ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-20813) Convert ambari-web build process to use yarn package manager to fix dependencies and to make the process faster
Date Fri, 21 Apr 2017 02:30:04 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-20813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15977963#comment-15977963
] 

Hudson commented on AMBARI-20813:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #7328 (See [https://builds.apache.org/job/Ambari-trunk-Commit/7328/])
AMBARI-20813. Convert ambari-web build process to use yarn package (yusaku: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=2075f52e327e6bc624ec043dc87ea74672bcc7f5])
* (add) ambari-web/yarn.lock


> Convert ambari-web build process to use yarn package manager to fix dependencies and
to make the process faster
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20813
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20813
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-web
>    Affects Versions: 2.5.1
>            Reporter: Yusaku Sako
>            Assignee: Yusaku Sako
>            Priority: Critical
>             Fix For: 2.5.1
>
>         Attachments: AMBARI-20813.patch, yarn.lock.branch-2.5, yarn.lock.trunk
>
>
> We've seen too many build failures for Ambari even when there are no source code changes
due to dependent npm packages introducing breaking changes in newer versions. This happens
because npm installs the latest version of the packages allowed by the specified version patterns
in package.json. Even if we fix the versions in package.json, we are still vulnerable to this
issue, because the dependent packages specified in package.json can bring in their own dependencies
and thus bring in new versions of these packages that can have breaking changes.
> To get around issue, we will integrate "yarn", an npm package dependency manager, to
the mvn build process.
> Executing "yarn" will automatically create a "yarn.lock" file so that all the packages
that are installed, including recursive dependencies, will have the exact version on subsequent
installs. Note that this "yarn.lock" file needs to be checked in to the repository so that
installed versions are actually fixed. An additional benefit of using "yarn" is that it dramatically
speeds up npm package installs: https://yarnpkg.com/lang/en/compare/
> There's a similar dependency management tool called "npm-shrinkwrap". However, "yarn"
seems superior in terms of install speed and also reproducibility of installed package versions:
http://stackoverflow.com/questions/40057469/what-is-the-difference-between-yarn-lock-and-npm-shrinkwrap



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message