@developers here we go
@developers Thanks for a good call yesterday guys. As mentioned we’ll have these calls monthly, and use these other channels for async and 1:1 discussion in the interim
resonate telegram dev chat (technical chat only). Ping @auggod or @angusmcleod on telegram and we’ll add you.
#platform forum category for any general development discussions that don’t fit into one of the sub-categories.
We’re going to move to this branch policy across all of our repos
- Development (default)
- Main (production)
- Branch Protection on main
We’re going to use these commit prefix conventions as a starting point
We’re going to adopt the following github CI and access
- A Github Team for push rights to repos
- Require all tests to pass on every PR
- Stream: linting and syntax
- API: Go tests
- User API: Go tests
- Epic that focuses on integrity
We’re going to update the readmes of the main repos to ensure it’s easy for folks to get started with developing with the code locally
- Make it clear that there is swagger
- Remove references to bankai
- “You can find an example nginx configuration file in the docs.” Doesn’t work. If you want to use it include it as nginx.conf.
- mkcert put some example commands
- Make it explicit that the backend is needed to run it locally
- @auggod will apply the branch policy to stream
- @angus will apply the branch policy to the user-api
- @angus will create a developers team on github to handle push rights
- @boopboop will create a PR to improve the readme of the stream
Follow up here once you’ve done your todo on this list (as we won’t be having regular meetings for this stuff.
- there’s a swagger that works? I’ve tried looking for it but seem to have missed it.
Make it explicit that the backend is needed to run it locally- it would be nice to have instructions for running just the stream frontend locally (my task) and also instructions for running the frontend and backend(s) locally. I can attempt this second one.
@angus would it be possible to find a volunteer to test the readme steps end-to-end? Not sure what the status is with the volunteer list.
@Timothee @datafruits @Nick_M Hey guys, when you get the chance, could you try running through the steps in the updated dev setup readme for the player @boopboop’s been working on? We just want to be sure it makes sense.
(@Nick_M, ping me on telegram if you want further assistance setting things up locally)
Here are the issues I ran into my first time around:
update readme branch: GitHub - whatSocks/stream at readme-updates-2
When you get set up, please test:
- log in / out
- create a playlist
- edit a playlist
- click the search bar + see the prompt with the tags
update - readme-updates-2 branch has been rebased with the latest updates to the player. Still need some volunteers to try to follow the instructions on their machines.
@Nick_M When you have time did you want to give this one a whirl? Would be a good entry point to getting more into development if you’re interested
Build was successful and player ran locally using @boopboop’s new readme instructions.
There were a couple of deprecated package warnings:
har-validator and request packages are deprecated. Are they actually used anywhere in stream?
email@example.com deprecated - I did an npm install firstname.lastname@example.org (latest), but I guess it’s still using the old one?
I cloned the repo fine with HTTPS:
git clone https://github.com/resonatecoop/stream.git
…but as usual for me, SSH did not work. This is what I was trying to do:
git clone email@example.com:resonatecoop/stream.git …but I kept getting bad permissions
SSH Setup was to
- Create a new SSH key:
- open the terminal
- enter ssh-keygen (preferred key type here)
- save to default location ~/.ssh/id_
- use a passphrase
- Store in keychain to avoid re-entering
- create or update .ssh/config in home directory:
- Host firstname.lastname@example.org:resonatecoop UseKeychain yes AddKeysToAgent yes IdentityFile ~/.ssh/id_
- enter: ssh-add -K ~/id_
- Add key to github account and (optional) a personal access token for the code editor
Many deprecated package warnings with lerna bootstrap …possibly compounded by an old node lockfile issue… but it seems all the warnings can be ignored?
I was expecting something to break because of the
.env file line:
…rather than pointing to a real ID server…
…but all seemed to run OK. Haven’t tried the login yet though.
can you post the deprecation warnings? What version of node are you using?
This is what I get on
➜ stream git:(development) ✗ lerna bootstrap info cli using local version of lerna lerna notice cli v3.22.1 lerna info versioning independent lerna info bootstrap root only removed 39 packages, changed 1 package, and audited 2466 packages in 52s 112 packages are looking for funding run `npm fund` for details 57 vulnerabilities (18 low, 28 moderate, 11 high) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details.
