nodetube icon indicating copy to clipboard operation
nodetube copied to clipboard

Published 20 hours ago verified publisher icon mayeaux

Use npm ci to install from package-lock.json

Open sabberworm opened this issue 4 years ago • 8 comments

For a more reproducible docker image.

sabberworm avatar Apr 25 '20 21:04 sabberworm

I don't personally use the Docker config stuff it's up to @chovy , what do you think of this PR?

mayeaux avatar Apr 26 '20 01:04 mayeaux

This is more about npm than it is about docker. NPM 6 introduced reproducible installs using npm ci, which installs from package-lock.json. Installing using npm i[nstall], in contrast, installs from package.json, which, depending on how versions are specified, may yield in versions being installed that differ from the ones last committed to git.

sabberworm avatar Apr 26 '20 09:04 sabberworm

I got a notification from Travis CI that the build failed:

4.35s$ npm ci 

npm WARN prepare removing existing node_modules/ before installation

npm ERR! nice-try not accessible from get-audio-duration:cross-spawn

npm ERR! A complete log of this run can be found in:

npm ERR!     /home/travis/.npm/_logs/2020-04-25T21_21_30_459Z-debug.log

The command "eval npm ci  " failed. Retrying, 2 of 3.

npm WARN prepare removing existing node_modules/ before installation

npm ERR! nice-try not accessible from get-audio-duration:cross-spawn

npm ERR! A complete log of this run can be found in:

npm ERR!     /home/travis/.npm/_logs/2020-04-25T21_21_31_908Z-debug.log

The command "eval npm ci  " failed. Retrying, 3 of 3.

npm WARN prepare removing existing node_modules/ before installation

npm ERR! nice-try not accessible from get-audio-duration:cross-spawn

npm ERR! A complete log of this run can be found in:

npm ERR!     /home/travis/.npm/_logs/2020-04-25T21_21_33_365Z-debug.log

Apparently the committed package-lock.json doesn’t work so I took the liberty of creating a new one and committing that.

sabberworm avatar Apr 26 '20 09:04 sabberworm

Now that part of the build works but it fails at eslint, see https://travis-ci.com/github/sabberworm/nodetube/jobs/323466818. I’m pretty sure that has nothing to do with my change, however…

sabberworm avatar Apr 26 '20 09:04 sabberworm

Awesome I hadn't even been aware of that. I will check out this branch and install using the ci command and then if it works as I expect it will I can merge this, thanks for the PR!

mayeaux avatar Apr 26 '20 17:04 mayeaux

Also, how do we keep this package.lock file updated? Because it seems like the original one committed in this PR failed, did you have to do any special steps to have the new one created? Thanks!

mayeaux avatar Apr 27 '20 15:04 mayeaux

Whenever you install something via npm, the lockfile should automatically be updated.

sabberworm avatar Apr 28 '20 12:04 sabberworm

I don’t know why the previous lockfile was invalid. Could be the result of a merge where two branches changed something in package.json and git was able to merge the lockfile automatically but maybe did so the wrong way. Or some previous changes to the lockfile had not been committed after changing package.json. I use npm ci all the time and have never seen this problem before…

sabberworm avatar Apr 28 '20 12:04 sabberworm