test(xsnap): Verify npm install build process

[kriskowal]

refs: #9674

Description

In support of #9674, this change adds a regression test for npm install to increase our confidence that changes to build.js support both local development and eventual installation from npm.

Security Considerations

None.

Scaling Considerations

A design question for this is whether to use a temporary directory for the extracted package. I chose to use the default package since this speeds up non-initial test runs. Since tar xf overlays the package over the previous version, there’s a small chance that the deletion of a sensitive file might go unnoticed locally, but not in CI.

Documentation Considerations

None.

Testing Considerations

It’s a test, Bob.

Upgrade Considerations

None.

[cloudflare-workers-and-pages]

Deploying agoric-sdk with    Cloudflare Pages

Latest commit:	3035728
Status:	✅  Deploy successful!
Preview URL:	https://d5d85289.agoric-sdk.pages.dev
Branch Preview URL:	https://kriskowal-xsnap-install-test.agoric-sdk.pages.dev

View logs

[kriskowal]

This is an unabashèd shortcut, punting on the effort and thought that should go into extracting a utility for use in other packages or committing to a shared dependency that replaces the functionality. Whatever form that takes, we need to consider that the dependency will be a full dependency, not a devDependency, and assess risk accordingly. Given that there are intersecting changes in concurrent PRs, punt punt punt.

[gibson042]

I'm not worried about the speed of this test; following good practices (including cleanup) is more important. So 👍 to using a temp dir.

[gibson042]

Rather than extracting makeCLI, I recommend following userland's use of execa for testing as seen in e.g. fast-usdc.

Suggested change

	const npm = makeCLI('npm', { spawn });
	const tar = makeCLI('tar', { spawn });
	const npmRes = await npm.pipe(['pack', '--json']);
	const {
	0: { filename },
	} = JSON.parse(npmRes);
	await tar.run(['xf', filename]);
	await npm.run(['install'], { cwd: 'package' });
	const { stdout: npmRes } = await execa`npm pack --json`;
	const {
	0: { filename },
	} = JSON.parse(npmRes);
	await execa`tar xf ${filename}`;
	await execa({ cwd: 'package' })`npm install`;

[gibson042]

Making this more idiomatic would improve readability.

Suggested change

	const {
	0: { filename },
	} = JSON.parse(npmRes);
	const [{ filename }] = JSON.parse(npmRes);

[mhofman]

I'm confused how this test does not leave junk behind that the "clean worktree" CI test would trip on.

[kriskowal]

I'm confused how this test does not leave junk behind that the "clean worktree" CI test would trip on.

The clean worktree CI test occurs before this test generates the junk. Unless I’m confused. But, I will be moving the junk to a temporary directory for idempotence.

[mhofman]

The clean worktree CI test occurs before this test generates the junk. Unless I’m confused. But, I will be moving the junk to a temporary directory for idempotence.

#9804 was supposed to have fixed #5140. If that's not the case, I'd like to understand how it failed.

The test in which cd packages/xsnap && yarn test ran show it didn't find any dirty files. Maybe we're git ignoring the junk already?

[kriskowal]

#9804 was supposed to have fixed #5140. If that's not the case, I'd like to understand how it failed.

I see. I did not know we did our dirty check after running tests. The reason it succeeded is that this change, for unrelated reasons, adds package to packages/xsnap/.gitignore, which is the conventional name of the directory inside the tarball that npm pack generates, and the build script in there only creates files inside that package directory tree.

[mhofman]

adds package to packages/xsnap/.gitignore

Ah and the tgz is excluded in the root gitignore:

agoric-sdk/.gitignore

Lines 42 to 43 in a27f724

	# Output of 'npm pack'
	*.tgz