ignore-dep-scripts=true |
| 66 | + |
| 67 | +## Make sure we don't troll ourselves when updating deps |
| 68 | +## |
| 69 | +verify-deps-before-run=true |
| 70 | + |
| 71 | +## We do not want to auto-install peers because |
| 72 | +## We want to ensure we understand what is actually required |
| 73 | +## So that if a consuming app uses strict mode things will work |
| 74 | +## |
| 75 | +## This said, Apps should probably set this to true |
| 76 | +## |
| 77 | +auto-install-peers=false |
| 78 | + |
| 79 | +## We want to error if we did not setup required peers correctly |
| 80 | +## However, this pnpm bug prevents us using this as it will |
| 81 | +## error when using `--no-lockfile` without reporting any errors |
| 82 | +## https://github.com/pnpm/pnpm/issues/8382 |
| 83 | +## |
| 84 | +strict-peer-dependencies=false |
| 85 | + |
| 86 | +## We use so many similarly grouped peers, we want to make the |
| 87 | +## peer-groups easier to distinguish. |
| 88 | +## This forces a shorter sha for all groups (vs the default of 1000) |
| 89 | +## |
| 90 | +peers-suffix-max-length=40 |
| 91 | +virtual-store-dir-max-length=40 |
| 92 | + |
| 93 | +## If a dependency is not declared, we do not want to accidentally |
| 94 | +## resolve it from the workspace root. This is a common source of |
| 95 | +## bugs in monorepos. |
| 96 | +## |
| 97 | +resolve-peers-from-workspace-root=false |
| 98 | + |
| 99 | +## Our Workspace Packages are "injected" so prevent |
| 100 | +## devDependencies from being exposed and to allow |
| 101 | +## for us to test optional peerDependencies. |
| 102 | +## |
28 | 103 | inject-workspace-packages=true |
29 | 104 |
|
30 | | -public-hoist-pattern[]=*eslint* |
31 | | -public-hoist-pattern[]=*prettier* |
| 105 | +## This also means we do not want to hoist them to the root |
| 106 | +## As this would both expose them to all other packages AND |
| 107 | +## results in them using symlinks instead of hardlinks |
| 108 | +## |
| 109 | +hoist-workspace-packages=false |
| 110 | + |
| 111 | +## We use the `workspace:*` protocol for all workspace |
| 112 | +## packages. |
| 113 | +## In theory it would be nice to use `deep` here just in case |
| 114 | +## we missed something so that we could tell pnpm to use the |
| 115 | +## workspace version of a package if it exists. At any depth. |
| 116 | +## |
| 117 | +## However, it seems that deep/true result in workspace packages |
| 118 | +## that are dependencies being symlinked instead of hardlinked |
| 119 | +## more often, even at the top-level of a package, which is not |
| 120 | +## what we want. |
| 121 | +## |
| 122 | +link-workspace-packages=false # deep |
| 123 | + |
| 124 | +## Update injected dependencies when needed |
| 125 | +## This will rerun after various "build" scripts |
| 126 | +## In our published packages. |
| 127 | +## |
| 128 | +## Unfortunately, this does not run after scripts in |
| 129 | +## the monorepo root, so we have added a special "sync" |
| 130 | +## script to handle this. |
| 131 | +## |
| 132 | +sync-injected-deps-after-scripts[]=build:pkg |
| 133 | +sync-injected-deps-after-scripts[]=build:infra |
| 134 | +sync-injected-deps-after-scripts[]=build:glint |
| 135 | +sync-injected-deps-after-scripts[]=sync |
| 136 | + |
| 137 | +## In keeping with our "no hoisting" and "no auto-peers" and |
| 138 | +## "isolated dep trees", we also want to avoid other things |
| 139 | +## that lead to reliance on hoisting. |
| 140 | +## In general, deduping leads to hoisting. This particular |
| 141 | +## setting causes direct-dependencies to resolve from the |
| 142 | +## workspace root if already in root. We don't want this. |
| 143 | +## |
| 144 | +dedupe-direct-deps=false |
| 145 | + |
| 146 | +## We do not want to dedupe peer dependencies as this |
| 147 | +## results in hoisting and violates optional peer isolation. |
| 148 | +## |
| 149 | +dedupe-peer-dependents=false |
| 150 | + |
| 151 | +## We do not want to dedupe injected dependencies as this |
| 152 | +## results in hoisting and violates optional peer isolation. |
| 153 | +## |
| 154 | +dedupe-injected-deps=false |
| 155 | + |
| 156 | +## Fin |
0 commit comments