Proposal: Use packages on Github registry to share code between repositories

[barbogast]

Proposal: Use packages on Github registry to share code between repositories

This is proposal for starting to share code across repositories by publishing certain repositories as a package on the github package registry.

Current situation

At the moment we have 3 ways to share code between repositories:

• copy code: done mainly with tools and constants already
• use yarn to install packages directly from github (eslint-config-getsafe)
• use git submodules

Each of these ways has subtle disadvantages.

Proposed solution

Publish shared repositories as npm package in the github package repository. Automate publishing with github actions.

Reasons for having a package

• We can use the usual tooling to install and update packages. Especially tools like dependabot should help keeping packages up to date.
• Using npm packages is the default way to share code, so it should work in every circumstance (in contrast to submodules)

Reasons to use the github registry (and not npm)

• We already use github for code hosting and code reviews. Using it also for packages means that we have everything within one user interface, and we don't need to manage npm user accounts.
• Changes are that by using github for code hosting, package hosting and process automation (see below) we get a well integrated solution.
• Since github purchased npm it is to be expected that github will focus their resources on improving the native package registry instead of the npm one

Reasons for using github actions

• Using github for code and packages means that it's probably easier and smoother to stay within github for publishing packages.
• We can use this as an opportunity to evaluate github actions in general.

Technical solution: We could go with https://github.com/marketplace/actions/publish-to-npm which means that we just increase the version number in package.json. The action will then automatically publish a new package and add a git tag.

Approach

I would start setting up the infrastructure to publish eslint-config-getsafe. Once this is done and we are happy with it we can consider using it for the ui-kit (or other shared code, see https://hellogetsafe.atlassian.net/browse/GET-3502)

[yamov]

Generally, if Github package registry works without any issues in all our CIs (Circle CI, Heroku, App Center) I'd be in favour of going with it.

[barbogast]

Technical solution: We could go with https://github.com/marketplace/actions/publish-to-npm which means that we just increase the version number in package.json. The action will then automatically publish a new package and add a git tag.

So, will we publish to npm or Github package registry? or it's the action name that is misleading and it actually published to Github?

Should work with by pointing the registry value in the yarn config to github

[barbogast]

App center is a good point, but it should work (https://levelup.gitconnected.com/installing-private-npm-packages-in-microsoft-appcenter-ci-cd-13d61f02aab2)