.gitignore file left in 5.13.4 release

There is a .gitignore file in the 5.13.4 releases. Inside bower_components/jquery the .gitignore lists /dist containing all the jquery files.

This creates havoc for git managed sites.

added sig:bug triaged labels

@eileen or @totten do you have a clue how this happened?

For CIVI-SA-2019-11, we had to setup a fork of jQuery 1.x (figured these steps for the task). I made sure to check before the release that the git/file structure of the fork (1.12.4-civicrm-1) closely matched that of the original jQuery tag (1.12.4) in both git and zip formulations... so it's surprising that this would show change.

But I can confirm your observation that the effective content of bower_components/jquery/.gitignore is different in the two Civi releases.

Digging more to see how that difference could arise, I find two pieces of information that we didn't have before:

• For normal upstream releases, jQuery publishes code to Github via two different repos -- (1) jquery/jquery.git and (2) jquery/jquery-dist.git. Both repos get tagged for the release. In both repos/tags, they provide raw src/ as well as runnable dist/. The differences are that (a) jquery-dist.git omits the dot-files and (b) bower install feeds off of jquery-dist.git by default.
• For normal upstream releases, the process is coordinated by https://github.com/jquery/jquery-release. This is the system which takes artifacts from jquery.git and copies them to jquery-dist.git. (There is also no reference to it in jquery.git... but so it goes.)

I'm still on vacation a few more days but will try to post an updated build when I get back Tue (or maybe sometime before - if a timeslot comes up while on the road).

added regression label

@tommybobo @JKingsnorth I don't know what the overall workflow is like for your environment, and we don't have a singular workflow spec to design/test against, so I've been wrestling a bit with how to address this while keeping the total complexity down. Let me verbalize a couple thoughts on ways to address... and see how these resonate:

• (A) In distmaker, we could discard all .gitignore files from the bower_components tree.
  • This would be one relatively small patch in dm_install_bower.
  • This would only affect .gitignore files for workflows which build on top of a standard tarball. (Exampe: Folks who import the civicrm-x.y.z-drupal.tar.gz content into their site's monorepo.) One could still perceive differences with other dotfiles and (potentially) with non-distmaker workflows.
  • This would affect .gitignore for all bower-based dependencies (jquery, jquery-ui, select2, et al).
• (B) In Github, we could more completely reproduce the original jQuery 1.x release process -- i.e. we would have analogs for both jquery/jquery.git (=> civicrm/jquery.git) and jquery/jquery-dist.git (=> civicrm/jquery-dist.git), and we'd use jquery-release to manage them.
  • This more perfectly reproduces the file structure from before the security release. It has consistent impact regardless of a deployer's workflow, and it only affects the jquery library.
  • This feels more complicated overall -- because there are more projects/files/moving-parts/new-parts. That translates to higher costs both today and in the future (if jQuery 1.x needs another patch). The extra effort feels painful from a cost-benefit perspective... because we don't really want to maintain a jQuery 1.x fork. Time spent on this infra feels like time wasted.
• (C) In civicrm/jquery.git, simple patch or remove .gitignore file
  • This would be one relatively small patch.
  • It would only affect the jquery library.
  • It adds an extra patch to our branch; so if we have to do another update/cherry-pick/rebase, it may be need to be reapplied.

So the basic question is ... will a KISS approach (A or C) be good enough?

Seamus submitted https://github.com/civicrm/jquery/pull/1 (C) several days ago.

I think it's as simple as (A) and has narrower impact like (B). There's potential for extra cost (cherry-picking/carrying-forward during a future update), but that risk isn't very high given that we're not intending to do general maintenance on this fork.

mentioned in commit b42d616f

mentioned in commit 8bfd5237

mentioned in commit 108dbdf3

mentioned in commit 49eadc07

Tested locally and confirmed that the relaxed .gitignore propagates to build.

jquery#1 merged and tagged. Corresponding updates to bower.json via https://github.com/civicrm/civicrm-core/pull/14379 and https://github.com/civicrm/civicrm-core/pull/14280.

I've tested both incrementally (bower install with the patch) and with the autobuild tarballs produced after the patch (wget .../civicrm-5.13.4-drupal-201905300252.tar.gz && tar xvzf ... && git init && git add ...). In both cases, the relaxed .gitignore comes through. In the latter case, the jquery/dist is included in the downstream repo.

closed