fix gha dependencies + more

.github/workflows/dependencies.yml

@@ -27,9 +27,9 @@ jobs:
       - name: Upgrade dependencies
         run: |
           pnpm --frozen-lockfile --ignore-scripts
-          npx talend-upgrade-deps --ignore-scripts
-          npx talend-upgrade-deps --scope=@talend --latest --ignore-scripts
-          npx talend-upgrade-deps --latest --dry > dependencies-latest.txt
+          pnpm talend-upgrade-deps --ignore-scripts
+          pnpm talend-upgrade-deps --scope=@talend --latest --ignore-scripts
+          pnpm talend-upgrade-deps --latest --dry > dependencies-latest.txt
           git add dependencies-latest.txt
 
       - name: Create Pull Request

package.json

@@ -5,6 +5,7 @@
     "@talend/scripts-config-prettier": "^12.1.0",
     "@talend/scripts-yarn-workspace": "^1.3.0",
     "@talend/scripts-core": "^16.2.0",
+    "@talend/upgrade-deps": "^2.1.0",
     "cross-env": "^7.0.3",
     "cross-spawn": "^7.0.3",
     "eslint": "^8.53.0",

tools/upgrade-deps/bin/cli.js

@@ -1,8 +1,7 @@
-#!/usr/bin/env node
 /* eslint-disable import/extensions */
-
 import fs from 'fs';
-import { upgradeYarnProject, upgradeNpmProject } from '../src/index.js';
+
+import { upgradeYarnProject, upgradeNpmProject, upgradePnpmProject } from '../src/index.js';
 
 const CWD = process.cwd();
 
@@ -13,13 +12,9 @@ const HELP_MSG = `talend-scripts upgrade [options]
 --starts-with=* to limit the check done in package.json and lock file. For example --scope=@talend/scripts-
 --dry changes are not applied
 --latest to force update regardeless of the package.json
---security=* the dependency security configuration. This mode is not compatible with any other option. For example --security=./security-conf.json
 --message=* the message you want in the changeset
 --ignore-scripts Do not run script on yarn/npm install and upgrade commands
 
-ALIASES:
---talend-major: equal to --filter=@talend --latest
---check: equal to --latest --dry
 
 Without any options you will upgrade your package.json respecting the current condition (so this is safe)
 So only the lock file should be changed after this command.`;
@@ -54,8 +49,12 @@ function upgradeDeps(options) {
 		upgradeYarnProject(program).then(() => process.exit(0));
 	} else if (fs.existsSync(`${CWD}/package-lock.json`)) {
 		upgradeNpmProject(program).then(() => process.exit(0));
+	} else if (fs.existsSync(`${CWD}/pnpm-lock.yaml`)) {
+		upgradePnpmProject(program).then(() => process.exit(0));
 	} else {
-		throw new Error('Update project without yarn.lock is not supported');
+		throw new Error(
+			'Update project without yarn.lock, package-lock.json or pnpm-lock.yaml is not supported',
+		);
 	}
 }
 

tools/upgrade-deps/src/index.js

@@ -1,15 +1,17 @@
 /* eslint-disable no-await-in-loop */
+
 /* eslint-disable no-restricted-syntax */
+
 /* eslint no-console: 0 */
 import { exec, spawnSync } from 'child_process';
 import fs from 'fs';
 import path from 'path';
 
+import changeset from './changeset.js';
 import colors from './colors.js';
 import npm from './npm.js';
+import pnpm from './pnpm.js';
 import yarn from './yarn.js';
-import changeset from './changeset.js';
-import { upgradeSecurityVersion } from './security.js';
 
 const CWD = process.cwd();
 
@@ -55,14 +57,13 @@ function getOptions(program) {
 		message: program.message,
 		ignoreScripts: program['ignore-scripts'],
 	};
-	if (program['talend-major']) {
-		opts.scope = '@talend';
-		opts.latest = true;
-	}
-	if (program.check) {
-		opts.latest = true;
-		opts.dry = true;
+
+	// Add way to manage pnpm workspace
+	const userAgent = process.env.npm_config_user_agent;
+	if (userAgent.startsWith('pnpm')) {
+		opts.workspace = program.workspace;
 	}
+
 	return opts;
 }
 
@@ -75,47 +76,6 @@ export async function upgradeYarnProject(program) {
 		return true;
 	}
 
