Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add script to update package-level package-lock.json #2583

Merged
merged 1 commit into from Mar 13, 2019
Merged

chore: add script to update package-level package-lock.json #2583

merged 1 commit into from Mar 13, 2019

Conversation

raymondfeng
Copy link
Contributor

@raymondfeng raymondfeng commented Mar 13, 2019
edited

This PR adds a npm script to update package-level package-lock.json files as lerna bootstrap does not do so. See lerna/lerna#1415 (comment) for more details.

Checklist

馃憠 Read and sign the CLA (Contributor License Agreement) 馃憟

  • npm test passes on your machine
  • New tests added or existing tests modified to cover all changes
  • Code conforms with the style guide
  • API Documentation in code was updated
  • Documentation in /docs/site was updated
  • Affected artifact templates in packages/cli were updated
  • Affected example projects in examples/* were updated

b-admike
b-admike reviewed Mar 13, 2019
View reviewed changes
package.json
"update-template-deps": "node bin/update-template-deps -f",
"update-greenkeeper-json": "node bin/update-greenkeeper-json -f",
"sync-dev-deps": "node bin/sync-dev-deps",
"version": "npm run update-template-deps && npm run apidocs",
"version": "npm run update-package-lock-json && npm run update-template-deps && npm run apidocs",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does running update-template-deps before or after update-package-lock-json make any difference to the package-lock.json files that are updated?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really. But updating package-lock.json files has more chances to fail than update-template-deps.

package.json Outdated Show resolved Hide resolved
b-admike
b-admike approved these changes Mar 13, 2019
View reviewed changes
Copy link
Contributor

@b-admike b-admike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 馃憤

@raymondfeng raymondfeng merged commit 05afcc6 into master Mar 13, 2019
@raymondfeng raymondfeng deleted the update-package-lock-json branch March 13, 2019 20:12
bajtos
bajtos reviewed Mar 15, 2019
View reviewed changes
benchmark/package-lock.json
"path-key": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz",
"integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is not right. Package lock should not list local dependencies that are linked within monorepo.

In the current setup, npm i (lerna bootstrap) installs monorepo-local packages from the npm registry and replaces any links created by lerna.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the record, npm i does not update package-lock.json for me even after I added new dependencies to a package.json. That's what led me to discover the issue and put a workaround.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that lerna clean && lerna bootstrap --no-ci does update package-lock.json for all leaf packages. I'll open a PR to use it.

@bajtos
Copy link
Member

bajtos commented Mar 15, 2019

@raymondfeng I feel this change is very likely going in a wrong direction. Why is it necessary to update package-lock files when we are making new releases? The lock files are not supposed to contain entries for dependencies resolved via symlinks by lerna.

I am fixing the immediate problem in #2593.

I think we should also revert the changes made in package.json by this pull request. Thoughts?

@raymondfeng
Copy link
Contributor Author

I feel this change is very likely going in a wrong direction. Why is it necessary to update package-lock files when we are making new releases? The lock files are not supposed to contain entries for dependencies resolved via symlinks by lerna.

I wanted to make sure package-lock.json files are up-to-date respecting package.json. For example, if I add a new dependency to packages/rest/package.json, npm i at loopback-next level does not automatically update package-lock.json and it fails CI as CI uses npm ci and the new dep will be missing.

@raymondfeng raymondfeng mentioned this pull request Mar 15, 2019
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bajtos bajtos bajtos left review comments

@b-admike b-admike b-admike approved these changes

@nabdelgadir nabdelgadir nabdelgadir approved these changes

@hacksparrow hacksparrow Awaiting requested review from hacksparrow

@jannyHou jannyHou Awaiting requested review from jannyHou

@marioestradarosa marioestradarosa Awaiting requested review from marioestradarosa marioestradarosa is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@raymondfeng @bajtos @b-admike @nabdelgadir