search

jfrog / jfrog-cli

JFrog CLI is a client that provides a simple interface that automates access to the JFrog products.
https://www.jfrog.com/confluence/display/CLI/JFrog+CLI
Apache License 2.0
532 stars 234 forks source link

Allow option to disable the 'npm ls' command being triggered in the background during JFrog CLI run ( NPM ) #1555

Open VigneshC-Jfrog opened 2 years ago

VigneshC-Jfrog commented 2 years ago

Is your feature request related to a problem? Please describe.

While triggering the NPM install command via JFrog CLI in Jenkins, it internally calls the "npm ls" command which would show warning messages related to discrepancies within the dependencies defined in the package.json ( if any ). Attaching the sample snippet and warning messages for reference:

Snippet:

sh('#!/bin/sh -e\n' + "jfrog rt c art-server --url=<artifactory-url> --user=${USERNAME} --password=${PASSWORD}")

sh "jfrog rt use art-server"

sh "jfrog rt npmc --server-id-resolve='art-server' --server-id-deploy='art-server' --repo-resolve='npm-repo' --repo-deploy='npm-repo'"

sh "jfrog rt npm-install --no-shrinkwrap --build-name=${BUILD_NAME} --build-number=${BUILD_NUMBER}"

JFrog CLI logs:

[Warn] npm list command failed with error: exit status 1
[Warn] Some errors occurred while collecting dependencies info:
npm ERR! peer dep missing: ajv@^6.9.1, required by [ajv-keywords@3.5.2](mailto:ajv-keywords@3.5.2)
npm ERR! peer dep missing: ajv@^6.9.1, required by [ajv-keywords@3.5.2](mailto:ajv-keywords@3.5.2)
npm ERR! peer dep missing: ajv@^6.9.1, required by [ajv-keywords@3.5.2](mailto:ajv-keywords@3.5.2)

[Warn] npm dependencies list contains the package 'ajv' without version information. The dependency will not be added to build-info.
[Warn] npm dependencies list contains the package 'ajv' without version information. The dependency will not be added to build-info.
[Warn] npm dependencies list contains the package 'ajv' without version information. The dependency will not be added to build-info.
[Warn] npm list command failed with error: exit status 1
[Warn] Some errors occurred while collecting dependencies info:
npm ERR! peer dep missing: @angular/common@^12.0.0, required by @angular-material-components/[moment-adapter@6.0.0](mailto:moment-adapter@6.0.0)
npm ERR! peer dep missing: @angular/common@^9.0.0, required by [ag-grid-angular@23.2.1](mailto:ag-grid-angular@23.2.1)
npm ERR! peer dep missing: @angular/compiler@>=2.3.1 <13.0.0 || ^12.0.0-next || ^12.1.0-next || ^12.2.0-next, required by [codelyzer@6.0.2](mailto:codelyzer@6.0.2)
npm ERR! peer dep missing: @angular/core@^12.0.0, required by @angular-material-components/[moment-adapter@6.0.0](mailto:moment-adapter@6.0.0)
npm ERR! peer dep missing: @angular/core@^9.0.0, required by [ag-grid-angular@23.2.1](mailto:ag-grid-angular@23.2.1)
npm ERR! peer dep missing: @angular/core@>=2.3.1 <13.0.0 || ^12.0.0-next || ^12.1.0-next || ^12.2.0-next, required by [codelyzer@6.0.2](mailto:codelyzer@6.0.2)

[Warn] npm dependencies list contains the package '@angular/common' without version information. The dependency will not be added to build-info.
[Warn] npm dependencies list contains the package '@angular/compiler' without version information. The dependency will not be added to build-info.
[Warn] npm dependencies list contains the package '@angular/core' without version information. The dependency will not be added to build-info.

Describe the solution you'd like to see

Customers would like to disable the 'npm ls' command to be triggered in the background by default as these warning messages might cause confusion to the users who are managing the pipeline jobs

Describe alternatives you've considered

We can set the log level to error by setting the following environment variable ( link ).

JFROG_CLI_LOG_LEVEL=ERROR

pniederlag commented 1 year ago

we currently run into issues with 'jfrog npm ci' as well because "npm ls --json --all --long" yields errors and seems to be running. For - yet unknown reasons - "npm ls" seems to be triggered only when build-name/number/url are set.

yahavi commented 1 year ago

@pniederlag The npm ls command runs when the JFrog CLI is asked to collect and publish build-info for npm. It uses the output to build the dependency list for the build-info. To prevent running this command, remove the --build-name and the --build-number flags.

Please let me know if that helped.

pniederlag commented 1 year ago

@pniederlag The npm ls command runs when the JFrog CLI is asked to collect and publish build-info for npm. It uses the output to build the dependency list for the build-info. To prevent running this command, remove the --build-name and the --build-number flags.

Please let me know if that helped.

It helps but seems quite unintuitive. We have JFROG_CLI_BUILD_NAME and JFROG_CLI_BUILD_NUMBER as environment-variables during CI-Run und now must find a way to disable this behaviour. Would be way cleaner if there was an explicit switch or toggle for activating/deactivating integration of build-dependencies.

pniederlag commented 1 year ago

@yahavi pls also note that there is a somwhat anoying bug in upstream npm wit "npm ls --all --long" on any npm version I have checked, see this report for details and a simple testcase to trigger it: https://github.com/npm/cli/issues/5961