sbp opened a new issue, #758: URL: https://github.com/apache/tooling-trusted-releases/issues/758
https://github.com/apache/tooling-trusted-releases/issues/607#issuecomment-3950281281 from @erisu: > I just noticed that this was resolved, but I wanted to find out if we can expand on it. Maybe make the npm package pattern name configurable, or add various other patterns to test. > > Maybe my use case is very specific, but I would like to get some feedback. Maybe I just need to modify things on my side after hearing your thoughts. > > Here is the most basic use case and how ATR is currently handling npm packages, as I understand it. > ### Example Use Case > > * Repo Name: `project-foobar` > > * NPM package name: `project-foobar` > > * Target Release Version: `1.0.0` > > > `npm pack` output would generate the following package file: `project-foobar-1.0.0.tgz` > > As I understand it, I beleive ATR is only checking `{package-name}-{version}.tgz`. > > Also, from the source package standpoint, I beleive I read we need to include "source" or "src" in the file name. In my case, I use `git archive` to create the `tar.gz` and `zip` tarballs and the output would look like this: > > * `project-foobar-source-1.0.0.tar.gz` (or `-src`, as I heard that's acceptable) > > > **Problem 1:** The package names are not consistent between source and convenience. **Problem 2:** If we were to generate other convenience packages it can become confusing what `project-foobar-1.0.0.tgz` represents. This is why I thought the best solution would be to include `-npm` in the name, making it `project-foobar-npm-1.0.0.tgz` which would also match the naming pattern for source. > ### More Complex Use Case (possibly) > > * Repo Name: `project-foobar` > > * NPM package name: `@apache/foobar-config` > > * Target Release Version: `1.0.0` > > > `npm pack` will output `apache-foobar-config-1.0.0.tgz`. > > Following the naming convention for source packages from the first **Example Use Case**, and including my suggestion to include the convenience package type, we would see the following tarballs: > > * `project-foobar-source-1.0.0.tar.gz` > > * `apache-foobar-config-npm-1.0.0.tgz` > > > I thought could be confusing to follow, especially in a directory tree, so in my workflow I was forcing the pattern to be consistent of for all packages: > > ``` > {repo-name}-{package-type}-{version}.{extension} > ``` > > I wasn't sure if I should open a new issue or leave some feedback here since I am now getting around to testing these changes, as I am working on a new release. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
