Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-110313

Replace yarn's --frozen-lockfile with separate check

    Details

      Description

      Noticed will looking at:

      https://github.com/brianchandotcom/liferay-portal/pull/86213/files

      That it included updates to the yarn.lock which should have gone in previously in:

      https://github.com/brianchandotcom/liferay-portal/pull/86095

      To prevent this kind of unintended omissioin, we pass --frozen-lockfile to Yarn as a result of this:

      https://github.com/liferay/liferay-portal/blob/9876741a5f9507f609fd1d57003b2cb3d84e4283/modules/sdk/gradle-plugins/src/main/java/com/liferay/gradle/plugins/LiferayYarnPlugin.java#L248

      But --frozen-lockfile does not do what the docs say it does (ie. "fail if an update is needed"):

      https://classic.yarnpkg.com/en/docs/cli/install#toc-yarn-install-frozen-lockfile

      In a workspace environment, changes to projects which would require an update to the lockfile do not trigger an error due to the bug described here:

      https://github.com/yarnpkg/yarn/issues/5840

      There is a fix for it:

      https://github.com/yarnpkg/yarn/pull/6554

      But the issue is nearly two years old and the PR is almost as old. Maintainer replies here:

      https://github.com/yarnpkg/yarn/pull/6554#issuecomment-532667774

      that:

      "The change appears sound, but we're currently working on the v2 (scheduled before the end of the year) and I'm somewhat worried about introducing subtle bugs right before releasing the next major (the way I see it, the current v1 is, despite its shortcomings, relatively stable)."

      As such, I think we'd best not hold our breath waiting for a fix and should instead implement a separate check like suggested here:

      https://github.com/yarnpkg/yarn/issues/5840#issuecomment-467516207

      or here:

      https://github.com/yarnpkg/yarn/issues/5840#issuecomment-468782288

      (in short, a "git-diff" invocation to check for changes after installing).

       

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            greg.hurrell Greg Hurrell (Inactive)
            Recent user:
            Greg Hurrell (Inactive)
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:

                Packages

                Version Package