fix: use npm and yarn consistently in build and release (#5852)

* refactor: remove keytar dep in cross-compile

* refactor: try other keytar package

* refactor: remove keytar step in cross-compile

* fix: manually remove keytar

* try this first

* I think this is it

* Revert "I think this is it"

This reverts commit 5c566b0.

* okay this is it

* fixup

* try legacy peer

* remove keytar before standalone

* wrong path

* maybe

* revert: change *npm* back to npm*

* revert: don't uninstall keytar

* fix: use npm run standalone-release

* fixup formatting

* Revert "refactor: remove yarn.lock steps (#5850)"

This reverts commit 907747d.

* fixup: remove the --exclude

* refactor: remove yarn.lock check

Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>

Author: jsjoeio

.github/workflows/release.yaml

@@ -70,7 +70,7 @@ jobs:
       # NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
       # file when running inside a docker container.
       - name: Build standalone release
-        run: source scl_source enable devtoolset-9 && yarn release:standalone
+        run: source scl_source enable devtoolset-9 && npm run release:standalone
 
       - name: Fetch dependencies from cache
         id: cache-node-modules
@@ -172,9 +172,6 @@ jobs:
         env:
           PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}
 
-      - name: Install keytar dependencies
-        run: sudo apt install -y libsecret-1-dev
-
       - name: Download npm package
         uses: actions/download-artifact@v3
         with:
@@ -183,6 +180,8 @@ jobs:
       - name: Decompress npm package
         run: tar -xzf package.tar.gz
 
+      # NOTE@jsjoeio - npm fails here
+      # so use yarn
       - name: Build standalone release
         run: yarn release:standalone
 
@@ -239,7 +238,7 @@ jobs:
         run: tar -xzf package.tar.gz
 
       - name: Build standalone release
-        run: yarn release:standalone
+        run: npm run release:standalone
 
       - name: Fetch dependencies from cache
         id: cache-node-modules

ci/build/build-release.sh

@@ -56,6 +56,7 @@ bundle_code_server() {
   }
 EOF
   ) > "$RELEASE_PATH/package.json"
+  rsync yarn.lock "$RELEASE_PATH"
   mv npm-shrinkwrap.json "$RELEASE_PATH"
 
   rsync ci/build/npm-postinstall.sh "$RELEASE_PATH/postinstall.sh"
@@ -96,10 +97,12 @@ bundle_vscode() {
     "$VSCODE_SRC_PATH/remote/package.json" \
     "$VSCODE_SRC_PATH/package.json" > "$VSCODE_OUT_PATH/package.json"
 
+  rsync "$VSCODE_SRC_PATH/remote/yarn.lock" "$VSCODE_OUT_PATH/yarn.lock"
   mv "$VSCODE_SRC_PATH/remote/npm-shrinkwrap.json" "$VSCODE_OUT_PATH/npm-shrinkwrap.json"
 
   # Include global extension dependencies as well.
   rsync "$VSCODE_SRC_PATH/extensions/package.json" "$VSCODE_OUT_PATH/extensions/package.json"
+  rsync "$VSCODE_SRC_PATH/extensions/yarn.lock" "$VSCODE_OUT_PATH/extensions/yarn.lock"
   mv "$VSCODE_SRC_PATH/extensions/npm-shrinkwrap.json" "$VSCODE_OUT_PATH/extensions/npm-shrinkwrap.json"
   rsync "$VSCODE_SRC_PATH/extensions/postinstall.mjs" "$VSCODE_OUT_PATH/extensions/postinstall.mjs"
 }

ci/build/npm-postinstall.sh

@@ -128,24 +128,14 @@ install_with_yarn_or_npm() {
   # NOTE@edvincent: We want to keep using the package manager that the end-user was using to install the package.
   # This also ensures that when *we* run `yarn` in the development process, the yarn.lock file is used.
   case "${npm_config_user_agent-}" in
-    *npm*)
-      if [ -f "yarn.lock" ]; then
-        echo "yarn.lock file present, running in development mode. use yarn to install code-server!"
-        exit 1
-      else
-        # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
-        # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
-        # See https://github.com//pull/5071
-        npm install --unsafe-perm --legacy-peer-deps --omit=dev
-      fi
+    npm*)
+      # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
+      # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
+      # See https://github.com//pull/5071
+      npm install --unsafe-perm --legacy-peer-deps --omit=dev
       ;;
     yarn*)
-      if [ -f "yarn.lock" ]; then
-        yarn --production --frozen-lockfile --no-default-rc
-      else
-        echo "yarn.lock file not present, not running in development mode. use npm to install code-server!"
-        exit 1
-      fi
+      yarn --production --frozen-lockfile --no-default-rc
       ;;
     *)
       echo "Could not determine which package manager is being used to install code-server"