Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide reproducible installation method #234

Closed
njam opened this issue Jan 31, 2019 · 6 comments
Closed

Provide reproducible installation method #234

njam opened this issue Jan 31, 2019 · 6 comments
Assignees
@bcomnes

Comments

@njam
Copy link

njam commented Jan 31, 2019

The current installation procedure is:

npm install netlify-cli -g

This command will install the latest version of netlify-cli and the latest compatible versions of all dependencies. At the moment there are 293 NPM packages installed when installing this tool.

There's a high chance that at any given moment there's a problem/bug with one of those modules, and thus netlify-cli will fail. For using this tool in CI that's a big problem.

It would be nice if you would provide an official way to install this tool in a reproducible manner.
For example provide an official docker image? wdyt?
@njam njam changed the title Provide reproducable installation method Provide reproducible installation method Jan 31, 2019
@bcomnes
Copy link
Contributor

bcomnes commented Jan 31, 2019
edited

There is supposed to be a package-lock.json in the published module, however now that I am looking it looks like it isn't getting published with the module. It is my understanding that publishing with that file provides a deterministic install strategy for all dependencies. I'll get that added in today. I'll close this issue once I get that out.

The backstory to this issue: oclif originally used a shrinkwrap file for deterministic installs, but switched over to package-lock.json files at some point. This repo was migrated from shrinkwrap to lock files at some point but it looks like the files field in the package.json was overlooked. Thanks for bringing it to my attention!

While npm install -g is convenient for most of the web dev crowd, I agree offering additional avenues to install the tool via conventional system package managers and/or a docker image would also be nice for those not interested in wading into the npm ecosystem. Utilizing some kind of bundling strategy or pkg or something would like be involved in this process. I would personally like to see this explored as the tool matures and expands more this year. I'll open a new issue with my ideas and link from here if you are interested in following along.

@bcomnes
Copy link
Contributor

bcomnes commented Jan 31, 2019

My mistake, lock files aren't published. Ill add the shrinkwrap step back to the build.

@njam
Copy link
Author

njam commented Jan 31, 2019

I don't know much about shrinkwrap and package-lock for published NPM packages.
But agree, if there's a way to have specific set of dependencies installed for a specific version of this tool, then that's a good solution!

@bcomnes
Copy link
Contributor

bcomnes commented Jan 31, 2019

For anyone curious:

bcomnes added a commit that referenced this issue Jan 31, 2019
@bcomnes
Publish with a shrink-wrap file again
d37fe3c 
Closes #234
@bcomnes bcomnes mentioned this issue Jan 31, 2019
Merged
@bcomnes
Copy link
Contributor

bcomnes commented Jan 31, 2019

This should be complete now.

@njam
Copy link
Author

njam commented Feb 1, 2019

Nice, thanks!

@bcomnes bcomnes self-assigned this Feb 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bcomnes bcomnes

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bcomnes @njam