Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow skipping sha checksum
See original GitHub issueProblem
Installing Prisma in an Enterprise CI (Jenkins), I encounter the issue that downloading the sha values (checkSum!?) are forbidden by company policy. That is due to a policy were by every download has do go throgh our enterprise reposetory.
Suggested solution
Add --skipChecksum, that would prevent downloading the sha value.
Logs
> npm --ignore-scripts i
> npx prisma db pull
Error: request to https://binaries.prisma.sh/all_commits/73e60b76d394f8d37d8ebd1f8918c79029f0db86/debian-openssl-1.1.x/migration-engine.gz.sha256 failed, reason: connect ECONNREFUSED 108.156.107.28:443
Alternatives
-
I suppose a mirror could work. But since we are only using Prisma for tests, I haven’t got to try and mirror the binaries / checkSum
-
commit all node_modules/*prisma, I tried that, people wasn’t happy (enterprise monorepo, so it added 330Mb to all).
Additional context
To be clear, I know the error is for pulling the sha, but I couldn’t verify if the binaries were loaded, Is there a way to confirm it? Open Question Requested here as well
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:11 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I would be more than happy to implement this and submit a PR if I can get some assurance that such a change would be accepted.
Here’s my situation: the environment I deploy my application to does not have internet access for security reasons. Typically, when we use a library that includes platform-specific binaries like prisma does, we setup a repository in artifactory and that basically behaves like a caching proxy for the binary file server.
In this case, we then configured the
PRISMA_ENGINES_MIRRORenvironment variable so that the files would be downloaded from artifactory instead of binaries.prisma.sh.Unfortunately in this case, you’re validating the sha256 checksum not only of the gzipped file, but also of the un-gzipped file. Artifactory creates it’s own checksums, so when it pulls in, for example,
prisma-fmt.gz, it creates a sha256 checksum and makes it accessible asprisma-fmt.gz.sha256. This is all fine so far, but the prisma download scripts also attempt to downloadprisma-fmt.sha256, but there’s noprisma-fmtfile (no extension) on the remote file server, so artifactory never generates a sha256 file for it.The end result is that when fetching the files from artifactory, it fails to download
prisma-fmt.sha256, which then causes the unzipped checksum validation to fail.As far as I can tell, there’s no way to fix this in artifactory, so it’d be really nice if I could just disable the validation check in the download script.
Again, I’d be more than happy to submit a PR that introduces a new environment variable for disabling the checksum validation. Perhaps
PRISMA_IGNORE_CHECKSUM? With this enabled, it would warn about checksum issues but would not fail the build. Would the prisma team be open to this change?I don’t think we have a workaround at the moment. Even if you download the binaries and use env vars to tell prisma where they are, it still fails because it tries to download the checksum files.
I don’t think checking in node modules will work unless you’re deploying to the same platform you develop on.
I’m currently working on a fix (as described above) but it will likely be a week or so before I’m able to submit it as a pull request.