Skip to content

fix: bump npm infrastructure dependencies and make sure changing serve.js content is applied#2542

Merged
nedtwigg merged 7 commits intodiffplug:mainfrom
simschla:bugfix/bump-versioning-for-js-based-steps
Jul 7, 2025
Merged

fix: bump npm infrastructure dependencies and make sure changing serve.js content is applied#2542
nedtwigg merged 7 commits intodiffplug:mainfrom
simschla:bugfix/bump-versioning-for-js-based-steps

Conversation

@simschla
Copy link
Contributor

@simschla simschla commented Jul 3, 2025

In #2462 we introduced the support for using the same node-modules-dir for multiple spotless steps requiring the same dependencies. To achieve this, the serve.js files were updated to accept a UUID when starting a npm-based server so that the java side knows which server-process (which port) it may use.

This created a problem we did not foresee: If a user has a running spotless installation before this change, then updates to the version containing this change, it leads to a problematic situation: the existing node-modules-dir (created by the previous spotless version and thus containing the old serve.js files without the UUID-change) would prevent the new spotless version from using the new serve.js files (containing the UUID-change) because the md5 hash used in the node-modules-dir's name did only respect the package.json content, not the serve.js content.

This PR changes this, so that the content of the package.json as well as the content of the serve.js files is respected in order to calculate a md5 hash for naming the node-modules-dir. So if any of these files change, a new node-modules-dir is used.

This PR also bumps the dependencies used behind the scenes for creating and managing the npm server process.

simschla added 5 commits July 3, 2025 20:22
@simschla
chore: bump/replace server deps
f6ebe92
@simschla
fix: use correct variable name in error case
fea6e81
@simschla
chore: bump internal version number(s)
c93a158
@simschla
chore: make sure to calculate different hashes if serve-files change
8815367 
this was a hidden update issue: if we change the serve-script content
between two releases but the user keeps the package.json the same, the
md5 hash used for the node-modules-dir stayed the same, resulting in us
not using the latest version of the serve script but keep using the old
one. That was especially harmful in the case where we changed the api of
the serve-script to accept a uuid to allow multiple instances. The old
script just ignored that resulting in a server-process that was never
found due to wrong port-file-names written/waited for.
@simschla
chore: assert new expected behaviour in test
5f6880f
@simschla simschla requested a review from Copilot July 3, 2025 19:04
Copilot AI reviewed Jul 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR ensures the serve.js content is included when hashing node-modules directories and bumps the underlying npm server dependencies.

  • Extend MD5 hashing to cover both package.json and serve.js contents
  • Update NodeServerLayout and step state to pass through serve script content
  • Bump versions of Express and graceful-shutdown packages in all serve scripts

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
lib/src/test/java/com/diffplug/spotless/npm/NpmResourceHelperTest.java Added unit tests for the new MD5 overload
lib/src/test/java/com/diffplug/spotless/npm/NodeServerLayoutTest.java Added tests to verify the hash changes when serve.js differs
lib/src/main/resources/com/diffplug/spotless/npm/tsfmt-serve.js Fixed typo when sending error messages
lib/src/main/resources/com/diffplug/spotless/npm/common-serve.js Replaced old shutdown manager with http-graceful-shutdown
lib/src/main/resources/com/diffplug/spotless/npm/tsfmt-package.json Bumped server package to v4.0.0 and updated dependencies
lib/src/main/resources/com/diffplug/spotless/npm/prettier-package.json Bumped server package to v4.0.0 and updated dependencies
lib/src/main/resources/com/diffplug/spotless/npm/eslint-package.json Bumped server package to v4.0.0 and updated dependencies
lib/src/main/java/com/diffplug/spotless/npm/NpmResourceHelper.java Extended md5 to accept multiple contents and updated implementation
lib/src/main/java/com/diffplug/spotless/npm/NpmFormatterStepStateBase.java Pass serve.js content into NodeServerLayout
lib/src/main/java/com/diffplug/spotless/npm/NodeServerLayout.java Revised directory name generation to include serve script hash
lib/build.gradle Added testlib project to testing classpath
Comments suppressed due to low confidence (5)

lib/src/main/java/com/diffplug/spotless/npm/NpmResourceHelper.java:146

  • [nitpick] The variable name additionalFilecontentStream mixes casing and violates CamelCase conventions. Consider renaming it to additionalFileContentStream for consistency.
		Stream<String> additionalFilecontentStream = Stream.concat(

lib/src/main/resources/com/diffplug/spotless/npm/common-serve.js:3

  • [nitpick] The imported function is assigned to a generic name. Consider renaming the shutdown handler (e.g., to shutdownServer) to avoid confusion with system-level shutdown methods.
const gracefulShutdown = require("http-graceful-shutdown");

lib/src/main/resources/com/diffplug/spotless/npm/tsfmt-package.json:12

  • Runtime dependencies like express and http-graceful-shutdown are declared under devDependencies. If these scripts run in production, consider moving them to dependencies to ensure they're always installed.
		"express": "5.1.0",

lib/src/main/resources/com/diffplug/spotless/npm/prettier-package.json:12

  • Runtime dependencies like express and http-graceful-shutdown are declared under devDependencies. If these scripts run in production, consider moving them to dependencies to ensure they're always installed.
		"express": "5.1.0",

lib/src/main/resources/com/diffplug/spotless/npm/eslint-package.json:12

  • Runtime dependencies like express and http-graceful-shutdown are declared under devDependencies. If these scripts run in production, consider moving them to dependencies to ensure they're always installed.
		"express": "5.1.0",

@nedtwigg nedtwigg merged commit e803400 into diffplug:main Jul 7, 2025
30 of 31 checks passed
@simschla simschla mentioned this pull request Jul 7, 2025
Closed
@nedtwigg
Copy link
Member

nedtwigg commented Jul 7, 2025

Released in plugin-gradle 7.1.0 and plugin-maven 2.45.0.

simschla added a commit to simschla/spotless that referenced this pull request Dec 9, 2025
@simschla
fix: prevent name collisions when launching multiple node-based serve…
91d568a 
…rs on same node_modules

Before this change: if two (or more) node-based servers have been
started on the same node_modules dir, the could override each others
temporary port files, resulting in some of the servers not correctly
launching.
With this change: each server process makes sure to write distinct
temporary and final files for transporting selected port number to the
launching java process.
This is a fixup for diffplug#2462.

Refs: diffplug#2462, diffplug#2542
simschla added a commit to simschla/spotless that referenced this pull request Dec 9, 2025
@simschla
chore: bump versions for serve-packages due to logic changes
1c0870f 
Refs: diffplug#2462, diffplug#2542
@simschla simschla mentioned this pull request Dec 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simschla @nedtwigg