-
Notifications
You must be signed in to change notification settings - Fork 522
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yarn_install should use --frozen-lockfile #941
Comments
My workflow is usually to add a package to the package.json or update it there and then let bazel handle the regeneration of my lock file. So if this was not customizable this imo valid workflow would break. |
While it wouldn't be how I'd do things, I can see an argument for it. However in the context of for example a CI system, it seems not unreasonable to demand that the lock file is frozen. That's what lock files are for, after all. |
Yep I do agree in a CI system it makes total sense and I would also be very happy to have it there. I was thinking in general if there is some way we can clean up the attributes for the flags a bit. There is one to add Maybe we could just get rid of all of those before 1.0 and have a generic But even if we have it configurable the question is what should be the default and if we should make it configurable on a per-invocation basis. Unfortunately currently bazel only allows that via env vars for repository rules. So we could check for a |
This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs in two weeks. Collaborators can add a "cleanup" or "need: discussion" label to keep it open indefinitely. Thanks for your contributions to rules_nodejs! |
This can be done through passing |
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes bazel-contrib#941
To be more hermetic with the install of the dependencies use the frozen lockfile flag to install the exact version from the `yarn.lock` file. To update a dependency use the vendored yarn binary with `bazel run @nodejs//:yarn upgrade <dep-name>`. Fixes #941
#2327 fixed it |
🚀 feature request
Relevant Rules
yarn_install
,npm_install
Description
In the interest of build reproduciblity, if the lockfile is wrong or incomplete then the build should fail. Running in these frozen modes is often faster as well.
Describe the solution you'd like
yarn_install
should useyarn install --frozen-lockfile
npm_install
should usenpm ci
instead ofnpm install
This is of course assuming that the relevant tools are new enough to support those arguments.
npm
added theci
option in 5.7.1. The first node release to ship with npm>5.5.1 was 8.12.0, which could be an issue for versions 8.11.1 or 8.9.1. which are still supported by the rules.yarn
has had the--frozen-lockfile
parameter since v0.19.0 - much older than any of the supported versions.Describe alternatives you've considered
Make it optional? Doesn't seem like a good idea, though.
The text was updated successfully, but these errors were encountered: