@mui/internal-code-infra 0.0.4-canary.2 → 0.0.4-canary.20

package/src/utils/pnpm.mjs

@@ -48,6 +48,7 @@ import * as semver from 'semver';
  * @property {boolean} [publicOnly=false] - Whether to filter to only public packages
  * @property {boolean} [nonPublishedOnly=false] - Whether to filter to only non-published packages. It by default means public packages yet to be published.
  * @property {string} [cwd] - Current working directory to run pnpm command in
+ * @property {string[]} [filter] - Same as filtering packages with --filter in pnpm. Only include packages matching the filter. See https://pnpm.io/filtering.
  */
 
 /**
@@ -73,10 +74,15 @@ import * as semver from 'semver';
  * @returns {Promise<(PrivatePackage | PublicPackage)[]>} Array of packages
  */
 export async function getWorkspacePackages(options = {}) {
-  const { sinceRef = null, publicOnly = false, nonPublishedOnly = false } = options;
+  const { sinceRef = null, publicOnly = false, nonPublishedOnly = false, filter = [] } = options;
 
   // Build command with conditional filter
   const filterArg = sinceRef ? ['--filter', `...[${sinceRef}]`] : [];
+  if (filter.length > 0) {
+    filter.forEach((f) => {
+      filterArg.push('--filter', f);
+    });
+  }
   const result = options.cwd
     ? await $({ cwd: options.cwd })`pnpm ls -r --json --depth -1 ${filterArg}`
     : await $`pnpm ls -r --json --depth -1 ${filterArg}`;
@@ -172,7 +178,170 @@ export async function publishPackages(packages, options = {}) {
     args.push('--no-git-checks');
   }
 