I also don’t have a lockfile at the project’s root, so I’m wondering how you got one
➜ stream git:(development) ✗ ls CHANGELOG.md CONTRIBUTING.md README.md docker-compose.yml embed nginx.conf package.json CODE_OF_CONDUCT.md LICENSE beta docs lerna.json node_modules packages
node -v v14.15.1 npm -v 7.24.1 lsb_release -cdir Distributor ID: Ubuntu Description: Ubuntu 21.04 Release: 21.04 Codename: hirsute
(upgraded node to latest before starting)
My lerna bootstrap:
lerna bootstrap lerna notice cli v4.0.0 lerna info versioning independent lerna info bootstrap root only npm WARN deprecated email@example.com: flatten is deprecated in favor of utility frameworks such as lodash. npm WARN deprecated firstname.lastname@example.org: This package is broken and no longer maintained. 'mkdirp' itself supports promises now, please switch to that. npm WARN deprecated email@example.com: flatten is deprecated in favor of utility frameworks such as lodash. npm WARN deprecated firstname.lastname@example.org: this library is no longer supported npm WARN deprecated email@example.com: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated firstname.lastname@example.org: Fixed a prototype pollution security issue in flat, please upgrade to ^1.6.2 or ^5.0.1. npm WARN deprecated email@example.com: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated firstname.lastname@example.org: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies. npm WARN deprecated email@example.com: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated firstname.lastname@example.org: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) npm WARN deprecated email@example.com: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated firstname.lastname@example.org: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated email@example.com: This package is unmaintained and deprecated. See the GH Issue 259. npm WARN deprecated firstname.lastname@example.org: This package is unmaintained and deprecated. See the GH Issue 259. npm WARN deprecated email@example.com: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js. added 2314 packages, and audited 2350 packages in 2m 113 packages are looking for funding run `npm fund` for details 57 vulnerabilities (18 low, 28 moderate, 11 high) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details.
How did I get a lockfile? Strangely I was warned it was created by an earlier version of npm or missing, so I followed instructions to ‘create’ or force it: npm i --package-lock-only
I don’t think package-lock.json is necessarily in the top level - there are instances in the node_modules subdirs:
/home/nick/development/resonate/stream/node_modules/babel-code-frame/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-helper-define-map/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-helper-regex/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-plugin-transform-es2015-block-scoping/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-plugin-transform-regenerator/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-polyfill/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-register/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-runtime/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-template/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-traverse/package-lock.json /home/nick/development/resonate/stream/node_modules/babel-types/package-lock.json /home/nick/development/resonate/stream/node_modules/browser-pack-flat/example/package-lock.json /home/nick/development/resonate/stream/node_modules/nanoanimation/package-lock.json /home/nick/development/resonate/stream/node_modules/npm-normalize-package-bin/package-lock.json
This is what I have now in stream:
ls beta CONTRIBUTING.md embed nginx.conf packages CHANGELOG.md docker-compose.yml lerna.json node_modules README.md CODE_OF_CONDUCT.md docs LICENSE package.json
node -v v16.9.1 and am getting less issues than you are, but if you can run things on
v14.15.1 with warnings, maybe there’s no issue and we’re overthinking it. The readme should be more explicit on what it means by ‘latest’ though.
I did researching the interaction of lerna and lock files to try to run
npm audit - basically lerna is barely getting updates so we shouldn’t hold our breath waiting for lerna team to add support for
npm audit. If we want to find out what needs updating, we’d have to go package by package and check. The solution for this that I saw brought up over and over was to write a script that automates this. One team even built lerna-audit - npm ! I did try using lerna-audit but it didn’t fix the issue. I also didn’t try that hard, so maybe it’s a solution.
But if the app runs, then perhaps there’s no issue? Aside from the chore of checking dependencies?
OAUTH_HOST: I’m not even including this variable in my
env and nothing seems to break. But once the big switch occurs we should revisit this.
@Nick_M could you try logging in and create / edit a playlist as a final test? And also see if these tags show up when you click on the search field?
@piper This is the thread our github Readme points to.
This is still the thread https://github.com/resonatecoop/stream#readme points to.
Is this the best place to receive interested dev contributors?
Seems a little dead up top… (a call to a meeting that quit happening 6 months ago).
Does someone have a better place to point that readme link to?
It seems that the wording preceding the link implies that it links to the Platform section of this forum. Not sure if that’s the best spot, but it would probably be better than linking to this specific thread. If I remember correctly, this tripped me up when I was first getting involved, so it would probably be good to amend/change that link.
Do you mind updating the [forum] link given in line 40 to https://community.resonate.is/c/platform/l/latest?board=default ?