Use for '--ignore-scripts' for all npm ci & npm install (graphql#3405)

IvanGoncharov · web-flow · commit 947165fc33e3 · 2021-12-04T22:12:01.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,7 +17,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Lint ESLint
         run: npm run lint
@@ -62,7 +62,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
 
       - name: Run npm install
-        run: npm install --engine-strict --strict-peer-deps
+        run: npm install --ignore-scripts --engine-strict --strict-peer-deps
 
       - name: Check that package-lock.json is in sync with package.json
         run: git diff --exit-code package-lock.json
@@ -85,7 +85,7 @@ jobs:
           # so we skip cache action to not pollute cache for other jobs.
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Run Integration Tests
         run: npm run check:integrations
@@ -104,7 +104,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Run Tests
         run: npm run fuzzonly
@@ -123,7 +123,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Run tests and measure code coverage
         run: npm run testonly:cover
@@ -152,7 +152,7 @@ jobs:
           node-version: ${{ matrix.node_version_to_setup }}
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Run Tests
         run: npm run testonly
@@ -173,7 +173,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Run Benchmark
         run: 'npm run benchmark -- --revs HEAD HEAD~1'
@@ -194,7 +194,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Generate report
         run: 'node resources/diff-npm-package.js $BASE_COMMIT HEAD'
@@ -227,7 +227,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Build NPM package
         run: npm run build:npm
@@ -256,7 +256,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Build Deno package
         run: npm run build:deno
diff --git a/benchmark/benchmark.js b/benchmark/benchmark.js
@@ -58,9 +58,10 @@ function prepareBenchmarkProjects(revisionList) {
       path.join(projectPath, 'package.json'),
       '{ "private": true }',
     );
-    exec('npm --quiet install ' + prepareNPMPackage(revision), {
-      cwd: projectPath,
-    });
+    exec(
+      'npm --quiet install --ignore-scripts ' + prepareNPMPackage(revision),
+      { cwd: projectPath },
+    );
     exec(`cp -R ${localDir('benchmark')} ${projectPath}`);
 
     return { revision, projectPath };
@@ -86,7 +87,7 @@ function prepareBenchmarkProjects(revisionList) {
     fs.rmSync(repoDir, { recursive: true, force: true });
     fs.mkdirSync(repoDir);
     exec(`git archive "${hash}" | tar -xC "${repoDir}"`);
-    exec('npm --quiet ci', { cwd: repoDir });
+    exec('npm --quiet ci --ignore-scripts', { cwd: repoDir });
     fs.renameSync(buildNPMArchive(repoDir), archivePath);
     fs.rmSync(repoDir, { recursive: true });
     return archivePath;
diff --git a/integrationTests/integration-test.js b/integrationTests/integration-test.js
@@ -37,6 +37,7 @@ describe('Integration Tests', () => {
       exec(`cp -R ${projectPath} ${tmpDir}`);
 
       const cwd = path.join(tmpDir, projectName);
+      // TODO: figure out a way to run it with --ignore-scripts
       exec('npm --quiet install', { cwd, stdio: 'inherit' });
       exec('npm --quiet test', { cwd, stdio: 'inherit' });
     }).timeout(60000);
diff --git a/package.json b/package.json
@@ -30,7 +30,7 @@
     "node": "^12.22.0 || ^14.16.0 || >=16.0.0"
   },
   "scripts": {
-    "preversion": ". ./resources/checkgit.sh && npm ci",
+    "preversion": ". ./resources/checkgit.sh && npm ci --ignore-scripts",
     "version": "node resources/gen-version.js && npm test && git add src/version.ts",
     "fuzzonly": "mocha --full-trace src/**/__tests__/**/*-fuzz.ts",
     "changelog": "node resources/gen-changelog.js",
diff --git a/resources/diff-npm-package.js b/resources/diff-npm-package.js
@@ -89,7 +89,7 @@ function prepareNPMPackage(revision) {
   fs.rmSync(repoDir, { recursive: true, force: true });
   fs.mkdirSync(repoDir);
   exec(`git archive "${hash}" | tar -xC "${repoDir}"`);
-  exec('npm --quiet ci', { cwd: repoDir });
+  exec('npm --quiet ci --ignore-scripts', { cwd: repoDir });
   exec('npm --quiet run build:npm', { cwd: repoDir });
   return path.join(repoDir, 'npmDist');
 }

Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ function prepareNPMPackage(revision) {`
`89`	`89`	`fs.rmSync(repoDir, { recursive: true, force: true });`
`90`	`90`	`fs.mkdirSync(repoDir);`
`91`	`91`	exec(`git archive "${hash}" \| tar -xC "${repoDir}"`);
`92`		`- exec('npm --quiet ci', { cwd: repoDir });`
	`92`	`+ exec('npm --quiet ci --ignore-scripts', { cwd: repoDir });`
`93`	`93`	`exec('npm --quiet run build:npm', { cwd: repoDir });`
`94`	`94`	`return path.join(repoDir, 'npmDist');`
`95`	`95`	`}`