@npmcli/template-oss 3.2.0 → 3.3.0

package/lib/apply/apply-files.js

@@ -18,7 +18,7 @@ module.exports = [{
     options.config.repoFiles,
     options
   ),
-  when: ({ config: c }) => c.isForce || (c.needsUpdate && c.applyRepo),
+  when: ({ config: c }) => c.applyRepo && c.needsUpdate,
   name: 'apply-repo',
 }, {
   run: (options) => run(
@@ -26,6 +26,6 @@ module.exports = [{
     options.config.moduleFiles,
     options
   ),
-  when: ({ config: c }) => c.isForce || (c.needsUpdate && c.applyModule),
+  when: ({ config: c }) => c.applyModule && c.needsUpdate,
   name: 'apply-module',
 }]

package/lib/apply/apply-version.js

@@ -0,0 +1,26 @@
+const log = require('proc-log')
+const PackageJson = require('@npmcli/package-json')
+
+const run = async ({ config: c }) => {
+  const {
+    moduleDir: dir,
+    __CONFIG_KEY__: key,
+    __VERSION__: version,
+  } = c
+
+  log.verbose('apply-version', dir)
+
+  const pkg = await PackageJson.load(dir)
+  if (!pkg.content[key]) {
+    pkg.content[key] = { version }
+  } else {
+    pkg.content[key].version = version
+  }
+  await pkg.save()
+}
+
+module.exports = {
+  run,
+  when: ({ config: c }) => c.needsUpdate && !c.isDogFood,
+  name: 'apply-version',
+}

package/lib/apply/index.js

@@ -2,4 +2,5 @@ const run = require('../index.js')
 
 module.exports = (root, content) => run(root, content, [
   require('./apply-files.js'),
+  require('./apply-version.js'),
 ])

package/lib/config.js

@@ -56,6 +56,7 @@ const getConfig = async ({
   const isRoot = root === path
   const isLatest = version === LATEST_VERSION
   const isDogFood = pkg.name === NAME
+  const isForce = process.argv.includes('--force')
 
   // this is written to ci yml files so it needs to always use posix
   const pkgRelPath = makePosix(relative(root, path))
@@ -111,16 +112,18 @@ const getConfig = async ({
     pkgName: pkg.name,
     pkgNameFs: pkg.name.replace(/\//g, '-').replace(/@/g, ''),
     pkgRelPath: pkgRelPath,
-    // force changes if we are dogfooding this repo or with force argv
-    // XXX: setup proper cli arg parsing
-    isForce: isDogFood || process.argv.includes('--force'),
+    pkgPrivate: !!pkg.private,
+    // booleans to control application of updates
+    isForce,
+    isDogFood,
     isLatest,
-    needsUpdate: !isLatest,
+    // needs update if we are dogfooding this repo, with force argv, or its
+    // behind the current version
+    needsUpdate: isForce || isDogFood || !isLatest,
     // templateoss specific values
     __NAME__: NAME,
     __CONFIG_KEY__: CONFIG_KEY,
     __VERSION__: LATEST_VERSION,
-    __DOGFOOD__: isDogFood,
   }
 
   // merge the rest of base and pkg content to make the

package/lib/content/audit.yml

@@ -12,5 +12,5 @@ jobs:
     steps:
       {{> setupGit}}
       {{> setupNode}}
-      - run: npm i --ignore-scripts --package-lock
+      - run: npm i --ignore-scripts --no-audit --no-fund --package-lock
       - run: npm audit

package/lib/content/ci.yml

@@ -28,7 +28,7 @@ jobs:
     steps:
       {{> setupGit}}
       {{> setupNode}}
-      - run: npm i --ignore-scripts
+      - run: npm i --ignore-scripts --no-audit --no-fund
       - run: npm run lint {{~#if isWorkspace}} -w {{pkgName}}{{/if}}
 
