-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] package-lock.yml changes sha1-hash value after running dbt deps post package installation #10913
Comments
Thanks for reporting this @simadma 👍 I was able to reproduce this issue following the instructions you provided. When I looked at the value of
I didn't investigate further of why Could you share more about the effect the changing hash is having for your workflows? |
Sure! Thank you for looking into this @dbeatty10. Our team uses ephemeral workspaces that run the following commands at startup to ensure all dependencies are in sync with the lock files in our repositories: poetry install
cd dbt && dbt deps However, we noticed that the The issue arises because we were only executing: dbt deps --add-package <package-name>@<version> before committing the new However, I feel that running the extra |
Thanks for that additional information @simadma. I'm glad you found a workaround by adding This is probably right on the edge of what we'd consider a bug or not.
Agreed that the original intent in #8408 appears to me that the SHA1 hash would remain consistent regardless if another This looks likely to be a low-priority for us due to several available workarounds and because generating a new lock file is still "safe" -- dbt will operate without failure and install the correct packages. Some workaroudsHere's a few separate workarounds:
|
Implementation ideas to resolve this issue
|
Is this a new bug in dbt-core?
Current Behavior
When adding a new package to dbt using:
the package-lock.yml gets updated with a new sha1. However, if one runs:
afterwards, the sha1 gets a new value.
Expected Behavior
When running:
afterwards, the sha1-hash should remain unchanged. The sha1-hash produced from running:
should be consistent and sufficient.
Steps To Reproduce
Step 1: Set up dbt-core
Step 2: Install dbt package
Step 3: Run dbt deps
Notice the new sha1_hash.
Relevant log output
No response
Environment
Which database adapter are you using with dbt?
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: