gradle-node-plugin icon indicating copy to clipboard operation
gradle-node-plugin copied to clipboard

Published 20 hours ago verified publisher icon srs

is there a reason why npmInstall requires a package-lock.json file

Open cstmgl opened this issue 5 years ago • 12 comments

I had a working build that now is failing because on npmInstall it always fails because the package-lock.json is not available. my expectation is that the package-lock.json file is generated from the npm install.

If I ran it manually the package-lock.json file gets created but if I execute it over gradle npmInstall it does not.

so my question is why this is happening? something i'm missing?

* What went wrong:
A problem was found with the configuration of task ':npmInstall'.
> File 'package-lock.json' specified for property '$2' does not exist.

edit: later on I used npm_install instead of npmInstall and it did not require the package-lock.json file... I thought both commands did the same

cstmgl avatar Mar 29 '19 02:03 cstmgl

We actually do have the package-lock.json checked in, but the CI build unpredictably modifies it during npm install. That invalidates the cache on the second run.

My expectation would be, that npmInstall only depends on package.json.

g3force avatar Apr 02 '19 11:04 g3force

@g3force

We actually do have the package-lock.json checked in, but the CI build unpredictably modifies it during npm install. That invalidates the cache on the second run.

You probably want to be using npm ci instead of npm install. There's a request to support it in this plugin here: https://github.com/srs/gradle-node-plugin/issues/307. As a workaround, in your build you could manually run npm ci and exclude npmInstall from other tasks.

My expectation would be, that npmInstall only depends on package.json.

I don't think this can be the case; a change in the lock file should absolutely lead to a change in the packages that are installed in node_modules.

rafeememon avatar Apr 02 '19 15:04 rafeememon

npm ci removes the node_modules completely. That is not, what I want in an incremental build. In our build-pipeline, I always do a clean build which removes the node_modules folder anyway. But for local development, I do not want to have all the NPM stuff be executed, if I haven't touched any UI code.

I don't think this can be the case; a change in the lock file should absolutely lead to a change in the packages that are installed in node_modules.

From my point of view, the package-lock.json file is a generated file that is not manually touched by a user. Unless I have added new dependencies to package.json or changed versions, I do not want gradle to run npm install again. Of course you are right, that changes in the package-lock.json could potentially change the node-modules folder again. Ideally, I'd prefer that npm install would not touch the package-lock.json at all...

g3force avatar Apr 03 '19 12:04 g3force

npm ci removes the node_modules completely. That is not, what I want in an incremental build. In our build-pipeline, I always do a clean build which removes the node_modules folder anyway. But for local development, I do not want to have all the NPM stuff be executed, if I haven't touched any UI code.

Correct, you would run ci in your build pipeline, and install during local development.

From my point of view, the package-lock.json file is a generated file that is not manually touched by a user. ...

The mechanism by which it is modified doesn't matter: the lock file is vital for determining the layout of node_modules during npm install (and npm ci) and must be an input to the task. Again, I think you want to be using ci in your build pipeline to avoid unpredictable modifications to your lock file.

rafeememon avatar Apr 03 '19 14:04 rafeememon

The build pipeline is quite irrelevant here, because as I said, I do a clean build anyway.

But I do not want the developers to execute npm install on each build. Especially, when they are just working on the backend, not on the UI.

g3force avatar Apr 03 '19 14:04 g3force

The task will be checked, but not run, if package.json, package-lock.json, and node_modules haven't changed.

The build pipeline should be relevant -- if you're getting unpredictable lock file modifications on clean builds, you don't have reproducible builds!

rafeememon avatar Apr 03 '19 14:04 rafeememon

yeah, you are right. I investigated the modifications further and now I do not have modifications in this file anymore. This will hopefully keep like this...

g3force avatar Apr 04 '19 16:04 g3force

I had a same issue. And I figured out 1.3 version generates this error. Versioned down to 1.2.0 and working well. (gradle-node-plugin:1.2.0) Hope this bug will be fixed soon!

mashhur avatar Apr 17 '19 06:04 mashhur

please fix that annoying issue I don't wanna keep package-lock.json in my repo

daggerok avatar Jun 27 '19 23:06 daggerok

can anyone explain what purpose of failing npmInstall task without package-lock.json file? npm doesn't have such behaviour, so it's plugin bug, not expected behaviour

daggerok avatar Jul 06 '19 17:07 daggerok

I was experiencing the same issue and have temporarily resolved it by downgrading the plugin version to 1.2.0 as suggested by @mashhur.

jmcdl avatar Jul 30 '19 18:07 jmcdl

The reason you're seeing this is because of https://github.com/srs/gradle-node-plugin/issues/336

The inputs are declared twice and the first part is not marked as optional, we've fixed this in the fork https://github.com/node-gradle/gradle-node-plugin

deepy avatar Aug 01 '19 09:08 deepy