   test:
@@ -55,5 +55,5 @@ jobs:
     steps:
       {{> setupGit}}
       {{> setupNode useMatrix=true}}
-      - run: npm i --ignore-scripts
+      - run: npm i --ignore-scripts --no-audit --no-fund
       - run: npm test --ignore-scripts {{~#if isWorkspace}} -w {{pkgName}}{{/if}}

package/lib/content/eslintrc.js

@@ -5,6 +5,7 @@ const localConfigs = readdir(__dirname)
   .map((file) => `./${file}`)
 
 module.exports = {
+  root: true,
   extends: [
     '@npmcli',
     ...localConfigs,

package/lib/content/index.js

@@ -38,7 +38,10 @@ const rootModule = {
 // Changes for each workspace but applied to the root of the repo
 const workspaceRepo = {
   add: {
-    '.github/workflows/release-please-{{pkgNameFs}}.yml': 'release-please.yml',
+    '.github/workflows/release-please-{{pkgNameFs}}.yml': {
+      file: 'release-please.yml',
+      filter: (o) => !o.pkg.private,
+    },
     '.github/workflows/ci-{{pkgNameFs}}.yml': 'ci.yml',
   },
 }
@@ -53,6 +56,7 @@ const workspaceModule = {
   rm: [
     '.npmrc',
     '.eslintrc.!(js|local.*)',
+    'SECURITY.md',
   ],
 }
 
@@ -65,6 +69,7 @@ module.exports = {
   branches: ['main', 'latest'],
   distPaths: ['bin/', 'lib/'],
   ciVersions: ['12.13.0', '12.x', '14.15.0', '14.x', '16.0.0', '16.x'],
+  lockfile: false,
   unwantedPackages: [
     'eslint',
     'eslint-plugin-node',

package/lib/content/npmrc

@@ -1 +1 @@
-package-lock=false
+package-lock={{lockfile}}

package/lib/content/pkg.json

@@ -7,8 +7,12 @@
     "template-oss-apply": "template-oss-apply --force",
     "lintfix": "npm run lint -- --fix",
     "preversion": "npm test",
+    {{#if pkgPrivate}}
+    "postversion": "git push origin --follow-tags",
+    {{else}}
     "postversion": "npm publish",
     "prepublishOnly": "git push origin --follow-tags",
+    {{/if}}
     "snap": "tap",
     "test": "tap",
     "posttest": "npm run lint",
@@ -20,7 +24,7 @@
     "node": {{{json engines}}}
   },
   {{{json __CONFIG_KEY__}}}: {
-    "version": {{#if __DOGFOOD__}}{{{del}}}{{else}}{{{json __VERSION__}}}{{/if}}
+    "version": {{#if isDogFood}}{{{del}}}{{else}}{{{json __VERSION__}}}{{/if}}
   },
   "templateVersion": {{{del}}},
   "standard": {{{del}}}

package/lib/content/post-dependabot.yml

@@ -3,13 +3,12 @@ name: Post Dependabot Actions
 on:
   pull_request
 
-# https://docs.github.com/en/rest/overview/permissions-required-for-github-apps
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
-  actions: write
   contents: write
 
 jobs:
-  Install:
+  template-oss-apply:
     runs-on: ubuntu-latest
     if: github.actor == 'dependabot[bot]'
     steps:
@@ -26,8 +25,9 @@ jobs:
           GITHUB_TOKEN: $\{{ secrets.GITHUB_TOKEN }}
         run: |
           gh pr checkout $\{{ github.event.pull_request.number }}
-          npm install --ignore-scripts
+          npm install --ignore-scripts --no-audit --no-fund
           npm run template-oss-apply
           git add .
           git commit -am "chore: postinstall for dependabot template-oss PR"
           git push
+          npm run lint

