Describe the user story
As a developer in a restricted corporate environment, I use Renovate to keep dependencies up to date across our repos. To update yarn, renovate uses yarn set version <version string> -- however, this poses a problem for us because our network can't reach repo.yarnpkg.com.
Describe the solution you'd like
yarn set version --from-registry <url> flag and versionNpmRegistryUrl config setting
Allow resolving Yarn versions against a private npm registry instead of repo.yarnpkg.com. When set, yarn set version 4.14.1 would query the configured registry for @yarnpkg/cli-dist@4.14.1, download the tarball, and extract the bundle from it.
The flag allows one-off use, the config setting makes it permanent so one can just call yarn set version <version> without extra arguments:
# .yarnrc.yml
versionNpmRegistryUrl: "https://registry.internal.com/api/npm/npm-mirror/"
# or one-off
yarn set version 4.14.1 --from-registry https://registry.internal.com/api/npm/npm-mirror/
When using the config setting or flag for the registry URL, auth would be handled through the existing registry npmAuthToken/npmRegistries auth configurations.
Describe the drawbacks of your solution
- Adds a dependency on the npm registry API within
version for resolving @yarnpkg/cli-dist metadata. Currently version only hits repo.yarnpkg.com. The registry resolution would need to fetch the package metadata JSON and extract the tarball URL for the requested version.
- The
@yarnpkg/cli-dist package name is hardcoded as the expected package.
- some of the tags like stable, classic, latest canary would not work unless they are created in npm
Describe alternatives you've considered
Why not a plugin? yarn set version is in plugin-essentials, bundled with every Yarn install, and is the defacto way to install new yarn versions. A separate command or plugin could be implemented, but it would duplicate a lot and not be compatbile with the ecosystem (e.g. renovate).
URL template flag. Something like --url-template "https://registry.com/yarn/{}/yarn-{}.tgz" where {} gets replaced with the version. Simpler than npm registry integration but more brittle -- it assumes a specific URL layout per registry, would need to have tgz file type detection (how do you tell a compressed js file from a tarball?), and doesn't leverage existing npm auth configuration. Existing tools would need to be updated to leverage this option. The npm registry approach is more standard and lets you reuse npmRegistries/npmAuthToken settings you already have.
Describe the user story
As a developer in a restricted corporate environment, I use Renovate to keep dependencies up to date across our repos. To update yarn, renovate uses
yarn set version <version string>-- however, this poses a problem for us because our network can't reachrepo.yarnpkg.com.Describe the solution you'd like
yarn set version --from-registry <url>flag andversionNpmRegistryUrlconfig settingAllow resolving Yarn versions against a private npm registry instead of
repo.yarnpkg.com. When set,yarn set version 4.14.1would query the configured registry for@yarnpkg/cli-dist@4.14.1, download the tarball, and extract the bundle from it.The flag allows one-off use, the config setting makes it permanent so one can just call
yarn set version <version>without extra arguments:When using the config setting or flag for the registry URL, auth would be handled through the existing registry
npmAuthToken/npmRegistriesauth configurations.Describe the drawbacks of your solution
versionfor resolving@yarnpkg/cli-distmetadata. Currentlyversiononly hitsrepo.yarnpkg.com. The registry resolution would need to fetch the package metadata JSON and extract the tarball URL for the requested version.@yarnpkg/cli-distpackage name is hardcoded as the expected package.Describe alternatives you've considered
Why not a plugin?
yarn set versionis inplugin-essentials, bundled with every Yarn install, and is the defacto way to install new yarn versions. A separate command or plugin could be implemented, but it would duplicate a lot and not be compatbile with the ecosystem (e.g. renovate).URL template flag. Something like
--url-template "https://registry.com/yarn/{}/yarn-{}.tgz"where{}gets replaced with the version. Simpler than npm registry integration but more brittle -- it assumes a specific URL layout per registry, would need to have tgz file type detection (how do you tell a compressed js file from a tarball?), and doesn't leverage existing npm auth configuration. Existing tools would need to be updated to leverage this option. The npm registry approach is more standard and lets you reusenpmRegistries/npmAuthTokensettings you already have.