elastic · jportner · Jan 27, 2020 · Jan 21, 2020 · Jan 22, 2020 · Jan 22, 2020
diff --git a/packages/elastic-datemath/yarn.lock b/packages/elastic-datemath/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-babel-code-parser/yarn.lock b/packages/kbn-babel-code-parser/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-babel-preset/yarn.lock b/packages/kbn-babel-preset/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-dev-utils/yarn.lock b/packages/kbn-dev-utils/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-es/yarn.lock b/packages/kbn-es/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-eslint-import-resolver-kibana/yarn.lock b/packages/kbn-eslint-import-resolver-kibana/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-eslint-plugin-eslint/yarn.lock b/packages/kbn-eslint-plugin-eslint/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-i18n/yarn.lock b/packages/kbn-i18n/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-interpreter/yarn.lock b/packages/kbn-interpreter/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-plugin-generator/yarn.lock b/packages/kbn-plugin-generator/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-plugin-helpers/yarn.lock b/packages/kbn-plugin-helpers/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-pm/yarn.lock b/packages/kbn-pm/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-spec-to-console/yarn.lock b/packages/kbn-spec-to-console/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-storybook/yarn.lock b/packages/kbn-storybook/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-test/yarn.lock b/packages/kbn-test/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-ui-framework/yarn.lock b/packages/kbn-ui-framework/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/packages/kbn-utility-types/yarn.lock b/packages/kbn-utility-types/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/scripts/check_lockfile_symlinks.js b/scripts/check_lockfile_symlinks.js
@@ -0,0 +1,21 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+require('../src/setup_node_env');
+require('../src/dev/run_check_lockfile_symlinks');
diff --git a/src/dev/precommit_hook/check_lockfile_symlinks.js b/src/dev/precommit_hook/check_lockfile_symlinks.js
@@ -0,0 +1,149 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { dirname } from 'path';
+import { existsSync, lstatSync, readFileSync } from 'fs';
+
+import { createFailError } from '@kbn/dev-utils';
+import { matchesAnyGlob } from '../globs';
+
+import { LOCKFILE_GLOBS, MANIFEST_GLOBS, IGNORE_FILE_GLOBS } from './lockfile_check_config';
+
+function listPaths(paths) {
+  return paths.map(path => ` - ${path}`).join('\n');
+}
+
+async function checkProhibitedLockfiles(log, files) {
+  const errorPaths = [];
+
+  files
+    .filter(file => matchesAnyGlob(file.getRelativePath(), LOCKFILE_GLOBS))
+    .forEach(file => {
+      const path = file.getRelativePath();
+      const parent = dirname(path);
+      const stats = lstatSync(path);
+      if (!stats.isSymbolicLink() && parent !== '.') {
+        errorPaths.push(path);
+      }
+    });
+
+  if (errorPaths.length) {
+    throw createFailError(
+      `These directories MUST NOT have a 'yarn.lock' file:\n${listPaths(errorPaths)}`
+    );
+  }
+}
+
+async function checkSuperfluousSymlinks(log, files) {
+  const errorPaths = [];
+
+  files
+    .filter(file => matchesAnyGlob(file.getRelativePath(), LOCKFILE_GLOBS))
+    .forEach(file => {
+      const path = file.getRelativePath();
+      const parent = dirname(path);
+      const stats = lstatSync(path);
+      if (!stats.isSymbolicLink()) {
+        return;
+      }
+
+      const manifestPath = `${parent}/package.json`;
+      if (!existsSync(manifestPath)) {
+        log.warning(
+          `No manifest found at '${manifestPath}', but found an adjacent 'yarn.lock' symlink.`
+        );
+        errorPaths.push(path);
+        return;
+      }
+
+      try {
+        const manifest = readFileSync(manifestPath);
+        try {
+          const json = JSON.parse(manifest);
+          if (!json.dependencies || !Object.keys(json.dependencies).length) {
+            log.warning(
+              `Manifest at '${manifestPath}' has no dependencies, but found an adjacent 'yarn.lock' symlink.`
+            );
+            errorPaths.push(path);
+          }
+        } catch (err) {
+          log.warning(
+            `Could not parse JSON at '${manifestPath}', but found an adjacent 'yarn.lock' symlink.`
+          );
+          errorPaths.push(path);
+        }
+      } catch (err) {
+        log.warning(
+          `Could not read manifest at '${manifestPath}', but found an adjacent 'yarn.lock' symlink.`
+        );
+        errorPaths.push(path);
+      }
+    });
+
+  if (errorPaths.length) {
+    throw createFailError(
+      `These directories MUST NOT have a 'yarn.lock' symlink:\n${listPaths(errorPaths)}`
+    );
+  }
+}
+
+async function checkMissingSymlinks(log, files) {
+  const errorPaths = [];
+
+  files
+    .filter(file => matchesAnyGlob(file.getRelativePath(), MANIFEST_GLOBS))
+    .forEach(file => {
+      const path = file.getRelativePath();
+      const parent = dirname(path);
+      const lockfilePath = `${parent}/yarn.lock`;
+      if (existsSync(lockfilePath)) {
+        return;
+      }
+
+      try {
+        const manifest = readFileSync(path);
+        try {
+          const json = JSON.parse(manifest);
+          if (json.dependencies && Object.keys(json.dependencies).length) {
+            log.warning(
+              `Manifest at '${path}' has dependencies, but did not find an adjacent 'yarn.lock' symlink.`
+            );
+            errorPaths.push(`${parent}/yarn.lock`);
+          }
+        } catch (err) {
+          log.warning(`Could not parse JSON at '${path}'.`);
+        }
+      } catch (err) {
+        log.warning(`Could not read manifest at '${path}'.`);
+      }
+    });
+
+  if (errorPaths.length) {
+    throw createFailError(
+      `These directories MUST have a 'yarn.lock' symlink:\n${listPaths(errorPaths)}`
+    );
+  }
+}
+
+export async function checkLockfileSymlinks(log, files) {
+  const filtered = files.filter(file => !matchesAnyGlob(file.getRelativePath(), IGNORE_FILE_GLOBS));
+  await checkProhibitedLockfiles(log, filtered);
+  await checkSuperfluousSymlinks(log, filtered);
+  await checkMissingSymlinks(log, filtered);
+}
diff --git a/src/dev/precommit_hook/index.js b/src/dev/precommit_hook/index.js
@@ -18,4 +18,5 @@
  */
 
