-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feat]: Align the dependencies for binary and NPM artifact releases #4927
Comments
Some very quick digging around this so far: A common way to solve this is the There are tools that allow to translate that file from a Now this is where it gets messy... Yarn doesn't honor at all the Here's some literature/discussion on this:
This could work with a change of docs in https://coder.com/docs/code-server/latest/npm#installing to encourage using |
Good to know! Thanks for the literature/discussion. @code-asher do you know if there's any reason we've previously suggested using One pro would be that it's one less dependency the end user needs to install since |
I don't know if this would be covered by this issue or should be a separate but @code-asher and I were talking about having a npm workflow that runs each night to check that the npm release works as expected. Maybe something like:
|
These links are very helpful, thanks! I vaguely recall issues installing code-server with So with that said, I think using the shrinkwrap file and encouraging npm (and even discouraging yarn plus the warning) is a great idea. I would also be down to pin all the versions in the |
Ah whoops I had not yet read your comment on #4918 about release size increasing with the |
Awesome, was waiting for a sanity check on the approach. Will send a PR to generate a shrinkwrap file + updating the documentation to warn against yarn sometime this week. |
Ok, ended up being a bit later than that week (holidays were needed 😂) but sent a proposal to brainstorm/discuss what can be done. Happy to re-think the approach, but at least gets the discussion going. |
Heck yeah! Thank you so much for following up and doing this! We really really appreciate it. |
This issue is to continue the discussion from #4918 regarding the different release methods of code-server, and how NPM artifacts work.
What is your suggestion?
Why do you want this feature?
Right now, there's inconsistency on what dependencies might get used for the binaries generated (because they get generated after installing and building the package - which is an action that does respect the
yarn.lock
file) and the NPM artifacts (because the lockfiles are not published, nor the lockfiles for dependencies gets respected even if published).This causes problems of dependency drifts like what was seen in #4900 - where releases might use different versions or worse, something working on release stops working because of newer versions being published.
Are there any workarounds to get this functionality today?
Not for the end-user. Specific versions can be pinned under the
package.json
file in this repo, but not something controlled by the end-user.Are you interested in submitting a PR for this?
Yes
The text was updated successfully, but these errors were encountered: