vscode/build/azure-pipelines/dependencies-check.yml

trigger: none

pr: none

parameters:
  - name: GITHUB_APP_ID
    type: string
  - name: GITHUB_APP_INSTALLATION_ID
    type: string
  - name: GITHUB_APP_PRIVATE_KEY
    type: string
  - name: GITHUB_CHECK_RUN_ID
    type: string

variables:
  - name: NPM_REGISTRY
    value: "https://pkgs.dev.azure.com/monacotools/Monaco/_packaging/vscode/npm/registry/"
  - name: VSCODE_QUALITY
    value: oss

jobs:
  - job: ValidateNpmPackages
    displayName: Validate package-lock.json, Cargo.lock changes via Azure DevOps pipeline
    pool:
      name: 1es-ubuntu-22.04-x64
      os: linux
    timeoutInMinutes: 1300
    variables:
      VSCODE_ARCH: x64
    steps:
      - task: NodeTool@0
        inputs:
          versionSource: fromFile
          versionFilePath: .nvmrc

      - script: |
          set -e
          echo "Checking if package.json or package-lock.json files were modified..."

          # Get the list of changed files in the PR
          git fetch origin main
          CHANGED_FILES=$(git diff --name-only origin/main...HEAD)
          echo "Changed files:"
          echo "$CHANGED_FILES"

          # Check if package.json or package-lock.json are in the changed files
          if echo "$CHANGED_FILES" | grep -E '(^|/)package(-lock)?\.json$'; then
            echo "##vso[task.setvariable variable=SHOULD_VALIDATE]true"
            echo "Package files were modified, proceeding with validation"
          else
            echo "##vso[task.setvariable variable=SHOULD_VALIDATE]false"
            echo "No package files were modified, skipping validation"
            echo "##vso[task.complete result=Succeeded;]Pipeline completed successfully - no package validation needed"
          fi
        displayName: Check if package files were modified

      - script: node build/setup-npm-registry.ts $NPM_REGISTRY
        condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'), eq(variables['SHOULD_VALIDATE'], 'true'))
        displayName: Setup NPM Registry

      - script: |
          set -e
          # Set the private NPM registry to the global npmrc file
          # so that authentication works for subfolders like build/, remote/, extensions/ etc
          # which does not have their own .npmrc file
          echo "NPMRC Path: $(npm config get userconfig)"
          echo "NPM Registry: $(npm config get registry)"
          npm config set registry "$NPM_REGISTRY"
          echo "##vso[task.setvariable variable=NPMRC_PATH]$(npm config get userconfig)"
        condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'), eq(variables['SHOULD_VALIDATE'], 'true'))
        displayName: Setup NPM

      - task: npmAuthenticate@0
        inputs:
          workingFile: $(NPMRC_PATH)
        condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'), eq(variables['SHOULD_VALIDATE'], 'true'))
        displayName: Setup NPM Authentication

      - script: sudo apt update -y && sudo apt install -y build-essential pkg-config libx11-dev libx11-xcb-dev libxkbfile-dev libnotify-bin libkrb5-dev
        displayName: Install build tools
        condition: and(succeeded(), eq(variables['SHOULD_VALIDATE'], 'true'))

      - script: |
          set -e

          for attempt in {1..120}; do
            if [ $attempt -gt 1 ]; then
              echo "Attempt $attempt: Waiting for 10 minutes before retrying..."
              sleep 600
            fi

            echo "Attempt $attempt: Running npm ci"
            if npm i --ignore-scripts; then
              if node build/npm/postinstall.ts; then
                echo "npm i succeeded on attempt $attempt"
                exit 0
              else
                echo "node build/npm/postinstall.ts failed on attempt $attempt"
              fi
            else
              echo "npm i failed on attempt $attempt"
            fi
          done

          echo "giving up after 120 attempts (20 hours)"
          exit 1
        env:
          npm_command: 'install --ignore-scripts'
          ELECTRON_SKIP_BINARY_DOWNLOAD: 1
          PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
          GITHUB_TOKEN: "$(github-distro-mixin-password)"
        displayName: Install dependencies with retries
        timeoutInMinutes: 1300
        condition: and(succeeded(), eq(variables['SHOULD_VALIDATE'], 'true'))

      - script: |
          set -e
          find . -name 'package-lock.json' -exec sed -i "s|$NPM_REGISTRY|https://registry.npmjs.org/|g" {} \;
        displayName: Restore registry URLs in package-lock.json
        condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'), eq(variables['SHOULD_VALIDATE'], 'true'))

      - script: .github/workflows/check-clean-git-state.sh
        displayName: Check clean git state
        condition: and(succeeded(), eq(variables['SHOULD_VALIDATE'], 'true'))

      - script: node build/azure-pipelines/update-dependencies-check.ts
        displayName: Update GitHub check run
        condition: always()
        env:
          GITHUB_APP_ID: ${{ parameters.GITHUB_APP_ID }}
          GITHUB_APP_INSTALLATION_ID: ${{ parameters.GITHUB_APP_INSTALLATION_ID }}
          GITHUB_APP_PRIVATE_KEY: ${{ parameters.GITHUB_APP_PRIVATE_KEY }}
          CHECK_RUN_ID: ${{ parameters.GITHUB_CHECK_RUN_ID }}
          AGENT_JOBSTATUS: $(Agent.JobStatus)