If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Problem
When a developer adds, removes, or updates a package in a PR, there will always be a diff in package.json and package-lock.json, and the changes in both must be committed. Depending on the package, there may or may not be a diff in ios/Podfile.lock as well. Sometimes developers forget to run pod install when modifying a package, so the potential diff in ios/Podfile.lock is not caught until after the PR is merged and a different developer runs pod install. This can lead to confusion.
We have an existing GitHub Action workflow verifyPodfile.yml that uses the script (verifyPodfile.sh)[https://github.com/Expensify/App/blob/main/.github/scripts/verifyPodfile.sh] to verify that Podfile.lock is in sync with Podfile (by getting the checksum for Podfile and ensuring it matches what is printed in Podfile.lock), but that does nothing to catch the case as outlined above.
Solution
Add some sort of automated check to prevent the merging of a PR that causes Podfile.lock to be modified but does not have the diff committed.
This could be a modification to the verifyPodfile script, an entirely new CI check, or anything else really that accomplishes the goal.
Requirements
- Avoid solutions that would require workflow changes for developers, e.g. forcing everyone onto the same cocoapods version, or having to run
bundle exec pod install instead of pod install. We have a large developer community which makes it challenging to communicate and enforce process changes like these.
- It should be automated (e.g. not something vulnerable to human error, like simply adding another checkbox to our PR checklist)
Upwork Automation - Do Not Edit
- Upwork Job URL: https://www.upwork.com/jobs/~01baa80d227834e4fb
- Upwork Job ID: 1600941999446802432
- Last Price Increase: 2022-12-19
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Problem
When a developer adds, removes, or updates a package in a PR, there will always be a diff in
package.jsonandpackage-lock.json, and the changes in both must be committed. Depending on the package, there may or may not be a diff inios/Podfile.lockas well. Sometimes developers forget to runpod installwhen modifying a package, so the potential diff inios/Podfile.lockis not caught until after the PR is merged and a different developer runspod install. This can lead to confusion.We have an existing GitHub Action workflow verifyPodfile.yml that uses the script (verifyPodfile.sh)[https://github.com/Expensify/App/blob/main/.github/scripts/verifyPodfile.sh] to verify that
Podfile.lockis in sync withPodfile(by getting the checksum forPodfileand ensuring it matches what is printed inPodfile.lock), but that does nothing to catch the case as outlined above.Solution
Add some sort of automated check to prevent the merging of a PR that causes
Podfile.lockto be modified but does not have the diff committed.This could be a modification to the
verifyPodfilescript, an entirely new CI check, or anything else really that accomplishes the goal.Requirements
bundle exec pod installinstead ofpod install. We have a large developer community which makes it challenging to communicate and enforce process changes like these.Upwork Automation - Do Not Edit