Skip to content

Check in lockfiles #1829

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dyladan merged 9 commits into from
Jan 28, 2021
Merged

Check in lockfiles #1829

dyladan merged 9 commits into from
Jan 28, 2021

Conversation

@dyladan
Copy link
Member

@dyladan dyladan commented Jan 15, 2021
edited
Loading

Creating this draft as a test to see how much faster CI would be with lock files checked in

answer: much much faster. CI is faster using lockfiles than when there is a cache hit

I am creating this PR as a point of discussion. Looking for input from @open-telemetry/javascript-approvers. Do you think we should check in lockfiles?

There is a good summary of the tradeoffs here: https://classic.yarnpkg.com/blog/2016/11/24/lockfiles-for-all/. It is about yarn, but applies to npm as well.

Discussion here: #1830

@codecov
Copy link

codecov bot commented Jan 15, 2021
edited
Loading

Codecov Report

Merging #1829 (76fc976) into main (d54c5c8) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1829   +/-   ##
=======================================
  Coverage   92.35%   92.35%           
=======================================
  Files         157      157           
  Lines        5104     5104           
  Branches     1085     1085           
=======================================
  Hits         4714     4714           
  Misses        390      390

@vmarchaud

This comment has been minimized.

Sign in to view
@dyladan

This comment has been minimized.

Sign in to view
Base automatically changed from master to main January 25, 2021 19:26
@obecny
Copy link
Member

obecny commented Jan 27, 2021

I think we should proceed with this further then.

@dyladan
Copy link
Member Author

dyladan commented Jan 27, 2021

ok

@dyladan dyladan marked this pull request as ready for review January 27, 2021 20:20
vmarchaud
vmarchaud approved these changes Jan 27, 2021
View reviewed changes
Copy link
Member

@vmarchaud vmarchaud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@dyladan
Copy link
Member Author

dyladan commented Jan 27, 2021

Seems like all maintainers are on board. Marked as ready for reviews and will leave for a day or so to ensure nobody has any complaints before merging.

@Flarna
Copy link
Member

Flarna commented Jan 27, 2021

Are the PRs from renovate-bot taking care of updating lock files also?

I miss also some hints for devs what they shall do if they add/remove/modify a dependency. I use lock files in some projects where I usually deleted lock file + node_modules folder and then run npm install. But here we have lerna so not sure if this works as intended regarding the linked lerna subprojects.

Finally I think https://github.com/open-telemetry/opentelemetry-js/blob/main/CONTRIBUTING.md#install-dependencies should be changed to npm ci.

Flarna
Flarna reviewed Jan 27, 2021
View reviewed changes
backwards-compatability/node10/package-lock.json Outdated
@@ -0,0 +1,20 @@
{
"name": "backcompat-node10",
"version": "0.14.0",
Copy link
Member

@Flarna Flarna Jan 27, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like they need a refresh

@dyladan
Copy link
Member Author

dyladan commented Jan 27, 2021

Are the PRs from renovate-bot taking care of updating lock files also?

Yes. Per renovate docs https://docs.renovatebot.com/faq/

I miss also some hints for devs what they shall do if they add/remove/modify a dependency. I use lock files in some projects where I usually deleted lock file + node_modules folder and then run npm install. But here we have lerna so not sure if this works as intended regarding the linked lerna subprojects.

It works the same way, but the lock file is regenerated and possibly different. Dependencies cross-linked by lerna are omitted entirely from the package-lock. When lerna bootstrap is run, the package.json files are copied to a backup location and temporary ones are put in place which only contain external dependencies. Then npm install is run. Then symlinks are created between lerna dependencies. Then the original package.json files are moved back.

Finally I think https://github.com/open-telemetry/opentelemetry-js/blob/main/CONTRIBUTING.md#install-dependencies should be changed to npm ci.

It would be lerna bootstrap --ci, but only if you wanted to get the locked version of the dependencies for some reason. A bootstrap will work just as well locally and the lock file will be updated if it needs to be.

Flarna
Flarna reviewed Jan 28, 2021
View reviewed changes
packages/opentelemetry-plugin-fetch/package-lock.json Outdated
@@ -0,0 +1,9205 @@
{
Copy link
Member

@Flarna Flarna Jan 28, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

opentelemetry-plugin-fetch has been removed so we should not add a lockfile

@dyladan dyladan merged commit de8c2be into open-telemetry:main Jan 28, 2021
@dyladan dyladan deleted the package-lock branch January 28, 2021 19:59
@dyladan dyladan mentioned this pull request Feb 2, 2021
Merged
dyladan added a commit to dyladan/opentelemetry-js that referenced this pull request Sep 9, 2022
@dyladan
Check in lockfiles (open-telemetry#1829)
144c64e
dyladan added a commit to dyladan/opentelemetry-js that referenced this pull request Sep 9, 2022
@dyladan
Check in lockfiles (open-telemetry#1829)
a5b4bf7
pichlermarc pushed a commit to dynatrace-oss-contrib/opentelemetry-js that referenced this pull request Dec 15, 2023
@dyladan @opentelemetrybot
chore: release main (open-telemetry#1829)
c7e7000 
* chore: release main

* chore: sync package-lock.json

---------

Co-authored-by: opentelemetrybot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johnbley johnbley Awaiting requested review from johnbley

@legendecas legendecas Awaiting requested review from legendecas

@markwolff markwolff Awaiting requested review from markwolff

@mayurkale22 mayurkale22 Awaiting requested review from mayurkale22

@mwear mwear Awaiting requested review from mwear

@naseemkullah naseemkullah Awaiting requested review from naseemkullah

@OlivierAlbertini OlivierAlbertini Awaiting requested review from OlivierAlbertini

4 more reviewers

@obecny obecny obecny approved these changes

@vmarchaud vmarchaud vmarchaud approved these changes

@Flarna Flarna Flarna approved these changes

@MSNev MSNev MSNev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dyladan @vmarchaud @obecny @Flarna @MSNev