-	if (program.security) {
-		if (opts.scope) {
-			throw new Error('Deps security fix mode is incompatible with "scope" option.');
-		}
-		if (opts.package) {
-			throw new Error('Deps security fix mode is incompatible with "package" option.');
-		}
-		if (opts.startsWith) {
-			throw new Error('Deps security fix mode is incompatible with "starts-with" option.');
-		}
-		if (opts.dry) {
-			throw new Error('Deps security fix mode is incompatible with "dry" option.');
-		}
-		if (opts.latest) {
-			throw new Error('Deps security fix mode is incompatible with "latest" option.');
-		}
-		if (opts.next) {
-			throw new Error('Deps security fix mode is incompatible with "next" option.');
-		}
-
-		const securityConfPath = path.join(CWD, program.security);
-		if (!fs.existsSync(securityConfPath)) {
-			throw new Error(
-				`Deps security fix mode requires a configuration file. "${program.security}" does not exist. Check the following link to get the configuration file format: https://github.com/Talend/ui-scripts/tree/master/packages/upgrade//README.md#security-mode`,
-			);
-		}
-		const packageMetadata = JSON.parse(fs.readFileSync(securityConfPath));
-		console.log('Security configuration found', packageMetadata);
-
-		const reportFilePath = path.join(process.cwd(), 'talend-security-report.json');
-		if (fs.existsSync(reportFilePath)) {
-			fs.rmSync(reportFilePath);
-		}
-
-		const { changed, reports } = await upgradeSecurityVersion(packageMetadata);
-		fs.writeFileSync(reportFilePath, JSON.stringify(reports, null, 2));
-		const reportLog = `echo "Dependency security done. Check the report: ${reportFilePath}"`;
-
-		return changed ? executeAll(['yarn install', reportLog]) : executeAll([reportLog]);
-	}
-
 	const changed = await npm.checkPackageJson(`${CWD}/package.json`, opts);
 	let yarnOpts = opts.ignoreScripts ? '--ignore-scripts' : '';
 	if (!opts.dry) {
@@ -135,6 +95,35 @@ export async function upgradeYarnProject(program) {
 	return true;
 }
 
+export async function upgradePnpmProject(program) {
+	const commands = [];
+	const opts = getOptions(program);
+	console.log('GET OPTIONS:', opts);
+
+	if (program.changeset && changeset.isSetup()) {
+		changeset.add(opts);
+		return true;
+	}
+
+	const changed = await npm.checkPackageJson(`${CWD}/package.json`, opts);
+	let pnpmOpts = opts.ignoreScripts ? '--ignore-scripts' : '';
+	if (!opts.dry) {
+		if (!opts.scope && !opts.package && !opts.startsWith) {
+			commands.unshift(`pnpm update ${pnpmOpts}`);
+			if (changed) {
+				commands.unshift(`pnpm install ${pnpmOpts}`);
+			}
+		} else {
+			await pnpm.removeFromLockFile(opts);
+			commands.unshift(`pnpm install ${pnpmOpts}`);
+		}
+		spawnSync('pnpm dedupe');
+		return executeAll(commands);
+	}
+
+	return true;
+}
+
 export async function upgradeNpmProject(program) {
 	const commands = [];
 	const opts = getOptions(program);

tools/upgrade-deps/src/npm.js

@@ -1,14 +1,17 @@
 /* eslint-disable no-console */
+
 /* eslint-disable no-param-reassign */
+
 /* eslint-disable no-await-in-loop, no-restricted-syntax */
+import { exec } from 'child_process';
 import fs from 'fs';
 import fsprom from 'fs/promises';
 import os from 'os';
-import util from 'util';
 import path from 'path';
-import { exec } from 'child_process';
 import semver from 'semver';
 import stripAnsi from 'strip-ansi';
+import util from 'util';
+
 import colors from './colors.js';
 
 const execProm = util.promisify(exec);
@@ -208,6 +211,24 @@ async function checkPackageJson(filePath, opts) {
 		} catch (error) {
 			console.error(error);
 		}
+	} else if (
+		fs.existsSync(`${path.dirname(filePath)}/pnpm-workspace.yaml`) &&
+		fs.existsSync(`${path.dirname(filePath)}/pnpm-lock.yaml`)
+	) {
+		try {
+			const list = await execProm('pnpm list -r --depth -1 --json');
+			if (list.stdout) {
+				const objInfo = JSON.parse(stripAnsi(list.stdout));
+				for (const pkgInfo of Object.values(objInfo)) {
+					if (path.join(pkgInfo.path, 'package.json') !== filePath) {
+						const result = await checkPackageJson(path.join(pkgInfo.path, 'package.json'), opts);
+						changed = changed || result;
+					}
+				}
+			}
+		} catch (error) {
+			console.error(error);
+		}
 	} else if (
 		pkgJson.content.workspaces &&
 		fs.existsSync(`${path.dirname(filePath)}/package-lock.json`)