Fail the build if the yarn.lock file is changed after running yarn install

Question

Fail the build if the yarn.lock file is changed after running yarn install

gashcrumb opened this issue 6 months ago · comments

What do you want to improve?

Often when running yarn install after updating the yarn.lock file contains changes.

What is the current behavior?

This is not ideal as it means there's inconsistencies between what folks are committing and what is being tested in github actions.

What will the new behavior be?

The build action will fail if there's changes to the yarn.lock file after running yarn install

See this comment for more information:

Yes this is a copy of janus-idp/backstage-plugins#1169

Stan Lewis commented 4 months ago

yep 😄

Nick Boldt · Answer 1 · Thu Apr 11 2024 20:51:56 GMT+0800 (China Standard Time)

See https://issues.redhat.com//browse/RHIDP-1204 for updates.

PRs for this:

#1175 (1.1.x)
#1174 (main)

PR is failing already with

After 'yarn install', workspace is dirty! The following files have changed:

app-config.example.yaml
app-config.yaml
yarn.lock

-- https://github.com/janus-idp/backstage-showcase/actions/runs/8646895996/job/23707183425?pr=1174

and

After 'yarn install', workspace is dirty! The following files have changed:

app-config.example.yaml
app-config.yaml

-- https://github.com/janus-idp/backstage-showcase/actions/runs/8646912247/job/23707235821?pr=1175

Should we exclude app-config.* from the list of files that can be dirty during a release?

Stan Lewis · Answer 2 · Thu Apr 11 2024 21:08:23 GMT+0800 (China Standard Time)

I think not to be honest. For me it's a red flag that there's something going on that needs to be investigated. Or it indicates that an upgrade has migrated the configuration files, in which case I think that this kind of change to the files should be required to be included in a PR update as well.

Nick Boldt · Answer 3 · Thu Apr 11 2024 21:19:59 GMT+0800 (China Standard Time)

so you're saying this is a GOOD and EXPECTED failure, and the change proposed by this PR is approved?

Stan Lewis · Answer 4 · Fri Apr 12 2024 00:25:59 GMT+0800 (China Standard Time)

I take that back after looking at the PR action 😄 . Turns out the PR check build is copying the app config into place for some reason, so we should leave those two changed files as-is for now and just focus on the yarn.lock file.

Nick Boldt · Answer 5 · Fri Apr 12 2024 01:30:50 GMT+0800 (China Standard Time)

PRs amended to only complain if a yarn.lock is changed.

Can I get a 👍 on them now?

Nick Boldt · Answer 6 · Sat Apr 13 2024 08:17:19 GMT+0800 (China Standard Time)

Woo! Snyk PRs are now failing with

After 'yarn install', workspace is dirty! The following files have changed:

app-config.example.yaml
app-config.yaml
yarn.lock

https://github.com/janus-idp/backstage-showcase/actions/runs/8661941105/job/23752905502?pr=1104

So... I'm going to resolve this.