 export { checkFileCasing } from './check_file_casing';
+export { checkLockfileSymlinks } from './check_lockfile_symlinks';
 export { getFilesForCommit } from './get_files_for_commit';
diff --git a/src/dev/precommit_hook/lockfile_check_config.js b/src/dev/precommit_hook/lockfile_check_config.js
@@ -0,0 +1,31 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export const LOCKFILE_GLOBS = ['**/yarn.lock'];
+
+export const MANIFEST_GLOBS = ['**/package.json'];
+
+export const IGNORE_FILE_GLOBS = [
+  // tests aren't used in production, ignore them
+  '**/test/**/*',
+  // fixtures aren't used in production, ignore them
+  '**/*fixtures*/**/*',
+  // cypress isn't used in production, ignore it
+  'x-pack/legacy/plugins/apm/cypress/*',
+];
diff --git a/src/dev/run_check_lockfile_symlinks.js b/src/dev/run_check_lockfile_symlinks.js
@@ -0,0 +1,45 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import globby from 'globby';
+
+import { run } from '@kbn/dev-utils';
+import { File } from './file';
+import { REPO_ROOT } from './constants';
+import { checkLockfileSymlinks } from './precommit_hook';
+
+run(async ({ log }) => {
+  const paths = await globby(['**/yarn.lock', '**/package.json'], {
+    cwd: REPO_ROOT,
+    nodir: true,
+    gitignore: true,
+    ignore: [
+      // the gitignore: true option makes sure that we don't
+      // include files from node_modules in the result, but it still
+      // loads all of the files from node_modules before filtering
+      // so it's still super slow. This prevents loading the files
+      // and still relies on gitignore to to final ignores
+      '**/node_modules',
+    ],
+  });
+
+  const files = paths.map(path => new File(path));
+
+  await checkLockfileSymlinks(log, files);
+});
diff --git a/src/dev/run_precommit_hook.js b/src/dev/run_precommit_hook.js
@@ -20,7 +20,7 @@
 import { run, combineErrors } from '@kbn/dev-utils';
 import * as Eslint from './eslint';
 import * as Sasslint from './sasslint';
-import { getFilesForCommit, checkFileCasing } from './precommit_hook';
+import { getFilesForCommit, checkFileCasing, checkLockfileSymlinks } from './precommit_hook';
 
 run(
   async ({ log, flags }) => {
@@ -33,6 +33,12 @@ run(
       errors.push(error);
     }
 
+    try {
+      await checkLockfileSymlinks(log, files);
+    } catch (error) {
+      errors.push(error);
+    }
+
     for (const Linter of [Eslint, Sasslint]) {
       const filesToLint = Linter.pickFilesToLint(log, files);
       if (filesToLint.length > 0) {

diff --git a/tasks/config/run.js b/tasks/config/run.js
@@ -105,6 +105,17 @@ module.exports = function(grunt) {
       ],
     }),
 
+    // used by the test tasks
+    //    runs the check_lockfile_symlinks script to ensure manifests with non-dev dependencies have adjacent lockfile symlinks
+    checkLockfileSymlinks: scriptWithGithubChecks({
+      title: 'Check lockfile symlinks',
+      cmd: NODE,
+      args: [
+        'scripts/check_lockfile_symlinks',
+        '--quiet', // only log errors, not warnings
+      ],
+    }),
+
     // used by the test tasks
     //    runs the check_core_api_changes script to ensure API changes are explictily accepted
     checkCoreApiChanges: scriptWithGithubChecks({

diff --git a/tasks/jenkins.js b/tasks/jenkins.js
@@ -28,6 +28,7 @@ module.exports = function(grunt) {
     'run:typeCheck',
     'run:i18nCheck',
     'run:checkFileCasing',
+    'run:checkLockfileSymlinks',
     'run:licenses',
     'run:verifyDependencyVersions',
     'run:verifyNotice',

diff --git a/x-pack/.gitignore b/x-pack/.gitignore
@@ -12,6 +12,3 @@
 !/legacy/plugins/infra/**/target
 .cache
 !/legacy/plugins/siem/**/target
-
-# We don't want any yarn.lock files in here
-/yarn.lock
diff --git a/x-pack/legacy/plugins/infra/yarn.lock b/x-pack/legacy/plugins/infra/yarn.lock
@@ -0,0 +1 @@
+../../../../yarn.lock
diff --git a/x-pack/legacy/plugins/siem/yarn.lock b/x-pack/legacy/plugins/siem/yarn.lock
@@ -0,0 +1 @@
+../../../../yarn.lock
diff --git a/x-pack/plugins/endpoint/yarn.lock b/x-pack/plugins/endpoint/yarn.lock
@@ -0,0 +1 @@
+../../yarn.lock
diff --git a/x-pack/yarn.lock b/x-pack/yarn.lock
@@ -0,0 +1 @@
+../yarn.lock