ci: Commit package-lock.json for CI stability (#3938)

This is recommended by npm to allow CI to get stable results when installing dependencies.
shaka-project · Feb 10, 2022 · 746d253 · 746d253
1 parent 1b12910
commit 746d253
Show file tree

Hide file tree

Showing 5 changed files with 18,745 additions and 6 deletions.
diff --git a/.github/workflows/test_update_issues.yaml b/.github/workflows/test_update_issues.yaml
@@ -24,5 +24,5 @@ jobs:
       - name: Test
         run: |
           cd .github/workflows/tools/update-issues
-          npm install
+          npm ci
           npm test
diff --git a/.github/workflows/update_issues.yaml b/.github/workflows/update_issues.yaml
@@ -22,5 +22,5 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           cd .github/workflows/tools/update-issues
-          npm install
+          npm ci
           node main.js
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,6 @@
 *.pyc
 *~
 node_modules
-package-lock.json
 dist/
 docs/api/
 coverage/

diff --git a/build/shakaBuildHelpers.py b/build/shakaBuildHelpers.py
@@ -350,9 +350,9 @@ def update_node_modules():
   # Actually change directories instead of using npm --prefix.
   # See npm/npm#17027 and google/shaka-player#776 for more details.
   with InDir(base):
-    # npm update seems to be the wrong thing in npm v5, so use install.
-    # See google/shaka-player#854 for more details.
-    execute_get_output(['npm', 'install'])
+    # npm ci uses package-lock.json to get a stable, reproducible set of
+    # packages installed.
+    execute_get_output(['npm', 'ci'])
 
   # Update the timestamp of the file that tracks when we last updated.
   open(_node_modules_last_update_path(), 'wb').close()