Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Figure out Wasp's package.lock.json story #559

Open
Martinsos opened this issue Apr 11, 2022 · 5 comments
Open

Figure out Wasp's package.lock.json story #559

Martinsos opened this issue Apr 11, 2022 · 5 comments
Labels
enhancement New feature or request

Comments

@Martinsos
Copy link
Member

We want to offer same guarantees as package.lock.json does, which is ensuring reproducible builds.

How do we do that with Wasp? Do we copy the package.lock.json files up from generated project files to the source? Or do we use some other abstraction on top of it? Should we use yarn instead od npm since it allegedly has better support (cross platform, fevent issues are avoided by yarn but unsolved by npm).

@sodic
Copy link
Contributor

sodic commented Jul 4, 2022

We could consider splitting Wasp into two folders:

  • .wasp/ - This one remains hidden and contains the build artifacts. Users to not include it in version control.
  • wasp-info (with a hopefully better name) - A visible directory containing all the persistent stuff (package-lock.json, migrations, and anything else we need in the future). Users would include this one in their version control.

I have a feeling we'll start encountering this problem more often as time goes by and we start integrating with more and more packages.

@Martinsos
Copy link
Member Author

Martinsos commented Jul 7, 2022 via email

@Martinsos
Copy link
Member Author

Related to #734 somewhat.

@Martinsos
Copy link
Member Author

Related issue, where the fact that we don't have package-lock.json for our server code (framework code, so generated by us) caused issues: #1724 .

@Martinsos
Copy link
Member Author

Martinsos commented Mar 21, 2024

Btw, one thing is storing package-lock files, but we actually also have to be able to use them! This is normally done with npm ci instead of npm install, but this is not as straightforward in Wasp.

So, if I want to run my Wasp in CI, and I want to install deps from package-lock.json, but not only the top level one (client code), but also based on package-lock.json's of framework code (web-app and server), how can I do that? What should probably happen is that npm install's that Wasp is running for us in the background should be replaced with npm ci's instead, in such situation. But we don't have a command for that at the moment. So we should likely have something like wasp start --ci or maybe CI=true wasp start or something similar. Might also be important for some other commands than just wasp start, if they are also running npm install, which is why probably having wasp checking for a CI env var is the best option, as we can have that info used easily in whatever piece of waspc code we need and modify behaviour based on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants