Support Yarn Zero Installs

[Kurt-von-Laven]

Describe Request:

Support for Yarn v2 (a.k.a., berry) was recently introduced to the install-packages command. Yarn v2 introduces a great new feature called zero installs that allows dependencies to be cached in version control. As this is the recommended manner of using yarn, it would be ideal if the orb supported it. The presence of .yarn/cache/ and/or .pnp.cj before yarn install is run implies use of zero installs.

Considerations:

• yarn install should be passed --immutable-cache in addition to --immutable since the cache is tracked in version control. This will correctly start failing builds in which the package.json does not match the contents of .yarn/cache/ or .pnp.cj.
• Dependencies should not be cached using save_cache since this will reduce performance in return for nothing.
• For added security, yarn install should be passed --check-cache, but only if a cache keyed off yarn.lock misses.
• Partial cache restoration should not be used in conjunction with zero installs.
• A parameter could be added to support only using --check-cache on forked builds (e.g., by inspecting CIRCLE_PR_REPONAME).
• Thought should be given to how this feature interacts with the cache-path parameter based on the outcome of Yarn install does not use the cache-path parameter #61.

Workarounds:

For others using zero installs, I suggest replacing the install-packages command with the following until zero installs is supported:

- restore_cache:
    name: Restore cached lock file.
    key: v1-yarn-lock-file-{{ checksum "yarn.lock" }}
- run:
    name: Install dependencies, refetching if necessary for added security.
    command: |
      if diff --brief yarn.lock ~/.cache/yarn.lock 2> /dev/null
      then
        yarn install --immutable --immutable-cache
      else
        # See https://yarnpkg.com/features/zero-installs#does-it-have-security-implications
        yarn install --immutable --immutable-cache --check-cache
        mkdir --parents ~/.cache
        ln yarn.lock ~/.cache/yarn.lock
      fi
- save_cache:
    name: Cache lock file.
    key: v1-yarn-lock-file-{{ checksum "yarn.lock" }}
    paths:
      - ~/.cache/yarn.lock

If your yarn.lock is big, or you are extremely concerned with performance, you could replace the diff with a test for the presence of an empty file that you cache instead of yarn.lock. If you are unconcerned with the possibility of the cache being tampered with, then you could alternatively pass an override-ci-command of yarn install --immutable --immutable-cache and with-cache of false.

[Jaryt]

Hi @Kurt-von-Laven ! Thanks for the great feature-request. I am currently working on implementing this. The example for how this will look:

        - checkout
        - node/install-packages:
            pkg-manager: yarn-berry
            with-cache: false
            check-cache: always # Set this to always or detect you are accepting PRs and want the extra security
        - run:
            name: Run YARN tests
            command: yarn run test

We'll also be handling the lock file caching automatically in the technique you've provided. Thanks again, this was very helpful! 🙏