Chore: Add a CI script to check if patches are valid and still applied

.eslintignore

@@ -1896,6 +1896,7 @@ packages/tools/buildServerDocker.js
 packages/tools/checkIgnoredFiles.js
 packages/tools/checkLibPaths.test.js
 packages/tools/checkLibPaths.js
+packages/tools/checkYarnPatches.js
 packages/tools/convertThemesToCss.js
 packages/tools/fuzzer/ActionRunner.js
 packages/tools/fuzzer/Fuzzer.js

.github/scripts/run_ci.sh

@@ -172,6 +172,12 @@ if [ "$RUN_TESTS" == "1" ]; then
 	if [ $testResult -ne 0 ]; then
 		exit $testResult
 	fi
+
+	yarn checkYarnPatches
+	testResult=$?
+	if [ $testResult -ne 0 ]; then
+		exit $testResult
+	fi
 fi
 
 # =============================================================================

.gitignore

@@ -1869,6 +1869,7 @@ packages/tools/buildServerDocker.js
 packages/tools/checkIgnoredFiles.js
 packages/tools/checkLibPaths.test.js
 packages/tools/checkLibPaths.js
+packages/tools/checkYarnPatches.js
 packages/tools/convertThemesToCss.js
 packages/tools/fuzzer/ActionRunner.js
 packages/tools/fuzzer/Fuzzer.js

package.json

@@ -25,6 +25,7 @@
     "buildWebsiteTranslations": "node packages/tools/website/buildTranslations.js",
     "checkIgnoredFiles": "node ./packages/tools/checkIgnoredFiles.js",
     "checkLibPaths": "node ./packages/tools/checkLibPaths.js",
+    "checkYarnPatches": "node ./packages/tools/checkYarnPatches.js",
     "circularDependencyCheck": "madge --warning --circular --extensions js ./",
     "clean": "npm run clean --workspaces --if-present && node packages/tools/clean && yarn cache clean",
     "crowdin": "crowdin",

packages/tools/checkYarnPatches.ts

@@ -0,0 +1,66 @@
+import { getRootDir } from '@joplin/utils';
+import { readFile } from 'fs-extra';
+import { join } from 'path';
+
+// Checks that all patch resolutions in package.json are actually applied in
+// yarn.lock. Catches the case where a dependency version is upgraded but the
+// resolution still targets the old version, causing the patch to silently not
+// apply.
+
+const main = async () => {
+	const rootDir = await getRootDir();
+	const packageJson = JSON.parse(await readFile(join(rootDir, 'package.json'), 'utf8'));
+	const yarnLock = await readFile(join(rootDir, 'yarn.lock'), 'utf8');
+
+	const resolutions: Record<string, string> = packageJson.resolutions ?? {};
+	const errors: string[] = [];
+
+	for (const [key, value] of Object.entries(resolutions)) {
+		if (!value.startsWith('patch:')) continue;
+
+		// Extract the patch target, e.g. "patch:nanoid@npm%3A3.3.11#..." -> "nanoid@npm:3.3.11"
+		const patchTarget = value
+			.replace(/^patch:/, '')
+			.replace(/#.*$/, '')
+			.replace(/%3A/g, ':');
+
+		// Extract package name and version from the patch target.
+		// Supports both "pkg@npm:version" and "pkg@version" formats.
+		const match = patchTarget.match(/^(.+)@(?:npm:)?(.+)$/);
+		if (!match) {
+			errors.push(
+				`Invalid patch format for "${key}": "${patchTarget}" does not match ` +
+				'expected pattern "packageName@npm:version" or "packageName@version".',
+			);
+			continue;
+		}
+
+		const [, packageName, patchVersion] = match;
+		const hasNpmPrefix = patchTarget.includes('@npm:');
+
+		// Check that yarn.lock contains a resolved entry for this exact
+		// patch. The lockfile entry looks like:
+		//   "pkg@patch:pkg@npm%3Aversion#path::..."  (with npm prefix)
+		//   "pkg@patch:pkg@version#path::..."         (without npm prefix)
+		const versionPart = hasNpmPrefix ? `@npm%3A${patchVersion}` : `@${patchVersion}`;
+		const patchPattern = `"${packageName}@patch:${packageName}${versionPart}#`;
+		if (!yarnLock.includes(patchPattern)) {
+			errors.push(
+				`Resolution "${key}" patches ${packageName}@${patchVersion}, ` +
+				'but yarn.lock has no matching entry. The dependency was likely ' +
+				'upgraded — update the patch to target the current version.',
+			);
+		}
+	}
+
+	if (errors.length > 0) {
+		throw new Error(`Yarn patch validation failed:\n\n${errors.join('\n\n')}`);
+	}
+
+	console.log(`All ${Object.values(resolutions).filter(v => v.startsWith('patch:')).length} patch resolutions are applied.`);
+};
+
+main().catch((error) => {
+	console.error(error);
+	process.exit(1);
+});