Scope libyear-merged deps to the analyzed workspace (LIBTRACK-136)#36
Open
naarok wants to merge 5 commits into
Open
Scope libyear-merged deps to the analyzed workspace (LIBTRACK-136)#36naarok wants to merge 5 commits into
naarok wants to merge 5 commits into
Conversation
The LIBTRACK-136 fix (3a76c5e) resolved per-workspace current versions, but ~89% of uploaded rows for jobber-frontend still had a blank version. Cause: the "per-workspace" libyear files are the merged union of all workspaces' direct deps (libyear runs `pnpm list --json` + lodash-merge), and parse_libyear mints a standalone library record with an empty current_version for every libyear dep not in the analyzed workspace's resolved set. So each workspace was uploaded ~248 foreign packages with blank versions. Snapshot the resolved dependency set from add_all_libraries BEFORE parse_libyear (it previously snapshotted after, so the libyear union was already "known" and only Dependabot bleed was filtered), then filter parsed_results to that set in filter_to_workspace_packages. Guard the empty-set case so a pnpm list failure does not drop every library. parse_libyear is unchanged; meta_data is computed before filtering and is unaffected. Adds spec/pnpm_spec.rb coverage for: libyear-only deps dropped, in-workspace libyear deps retained + enriched, per-workspace distinctness, and the empty-set guard. Includes OpenSpec change scope-libyear-deps-to-workspace. Co-Authored-By: Amplify 2.1.1 <amplify@getjobber.com> Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Local verification against jobber-frontend revealed the empty-set guard was too
coarse: workspaces with no registry-versioned direct deps (only link:/workspace:
deps, or none — e.g. packages/tsconfig, packages/graphql-depth-limit-plugin, and
apps/harbour in a partial install) resolved to {} and the guard SKIPPED the
filter, re-emitting the whole ~215-entry libyear union as blank versions.
add_all_libraries now returns nil when the resolved set cannot be DETERMINED
(pnpm list failed, unparseable output, or no matching workspace entry) and an
(possibly empty) hash on success. Callers snapshot resolved&.keys&.to_set, and
filter_to_workspace_packages skips only when the snapshot is nil. An empty set
still filters, dropping the foreign libyear union instead of uploading blanks.
Verified across all 24 jobber-frontend workspaces: 0 blank current_version
(was ~89% blank); total libraries 1,270 -> 625. Updated specs and the OpenSpec
design/spec-delta to document the nil-vs-empty distinction. rspec: 124 examples,
0 failures.
Co-Authored-By: Amplify 2.1.1 <amplify@getjobber.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…RACK-136) `check_version_status.rb` always `require "google/apis/sheets_v4"`, and google-api-client -> representable needs multi_json at runtime but doesn't declare it. The earlier fix added multi_json only to this gem's Gemfile, which fixes the gem's own rspec but NOT consumers: jobber-frontend's bin/Gemfile resolves against the gemspec, so `analyze` crashes with "multi_json is not part of the bundle". Move the declaration to the gemspec (single source of truth) so it propagates to any consumer bundle. Gemfile lock is unchanged. rspec: 124 examples, 0 failures; `require "google/apis/sheets_v4"` loads cleanly. Co-Authored-By: Amplify 2.1.1 <amplify@getjobber.com> Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Reconciles version.rb (was 1.4.7, behind the consumed v1.5.2 tag) and records the LIBTRACK-136 workspace-scoping + multi_json changes in the changelog. Tag v1.5.4 after merge, then bump jobber-frontend's bin/Gemfile to consume it. Co-Authored-By: Amplify 2.1.1 <amplify@getjobber.com> Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Folds the workspace-scoping requirement into the pnpm-version-analysis spec and moves the change under openspec/changes/archive/. Release/rollout tasks (5.x) remain as post-merge follow-ups, consistent with how the prior LIBTRACK-136 fix was archived. Co-Authored-By: Amplify 2.1.1 <amplify@getjobber.com> Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The earlier LIBTRACK-136 fix (
3a76c5e) resolved per-workspace current versions frompnpm list --json, but ~89% of uploaded rows forjobber-frontend(repo 34) still had a blank version.Root cause is a separate defect that fix scoped out ("Non-Goal: changing libyear sourcing"):
parse_libyearmints a standalone library record with an emptycurrent_versionfor every libyear-reported dependency not in the analyzed workspace's resolved set. Because libyear's "per-workspace" files are actually the merged union of all workspaces' direct deps (libyear 0.8.0 runspnpm list --json+ lodash-merge, and its JSON has no installed version), every workspace was uploaded ~248 foreign packages with blank versions.Evidence (post-fix CSV, repo 34): 6,725 rows, 5,975 (89%) blank; a near-constant ~248-name set blank in every workspace, each name versioned only in the 1–3 workspaces where it's a real dependency.
What changed
add_all_librariesbeforeparse_libyear(it previously snapshotted after, so the libyear union was already "known" and only Dependabot bleed got filtered).filter_to_workspace_packagesnow drops libyear-only / Dependabot-only names not in that resolved set, with a guard that skips filtering (rather than wiping everything) when the resolved set is empty.parse_libyearis unchanged;meta_datais computed before filtering and is unaffected.Tests
bundle exec rspec→ 120 examples, 0 failures (116 prior + 4 new: foreign-dep drop, in-workspace enrich, per-workspace distinctness, empty-set guard).Follow-ups (not in this PR)
library_trackingPR (cleanup-blank-library-versions); run that cleanup after this ships and produces ≥1 clean nightly.jobber-frontendbin/Gemfiletag bump.npm.rb/gemfile.rbshare the sameparse_libyearpattern (out of scope).OpenSpec change:
scope-libyear-deps-to-workspace.Co-Authored-By: Amplify 2.1.1 amplify@getjobber.com
🤖 Generated with Claude Code