ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yusaku Sako (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-20813) Convert ambari-web build process to use yarn package manager to fix dependencies and to make the process faster
Date Thu, 20 Apr 2017 21:43:04 GMT
Yusaku Sako created AMBARI-20813:
------------------------------------

             Summary: Convert ambari-web build process to use yarn package manager to fix
dependencies and to make the process faster
                 Key: AMBARI-20813
                 URL: https://issues.apache.org/jira/browse/AMBARI-20813
             Project: Ambari
          Issue Type: Task
          Components: ambari-web
    Affects Versions: 2.5.1
            Reporter: Yusaku Sako
            Assignee: Yusaku Sako
            Priority: Critical
             Fix For: 2.5.1


We've seen too many build failures for Ambari even when there are no source code changes due
to dependent npm packages introducing breaking changes in newer versions. This happens because
npm installs the latest version of the packages allowed by the specified version patterns
in package.json. Even if we fix the versions in package.json, we are still vulnerable to this
issue, because the dependent packages specified in package.json can bring in their own dependencies
and thus bring in new versions of these packages that can have breaking changes.
To get around issue, we will integrate "yarn", an npm package dependency manager, to the mvn
build process.
Executing "yarn" will automatically create a "yarn.lock" file so that all the packages that
are installed, including recursive dependencies, will have the exact version on subsequent
installs. Note that this "yarn.lock" file needs to be checked in to the repository so that
installed versions are actually fixed. An additional benefit of using "yarn" is that it dramatically
speeds up npm package installs: https://yarnpkg.com/lang/en/compare/
There's a similar dependency management tool called "npm-shrinkwrap". However, "yarn" seems
superior in terms of install speed and also reproducibility of installed package versions:
http://stackoverflow.com/questions/40057469/what-is-the-difference-between-yarn-lock-and-npm-shrinkwrap




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message