Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using npm-install in CI. Use npm-ci instead #18773

Closed
rhopp opened this issue Jan 11, 2021 · 4 comments
Closed

Stop using npm-install in CI. Use npm-ci instead #18773

rhopp opened this issue Jan 11, 2021 · 4 comments
Assignees
@makambalaji
Labels
area/qe kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
Backlog - QE

Comments

@rhopp
Copy link
Contributor

rhopp commented Jan 11, 2021
edited by dmytro-ndp
Loading

Is your task related to a problem? Please describe.

We are currently using npm install in lot of places in our testing pipelines & docker image build of e2e-tests image.
This is not safe, as npm install could produce different dependency tree each time (for example when new version of some dependency is published) [1].
For sake of reproducible builds&tests we should use npm-ci which doesn't compute new dependency tree, but instead of that just reproduces the dependency tree from package-lock.json.
Documentation:

[1] https://stackoverflow.com/a/56254478/2556329

Describe the solution you'd like

We should not use npm install in any of our testing pipelines and build scripts.

npm install should be used only for local development and if upversioning of any dependency is needed, package-lock.json needs to be updated.
@rhopp rhopp added kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system. area/qe labels Jan 11, 2021
@rhopp rhopp added this to the Backlog - QE milestone Jan 11, 2021
@che-bot
Copy link
Contributor

che-bot commented Jul 19, 2021

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 19, 2021
@rhopp
Copy link
Contributor Author

rhopp commented Jul 21, 2021

/remove-lifecycle stale

@che-bot che-bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 21, 2021
@dmytro-ndp dmytro-ndp added severity/P2 Has a minor but important impact to the usage or development of the system. and removed severity/P1 Has a major impact to usage or development of the system. labels Sep 6, 2021
@dmytro-ndp dmytro-ndp mentioned this issue Nov 30, 2021
Closed
@mkuznyetsov mkuznyetsov mentioned this issue Dec 1, 2021
Merged
9 tasks
@dmytro-ndp dmytro-ndp added severity/P1 Has a major impact to usage or development of the system. and removed severity/P2 Has a minor but important impact to the usage or development of the system. labels Dec 6, 2021
@dmytro-ndp dmytro-ndp assigned mkuznyetsov and unassigned mkuznyetsov Dec 6, 2021
@makambalaji
Copy link
Contributor

Drafted the pr: #20927

@makambalaji
Copy link
Contributor

PR got merged: #20927, so closing this issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@makambalaji makambalaji

Labels
area/qe kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
Backlog - QE
Development

No branches or pull requests
5 participants
@dmytro-ndp @rhopp @mkuznyetsov @che-bot @makambalaji