After merging the PR, npm i is not a no-op on package-lock.json
#203
Comments
|
I would like to have this fixed. The issue has been also noticed by other users. Part of the problem is that I don't think that we should be simply calling Thankfully the lockfile is just a JSON so it should be easy~ to:
Ideally, we would like to avoid formatting changes while doing so. If I read things correctly then npm is using a simple util like this for writing JSONs back to disk: https://github.com/npm/cli/blob/9dc69830a5d78aa4042746d54e2a6b0d2af70caa/workspaces/libnpmversion/lib/write-json.js This means that if we only detect the input indentation and the new line type then we should be able to replicate their logic very easily. We could still end up with formatting changes IF people reformat those files on their own (for instance by using Prettier or any other formatter) but I think that this is a secondary concern. This one can be just delegated to a precommit hook. I would gladly accept a PR that would implement this 😉 |
|
This also breaks pnpm, if you use |
|
@cacieprins is there a pnpm command that would update the lockfile with just the updated versions and nothing else? I would like to avoid introducing unrelated changes to lockfiles when versioning. |
|
@Andarist no, unfortunately - running |
|
@zkochan are there any drawbacks to this approach? can the lockfile be accidentally updated in areas that shouldn't be affected? do you think that we should regenerate pnpm lockfile automatically when executing |
Known issue with changesets: changesets/action#203
* Update package-lock.json Known issue with changesets: changesets/action#203 * implement workaround and update RELEASING doc
|
Hi guys I didn't want to remove the I solved it by writing a seperate github action that checks if any 2 related packages (like p1 and p2) in the monorepo got updated, and if so, it runs an 'add' command @Andarist would you consider including such a solution in the changeset action? (of course for all package managers) |
|
@yishayweb would you consider sharing your github action so others can benefit from your hard work? 😊 |
|
We encountered this issue and did the following to resolve it by adding a Here's our full name: Release
on:
push:
branches:
- main
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 18.12.1 # optional
- name: Install Dependencies
run: npm ci
env:
NPM_AUTH: ${{ secrets.NPM_AUTH }} # optional
- name: Create Release Pull Request
uses: changesets/action@v1
with:
version: npm run version
publish: npm run release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_AUTH: ${{ secrets.NPM_AUTH }} # optionalAnd here's our "scripts": {
"version": "changeset version && npm install --package-lock-only",
"release": "changeset publish", |
|
I'm so confused. Doesn't this mean the action is pretty much broken with the default config? At the very least I'd expect this to be mentioned in the docs. EDIT: I was able to solve it by adding a "version-packages" script to "version-packages": "changeset version && pnpm i --lockfile-only"And then use it inside the GitHub action: uses: changesets/action@v1
with:
version: pnpm version-packages |
We use npm in our project. In a monorepo project, package-lock.json tends to contain some of the versions from the package itself. This means that after the action creates a PR and merges it, whenever you next run
npm installyou get a change to the package-lock.json that you need to push.We're working around this to configure the action to run
npm iafterchangeset version(see apollographql/apollo-server#6809). But maybe that should be the default? Or at least recommended in the docs for npm users?The text was updated successfully, but these errors were encountered: