Opened on 10/11/2017 at 09:55:33 PM
Closed on 10/12/2017 at 01:26:32 PM
#5856 closed change (fixed)
Remove the package-lock.json file from buildtools
Reported by: | tlucas | Assignee: | kzar |
---|---|---|---|
Priority: | P2 | Milestone: | |
Module: | Automation | Keywords: | |
Cc: | sebastian, trev, kzar | Blocked By: | |
Blocking: | #5535 | Platform: | Unknown / Cross platform |
Ready: | yes | Confidential: | no |
Tester: | Unknown | Verified working: | no |
Review URL(s): |
Description (last modified by kzar)
Background
npm install generates a package-lock.json, which was originally supposed the guarantee an equal environment wherever npm install was run. Unfortunately, it seems like (confirmed by Sebastian / Tristan) an upgrade of npm itself could result in a reordering of the package-lock.json, which causes hg update (called by ensure_depdencies.py) to fail due to local modification.
What to change
Remove package-lock.json from the buildtools repository.- Pass the --no-package-lock argument when calling npm install to avoid it being regenerated.
Note: We deliberately avoid ignoring the file, since if the user inadvertently creates one (e.g. runs npm install) it should be explicit.
Attachments (0)
Change History (10)
comment:2 Changed on 10/11/2017 at 11:09:56 PM by sebastian
Before I knew that the messed up order in package-lock.json was caused by a difference in the npm version, I went ahead fixing the order (for newer versions of npm). However, now I noticed that this might not have been the best idea, as the build server might still rely on the old npm version. Furthermore, I found another issue with the webpack integration in buildtools. So I backed out the whole change for now, see ticket:5535#comment:39.
This issue can probably be closed as a duplicate of #5535, now, where we can address this before landing the webpack integration again.
comment:3 Changed on 10/12/2017 at 12:10:03 AM by sebastian
- Resolution set to duplicate
- Status changed from new to closed
comment:4 Changed on 10/12/2017 at 11:00:38 AM by kzar
- Blocking 5535 added
- Description modified (diff)
- Owner set to kzar
- Priority changed from Unknown to P2
- Ready set
- Summary changed from Ignore package-lock.json when resolving Node.js dependencies to Remove the package-lock.json file from buildtools
Changing the way ensure_dependencies.py works relating to package-lock.json should IMO be a separate issues from switching packagerChrome.py over to use webpack. The file already existed in the repository after all. The fact that the package-lock.json file doesn't exist in the repoitory now is only because it was confusingly removed at the same time the webpack changes were reverted.
comment:5 Changed on 10/12/2017 at 11:00:58 AM by kzar
- Resolution duplicate deleted
- Status changed from closed to reopened
comment:7 Changed on 10/12/2017 at 11:51:33 AM by kzar
- Review URL(s) modified (diff)
- Status changed from reopened to reviewing
comment:9 Changed on 10/12/2017 at 01:23:16 PM by abpbot
A commit referencing this issue has landed:
Issue 5856 - Pass --no-package-lock argument to npm install
comment:10 Changed on 10/12/2017 at 01:26:32 PM by kzar
- Resolution set to fixed
- Status changed from reviewing to closed
I have a hunch that trev and/or kzar wouldn't be happy with this change. But FWIW, I wasn't happy with adding package-lock.json to the repository in the first place, and given the mess it is causing now, I'd second removing it.