CI (internal) vs external lock files

[bestander]

At FB we check in mirror folder with all .tar.gz files and yarn.lock that refers to them so that we could build node_modules offline (especially in CI).

We will want to commit yarn.lock with references to npm repo for the OSS users.

How can we make both mirror and external work together so that we could sync this file between internal and OSS code?

[poeschko]

Maybe I'm missing something, but why does the lock file have to change at all when using a mirror? Can it not keep referencing the original source of a package (e.g. https://registry.yarnpkg.com) + checksum? If a mirror is set up in .yarnrc, the "primary key" into that mirror would still be package name + version + checksum; but the mirror would only be an (optional) cache, in addition to the original source.

[bestander]

@poeschko, yeah, makes sense, related discussion for a more generic approach #393.
But I like that your way makes it configuration-less

[sjd78]

Has there been any action on this issue recently? My team is hitting almost exactly the same issue trying to balance external pointing yarn.lock file in source control with internal pointing yarn.lock for CI.

[bestander]

It is in the scope for the core team but no one is actively working on this. It would be great if someone from the community volunteered to implement this. Feel free to ping me, we could chat and split the work.

…

On Tue, 7 Feb 2017 at 07:46, Scott Dickerson ***@***.***> wrote: Has there been any action on this issue recently? My team is hitting almost exactly the same issue trying to balance external pointing yarn.lock file in source control with internal pointing yarn.lock for CI. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#394 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACBdWG91gv3Q_lGGYhCsQkmAFyGnKBR7ks5raJHggaJpZM4KDHOK> .

[gregsheremeta]

Just to reiterate, currently the lock file does need to change when reading from a mirror. The URLs need to be changed to just name + checksums. If they reference URLs,

$ yarn install --offline
yarn install v0.19.1
[1/4] Resolving packages...
[2/4] Fetching packages...
error Can't make a request in offline mode

But @poeschko 's idea is spot-on. Why should it have to?

I don't see why yarn shouldn't automatically stay offline and read the mirror when told to via --offline, but I'd also be ok with another option that did the same thing.

We currently work around this by postprocessing the lock file, which is a gross hack. But it works.

cp yarn.lock yarn.lock.bak
sed -i -e "s#resolved \"https.*/-/\(.*\)\"#resolved \\1#" yarn.lock

[bestander]

Go ahead, send an RFC

[gregsheremeta]

@bestander Still want to split the work with us? :)

[bestander]

Looks too easy to split :)
On a serious note, I am here to provide help here or on discord https://discordapp.com/invite/yarnpkg or by email bestander@gmail.com

[bestander]

Ok, now fixed