Use handlebars from node_modules (on CI) #17340
Conversation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
/backport to stable17 |
|
/backport to stable16 |
| image: node | ||
| commands: | ||
| - npm install handlebars -g | ||
| - npm i |
There was a problem hiding this comment.
npm i will install the latest handlebars version in the range ^4.2.1.
npm ci would install the exact version from package-lock.json.
Fake news 🙈
Just as information. I was running into troubles with npm i on ci in the past.
There was a problem hiding this comment.
Where's that documented? Can't find the info at https://docs.npmjs.com/cli/ci.
There was a problem hiding this comment.
the ^ version range is a problem in general. If you add a new dependency with npm i -S xxx to Nextcloud npm will update the package-lock.json with a newer version of handlebars. Not quite what we want.
This also caused issues in the past (@juliushaertl 👀)
There was a problem hiding this comment.
@kesselb doesn't npm ci only make sure to clean the node_modules folder?
There was a problem hiding this comment.
This command is similar to npm-install, except it’s meant to be used in automated environments such as test platforms, continuous integration, and deployment – or any situation where you want to make sure you’re doing a clean install of your dependencies. It can be significantly faster than a regular npm install by skipping certain user-oriented features. It is also more strict than a regular install, which can help catch errors or inconsistencies caused by the incrementally-installed local environments of most npm users.
In short, the main differences between using npm install and npm ci are:
- The project must have an existing package-lock.json or npm-shrinkwrap.json.
- If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
- npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.
- If a node_modules is already present, it will be automatically removed before npm ci begins its install.
- It will never write to package.json or any of the package-locks: installs are essentially frozen.
Oh!
There was a problem hiding this comment.
We should actually use this in our makefiles too see_no_evil
If you prefer slower installs, sure, go ahead 😉
Also, you won't see the security alerts as I just tested.
There was a problem hiding this comment.
Where's that documented? Can't find the info at https://docs.npmjs.com/cli/ci.
Fair question.
- https://stackoverflow.com/questions/52499617/what-is-the-difference-between-npm-install-and-npm-ci
- https://medium.com/better-programming/npm-ci-vs-npm-install-which-should-you-use-in-your-node-js-projects-51e07cb71e26
npm i will install the latest handlebars version in the range ^4.2.1
I'm not 100% sure. We had less issues with conflicting package-lock.json or failing builds after we switched to npm ci (also locally). I haven't compared my node_modules folder with others in depth 🙈 A positive side effect of npm ci is that package-lock.json is not modified.
There was a problem hiding this comment.
unless you specify a package, npm i seems to install the version written on package.json/lock :)
There was a problem hiding this comment.
npm i seems to install the version written on package.json/lock
Which also is the sole purpose of the lock file, right? :)
|
The backport to stable17 failed. Please do this backport manually. |
|
The backport to stable16 failed. Please do this backport manually. |
No description provided.