package/lib/content/release-please.yml

@@ -11,6 +11,11 @@ on:
       - {{.}}
       {{/each}}
 
+{{~#if isWorkspace}}
+permissions:
+  contents: write
+{{/if}}
+
 jobs:
   release-please:
     runs-on: ubuntu-latest
@@ -21,7 +26,10 @@ jobs:
           release-type: node
           {{#if pkgRelPath}}
           monorepo-tags: true
-          paths: {{pkgRelPath}}
+          path: {{pkgRelPath}}
+          # name can be removed after this is merged
+          # https://github.com/google-github-actions/release-please-action/pull/459
+          package-name: "{{pkgName}}"
           {{/if}}
           changelog-types: >
             [
@@ -29,3 +37,19 @@ jobs:
               {{{json .}}}{{#unless @last}},{{/unless}}
               {{/each}}
             ]
+      {{~#if isWorkspace}}
+      {{> setupGit}}
+      {{> setupNode}}
+      - name: Update package-lock.json and commit
+        if: steps.release.outputs.pr
+        env:
+          GITHUB_TOKEN: $\{{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr checkout $\{{ fromJSON(steps.release.outputs.pr).number }}
+          npm run resetdeps
+          title="$\{{ fromJSON(steps.release.outputs.pr).title }}"
+          # get the version from the pr title
+          # get everything after the last space
+          git commit -am "deps: {{pkgName}}@${title##* }"
+          git push
+      {{/if}}

package/lib/content/setup-node.yml

@@ -1,6 +1,9 @@
 - uses: actions/setup-node@v3
   with:
     node-version: {{#if useMatrix}}$\{{ matrix.node-version }}{{else}}{{#each ciVersions}}{{#if @last}}{{.}}{{/if}}{{/each}}{{/if}}
+    {{#if lockfile}}
+    cache: npm
+    {{/if}}
 {{#if useMatrix}}
 - name: Update to workable npm (windows)
   # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows

package/lib/util/files.js

@@ -9,13 +9,24 @@ const fullTarget = (dir, file, options) => join(dir, template(file, options))
 
 // given an obj of files, return the full target/source paths and associated parser
 const getParsers = (dir, files, options) => Object.entries(files).map(([t, s]) => {
-  let { file, parser: fileParser } = typeof s === 'string' ? { file: s } : s
-  const target = fullTarget(dir, t, options)
+  let {
+    file,
+    parser: fileParser,
+    filter,
+  } = typeof s === 'string' ? { file: s } : s
+
   file = join(options.config.sourceDir, file)
+  const target = fullTarget(dir, t, options)
+
+  if (typeof filter === 'function' && !filter(options)) {
+    return null
+  }
+
   if (fileParser) {
     // allow files to extend base parsers or create new ones
     return new (fileParser(Parser.Parsers))(target, file, options)
   }
+
   return new (Parser(file))(target, file, options)
 })
 
@@ -32,7 +43,9 @@ const rmEach = async (dir, files, options, fn) => {
 const parseEach = async (dir, files, options, fn) => {
   const res = []
   for (const parser of getParsers(dir, files, options)) {
-    res.push(await fn(parser))
+    if (parser) {
+      res.push(await fn(parser))
+    }
   }
   return res.filter(Boolean)
 }

package/lib/util/parser.js

@@ -249,7 +249,7 @@ class PackageJson extends JsonMerge {
         return unset(pkg.content, keys)
       }
     })
-    pkg.save()
+    await pkg.save()
   }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/template-oss",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "description": "templated files used in npm CLI team oss projects",
   "main": "lib/content/index.js",
   "bin": {
@@ -34,7 +34,7 @@
     "@npmcli/fs": "^2.0.1",
     "@npmcli/git": "^3.0.0",
     "@npmcli/map-workspaces": "^2.0.2",
-    "@npmcli/package-json": "^1.0.1",
+    "@npmcli/package-json": "^2.0.0",
     "diff": "^5.0.0",
     "handlebars": "^4.7.7",
     "hosted-git-info": "^5.0.0",
@@ -44,7 +44,7 @@
     "npm-package-arg": "^9.0.1",
     "proc-log": "^2.0.0",
     "semver": "^7.3.5",
-    "yaml": "^2.0.0-10"
+    "yaml": "^2.0.0-11"
   },
   "files": [
     "bin/",