-  await $({ stdio: 'inherit' })`pnpm -r publish --access public --tag=${tag} ${args}`;
+  await $({
+    stdio: 'inherit',
+    env: { npm_config_loglevel: 'warn' },
+  })`pnpm -r publish --access public --tag=${tag} ${args}`;
+}
+
+/**
+ * @typedef {Object} GetTransitiveDependenciesOptions
+ * @property {Map<string, string>} [workspacePathByName] - Map of workspace package name to directory path
+ * @property {boolean} [includeDev=true] - Whether to include devDependencies in the traversal
+ */
+
+/**
+ * Get all transitive workspace dependencies for a set of packages.
+ *
+ * Only follows deps whose version spec starts with `workspace:` (e.g. `workspace:*`
+ * or `workspace:^`), meaning they are sourced directly from the monorepo. Pinned
+ * external versions (e.g. `^1.0.0`) are ignored even when the package name exists
+ * in the workspace. Traverses `dependencies` and optionally `devDependencies`.
+ * Results are cached per package so each package is read from disk at most once
+ * regardless of how many roots depend on it.
+ *
+ * @param {string[]} packageNames - Package names to start the traversal from
+ * @param {GetTransitiveDependenciesOptions} [options]
+ * @returns {Promise<Set<string>>} All reachable workspace package names, including the input packages themselves
+ */
+export async function getTransitiveDependencies(packageNames, options = {}) {
+  const { includeDev = true, workspacePathByName = new Map() } = options;
+
+  /** @type {Map<string, Promise<Set<string>>>} */
+  const cache = new Map();
+
+  /**
+   * @param {string} packageName
+   * @returns {Promise<Set<string>>}
+   */
+  function collectDeps(packageName) {
+    const cached = cache.get(packageName);
+    if (cached) {
+      return cached;
+    }
+
+    const promise = (async () => {
+      const packagePath = workspacePathByName.get(packageName);
+      if (!packagePath) {
+        throw new Error(`Workspace "${packageName}" not found`);
+      }
+
+      const pkgJson = await readPackageJson(packagePath);
+      const allDepEntries = [
+        ...Object.entries(pkgJson.dependencies ?? {}),
+        ...(includeDev ? Object.entries(pkgJson.devDependencies ?? {}) : []),
+      ];
+      const workspaceDeps = allDepEntries
+        .filter(
+          ([dep, spec]) =>
+            workspacePathByName.has(dep) &&
+            typeof spec === 'string' &&
+            spec.startsWith('workspace:'),
+        )
+        .map(([dep]) => dep);
+
+      const recursiveResults = await Promise.all(workspaceDeps.map(collectDeps));
+      return new Set([...workspaceDeps, ...recursiveResults.flatMap((s) => [...s])]);
+    })();
+
+    cache.set(packageName, promise);
+    return promise;
+  }
+
+  for (const name of packageNames) {
+    if (!workspacePathByName.has(name)) {
+      throw new Error(`Workspace "${name}" not found`);
+    }
+  }
+
+  const results = await Promise.all(packageNames.map(collectDeps));
+  return new Set([...packageNames, ...results.flatMap((s) => [...s])]);
+}
+
+/**
+ * Pure validation logic: given a publish set and workspace maps, checks that all
+ * transitive hard workspace dependencies are covered and none are private.
+ *
+ * A hard dependency is one listed in `dependencies` (not `peerDependencies` or
+ * `devDependencies`) using a `workspace:` version specifier (e.g. `workspace:*` or
+ * `workspace:^`). Peer dependencies are never bundled and dev dependencies are not installed
+ * on consumer devices - both are excluded regardless of version specifier. Pinned-version
+ * references in `dependencies` are also excluded - they resolve from the registry and do
+ * not need to be co-published.
+ *
+ * @param {PublicPackage[]} packages - The packages intended for publishing
+ * @param {Map<string, PublicPackage | PrivatePackage>} workspacePackageByName - All workspace packages by name
+ * @param {Map<string, string>} workspacePathByName - Map of workspace package name to directory path
+ * @returns {Promise<{issues: string[]}>}
+ *   List of human-readable issue strings. Empty when the dependency set is valid.
+ * @internal
+ */
+export async function checkPublishDependencies(
+  packages,
+  workspacePackageByName,
+  workspacePathByName,
+) {
+  const publishedNames = new Set(packages.map((pkg) => pkg.name));
+
+  const transitiveDeps = await getTransitiveDependencies(
+    packages.map((pkg) => pkg.name),
+    { includeDev: false, workspacePathByName },
+  );
+
+  /** @type {Set<string>} */
+  const privateButRequired = new Set();
+  /** @type {Set<string>} */
+  const missingFromPublish = new Set();
+
+  for (const depName of transitiveDeps) {
+    if (publishedNames.has(depName)) {
+      continue;
+    }
+    const workspacePkg = workspacePackageByName.get(depName);
+    if (workspacePkg?.isPrivate) {
+      privateButRequired.add(depName);
+    } else {
+      missingFromPublish.add(depName);
+    }
+  }
+
+  /** @type {string[]} */
+  const issues = [];
+
+  if (privateButRequired.size > 0) {
+    issues.push(
+      `The following private workspace packages are required as dependencies but cannot be published: ${[...privateButRequired].join(', ')}`,
+    );
+  }
+
+  if (missingFromPublish.size > 0) {
+    issues.push(
+      `The following workspace packages are required as dependencies but are not included in the publish set: ${[...missingFromPublish].join(', ')}. Add them to the --filter list.`,
+    );
+  }
+
+  return { issues };
+}
+
+/**
+ * Validate that a set of packages covers all of their transitive hard workspace dependencies,
+ * and that none of those dependencies are private (which would make them unpublishable).
+ *
+ * @param {PublicPackage[]} packages - The packages intended for publishing
+ * @returns {Promise<{issues: string[]}>}
+ *   List of human-readable issue strings. Empty when the dependency set is valid.
+ */
+export async function validatePublishDependencies(packages) {
+  const allWorkspacePackages = await getWorkspacePackages();
+
+  const workspacePackageByName = /** @type {Map<string, PublicPackage | PrivatePackage>} */ (
+    new Map(allWorkspacePackages.flatMap((pkg) => (pkg.name ? [[pkg.name, pkg]] : [])))
+  );
+  const workspacePathByName = new Map(
+    allWorkspacePackages.flatMap((pkg) => (pkg.name ? [[pkg.name, pkg.path]] : [])),
+  );
+
+  return checkPublishDependencies(packages, workspacePackageByName, workspacePathByName);
 }
 
 /**