New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make-dedicated-lockfile doesn't recognize workspaces packages, tries to download from npm registry #3442
Comments
Linked via global store packages have same behavior: fail even if they are in global |
Has anyone found a workaround? |
Maybe we can do or implement a workaround using injected dependencies: https://pnpm.io/package_json#dependenciesmetainjected |
@zkochan is there an update on this issue? |
or @TeChn4K @rdsedmundo did you guys find a successful workaround? |
Having this same issue. Wondering if anybody has found a solution? |
Try to use the |
This new |
I don't understand how pnpm deploy is meant to replace make-dedicated-lockfile. I am building several docker images in a matrix in github actions. for each app I am only copying into the docker image the folder belonging to that app as well as folders belonging to its workspace production dependencies. I need to run pnpm i --prod inside the docker image during build, but since some apps have workspace Dev dependencies (which I am not copying), pnpm fails since it thinks it needs to get them from the npm registry (issue reported here). It doesn't fail, however, if I also copy into the image the lockfile. npm i --prod then works. However that lockfile is for the whole monorepo. I need a dedicated one so as to not interfere with docker layer caches. How does pnpm deploy help for my use case? |
I think the key here is I am doing application builds inside the docker image builds which are in turn done in parallel using a github actions matrix, as mentioned. I believe this is not compatible with the idea of pnpm deploy which I think wants you to first build your apps on your host, run pnpm deploy, then copy the result to a docker image. But this does not take into consideration that the host might have a different OS or cpu architecture. On the other hand, in the case of multi stage docker builds where you build the app and pnpm deploy in an initial stage, docker layer caches are affected. |
@rhyek I think Unfortunately, I also run into the issue with npm registry when using the
In our case, we build the typescript project before with When using without EDIT: I found #5078 which describes that workspace dependencies should be injected. However, this only works with the If you want to make Expand me/**
* @see https://github.com/pnpm/pnpm/blob/8e5b77ef61d7cab6ed914cbf1d4ef69acd4c8ad0/packages/types/src/misc.ts#L4
*/
const DEPENDENCIES_FIELDS = ["optionalDependencies", "dependencies", "devDependencies"];
const MAIN_PKG_SCOPE = "@your-scope";
module.exports = {
hooks: {
readPackage: (pkg) => {
/**
* Inject when using Deploy as it currently does only support the `workspace:` protocol:
*
* @see https://github.com/pnpm/pnpm/issues/3442#issuecomment-1228105319
* @see https://github.com/pnpm/pnpm/issues/3114#issuecomment-1192654437
* @see https://github.com/pnpm/pnpm/commit/107d01109adeee50a40b749d5bbe4bc3eb3bc068#diff-ae95f3a0ecedfd96f49ca26a073cc0d91e67c12ae49b97497ecad63134d877a8R7-R11
*/
if (process.env.PNPM_INJECT_WITHOUT_WORKSPACE_PROTOCOL) {
pkg.dependenciesMeta = pkg.dependenciesMeta || {};
for (const depField of DEPENDENCIES_FIELDS) {
for (const [depName] of Object.entries(pkg[depField] ?? {})) {
if (depName.startsWith(MAIN_PKG_SCOPE)) {
pkg[depField][depName] = "workspace:*";
// This does not work as expected, always receiving an "is not in the npm registry" error
/*pkg.dependenciesMeta[depName] = {
injected: true
};*/
}
}
}
}
return pkg;
}
}
}; Afterwards, run Unfortunately, EDIT 2: Figured out that only |
@matzeeable I don't see how this is helpful with multi-stage docker builds. As far as I've understood, we need to at least install all pnpm dependencies based on the toplevel lockfile first, and then continue on using |
I have created isolate-package which I think might be useful to you. It was quite a trip trying to figure this out isolating the PNPM lockfile. First I started with make-dedicated-lockfile but that was not the right path, and then tried multiple other approaches but eventually the solution was not that complicated. I will write about it in the docs at some point, but I have other priorities now, and I doubt anyone will be interested in the details :) NPM and Yarn v1 are also supported. For modern versions of Yarn I plan to make a fallback to generating NPM lockfiles. NPM has this built-in tool called Arborist and it does almost exactly what I wanted, but still required a little hack moving the node_modules from the root and back again. Anyway, I hope you find it useful. I needed it for Firebase deployments. I have created a monorepo boilerplate that showcases how it can be used in that context. |
pnpm version: 6.3.0
Code to reproduce the issue:
1- Create a workspace with packages A and B.
2- Import A in B (add it as a dependency).
2- Run
make-dedicated-lockfile
.Expected behavior:
Workspaces should be recognized and linked internally.
Actual behavior:
pnpm doesn't recognize the workspaces packages and tries to download them from npm.
Additional information:
node -v
prints: 14.16.1Related #2198
The text was updated successfully, but these errors were encountered: