Running Sherif in CI without pnpm install

This lesson preview is part of the Bundling and Automation in Monorepos course and can be unlocked immediately with a \newline Pro subscription or a single-time purchase. Already have access to this course? Log in here.

This video is available to students only
Unlock This Course

Get unlimited access to Bundling and Automation in Monorepos, plus 90+ \newline books, guides and courses with the \newline Pro subscription.

Thumbnail for the \newline course Bundling and Automation in Monorepos

  • [00:00 - 00:17] The next thing I want to do is show you that we can sometimes run a check in GitHub without doing a pnpm install. One example for that is going to be sherif. So sherif is what we use to check that the monorepo itself is correctly set up.

    [00:18 - 00:26] We don't have any packages that are different between workspaces. The sherif package itself has no dependencies.

    [00:27 - 00:35] It's a single package that directly has everything inlined in it. This is a good candidate then for something to run to npx.

    [00:36 - 01:04] Rather than do a whole pnpm install only to be able to run this command, we could do something like "npx -y sherif". So "npx -y sherif" means accept installing the package if it's not already installed and then run it. However, this will always run the latest version of sherif rather than the version that we have specified in our package.json.

    [01:05 - 01:17] So in package.json, we are currently specifying sherif at 1.4.0. And because of the the way that I want this to run, I'm going to make this an explicit version.

    [01:18 - 01:28] So without the hat, not all versions 1, above 1.4, but exactly version 1.4.0. With this change I'm going to do pnpm install.

    [01:29 - 01:36] It will update both package.json and pnpm lock. So now I'm going to add these changes.

    [01:37 - 01:49] Which is basically to force specifically version 1.4.0 for sherif. I'm going to I'm going to actually first check out the branch called sherif-ci.

    [01:50 - 02:04] And I'm going to commit this with "Set exact sherif version". And then let's think about how we can get that version number from package.json.

    [02:05 - 02:19] So package.json is a JSON file which means Node can easily read it and Node can optionally take a parameter called "-e", which means evaluate. And we can say something like "console.log(1)".

    [02:20 - 02:29] As you can see, this prints "1" to the terminal or "1111". So we can give Node a string of JavaScript to execute.

    [02:30 - 02:40] And then we can do "console.log()" to print. A different way of doing it is with "-p". With "-p", the last expression in the code is the one that gets printed.

    [02:41 - 02:58] So if I have two expressions, the first one is the expression just the number 11111. The second one is 0000, which is just 0. The second or the last expression in the script that we gave it is going to be printed to the console. So we can save ourselves the console.log().

    [02:59 - 03:22] So then what we can do is node -p "require('./package.json')", which is going to just require the whole package.json and print it to the console. We can then say "['devDependencies']", which is going to get all dev dependencies. And finally we can say "['sherif']".

    [03:23 - 03:39] So this gives us the version of sherif as specified in our package.json. With that we can now do "npx -y" so accept installing the package, "--package" to specify which package we want to install.

    [03:40 - 03:53] Then we say "sherif@" and do a shell substitution. That's going to execute our node command and write that as the version.

    [03:54 - 04:09] So we're saying npx install package sherif at whatever version is in package.json. And then once we have that package we need to again say :sherif" which means execute the sherif command with that package installed by npx.

    [04:10 - 04:22] So this is going to take a moment but it run correctly. And this is a way to very quickly install something, especially if it doesn't have many or any dependencies as sherif does.

    [04:23 - 04:37] So a way to very quickly install something without doing a full pnpm install. I'm going to copy this whole line, and I'm going to go to our ./github/workflows/ci.yaml file.

    [04:38 - 04:54] And I'm going to create a new job, call it "sherif", It runs on ubuntu 24.04. It has a steps of run the whole line that we copied before.

    [04:55 - 05:11] And it also has the checkout command. So now this is going to be a very fast check file here, as your monorepo grows, the step starts to be slower and slower, sometimes taking up to 40s, 50s, 60s.

    [05:12 - 05:18] This is going to be almost instantaneous. I expect the speed of this to be about 10 to 15 seconds maximum.

    [05:19 - 05:27] So let's check that it is that way. Add everything, commit, "Add sherif CI check".

    [05:28 - 05:35] Push origin/sherif-ci. Create the pull request and let's see, did I get everything correct.

    [05:36 - 05:44] We now have our sherif job running as well as our normal CI job. And as you can see, it succeeded in five seconds.

    [05:45 - 06:22] So when you have a check that doesn't need a full install, and in practice, any check that can be run by npx without a full install, you can do it this way, where you specify the package to resolve the exact version that you have specified in your package.json. So if the version of sherif changes in the future and it adds new checks that would fail our repository, we don't want that to fail arbitrarily, when the new version releases. We want it to be running against specifically the version that we have specified.

    [06:23 - 06:35] And as you can see, this is extremely fast in total five seconds for the whole check. I'm going to merge this pull request and I will see you in the next lesson.