New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create npm-shrinkwrap.json, use 'npm ci' in build - Closes #2656 #2662
Conversation
@MaciejBaj we're still using |
@MaciejBaj it's worth a try |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fchavant @MaciejBaj shall we somehow mention this in the Readme ?
@diego-G we should, but we still need a solution for pm2 and commander |
bfbad26
to
d69980d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PM2 is now installed as dependency. Shall we then remove this instruction? https://github.com/LiskHQ/lisk/blob/d69980d74bd60b9c203321d89f28c7b4a5fa37b6/README.md#pm2-recommended
Removed instructions to install pm2 separately from the README.
@diego-G good catch 👍 |
@fchavant please revert the commit and forget my comment. For usability, it's better to keep it otherwise we need to offer npm scripts to use the |
This reverts commit 120b315.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fchavant I've noticed npm ci
doesn't check the existing engines from package.json
. This allows to install with a Node version we don't support.
I'm not sure either to use it regularly for development where you don't need to build every time. I would leave npm i
in the Readme otherwise we need to find a solution to respect the engines.
@diego-G |
@@ -279,7 +279,7 @@ Clone the Lisk Core repository using Git and initialize the modules. | |||
git clone https://github.com/LiskHQ/lisk.git | |||
cd lisk | |||
git checkout master | |||
npm install | |||
npm ci |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Due to the explanation from the comment #2662 (comment) , we should have npm install
here and clarify that npm ci
is meant to be used when we are building the app not when installing. We must mention the finding in a comment to prevent users from bumping into the same issue:
npm ci
doesn't apply the restrictionsengines
set in thepackage.json
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems we have to choose between having the right packages (from package-json.lock
) or enforcing the engines
; it is unfortunate we cannot have both.
I would argue it is easier to document which version of npm to use (and to follow that instruction) that to ensure the right packages are installed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
npm ci
in the manual might look a bit odd, but it serves the purpose of having the exact same code including the one in dependencies across all of the same Lisk Core versions running from Sources, Binaries and Docker. I found this article convincing.
There is a high probability that the npm ci
would fail for other versions of Node.js due to the engine
settings in package.json of other dependencies anyway (even if Lisk Elements or Lisk Commander).
What was the problem?
npm install
was being used for builds meaning dependencies of dependencies could change between builds.How did I fix it?
Use
npm ci
instead.How to test it?
Run build; ensure node_modules tree is reproducible (and matches locked packages)
Review checklist