Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detailed Specifications of Automatic Updates and Version Pinning #12866

Open
Hiroki-Aoki opened this issue Oct 15, 2024 · 3 comments
Open

Detailed Specifications of Automatic Updates and Version Pinning #12866

Hiroki-Aoki opened this issue Oct 15, 2024 · 3 comments
Labels
documentation V4

Comments

@Hiroki-Aoki
Copy link

Hiroki-Aoki commented Oct 15, 2024
edited
Loading

Issue description

Please tell me the detailed specifications of the automatic updates described in Update Serverless Framework and how to pin a version described in Serverless Framework version pinning.

Questions

  1. Please tell me all the timing and conditions under which automatic updates run.
    • I think that automatic updates occur when you run a serverless update and every 24 hours (when you run any serverless commands after the updateLastChecked time recorded in ~/.serverless/binaries/metadata.json has passed), is that correct? And, are there any other times when automatic updates occur?
  2. What specifically happens if SERVERLESS_FRAMEWORK_FORCE_UPDATE=true is set?
  3. What specifically happens if SERVERLESS_FRAMEWORK_FORCE_UPDATE=false is set?
  4. Does the Serverless Framework's automatic update mechanism ignore the version specification in Node.js npm's package.json?
  5. Is there a way to stop automatic updates?
  6. When pinning the Serverless Framework version with frameworkVersion in serverless.yml, is there any way to reference the value in an external file? (I'd like to write the version in one configuration file and reference it from serverless.yml for multiple CloudFormation stacks.)
  7. What are the meanings of the following (1)~(3) parameters in meta.json created when deploying CloudFormation stacks with Serverless Framework?
    • When deployed with the frameworkVersion: '4.4.4' in serverless.yml referring to an external file, the Serverless Framework version value output to .serverless/meta.json appears to be different.
  • serverless.yml

    frameworkVersion: ${file(. /config.yml):frameworkVersion}
  • config.yml

    frameworkVersion: '4.4.4'
  • .serverless/meta.json
    {
        "/path/to/serverless": {
        "versionSfCore": null,
        "versionFramework": "4.4.6", ... (1)
        
        "composeResolverProviders": {
        "file": {
            "instance": {
            
            "serviceConfigFile": {
                
                "frameworkVersion": "4.4.4", ... (2)
        
        "versionSf": "4.4.6", ... (3)

Context

  • Serverless Framework: 4.4.6 (the value of frameworkVersion in serverless.yml is '4.4.4')
@Hiroki-Aoki Hiroki-Aoki changed the title Detailed Specifications of Automatic Updates Detailed Specifications of Automatic Updates and Version Pinning Oct 17, 2024
@ethanherbertson
Copy link

I would also like this clarified ASAP. It's kind of distressing that a tool that could be managed as a devDependency of a node project, using standard semver and npm/yarn/etc tooling, is now in the business of managing itself.

I was expecting the migration to v4 to include very few breaking changes, but this discovery will probably require a significant posture change for my team. Ever since an incompatibility in (as I recall) v1.18 led us to have to use different versions of Serverless in different projects (albeit temporarily), we've been happily just including Serverless as a dev dependency of each project we were using it in, and writing little one-liner scripts in package.json to run deploys and teardowns using the locally-installed version. That was such a pleasant (and self-documenting!) experience that we never went back to using global installs.

Now we're going to have to reconsider all of that in light of these auto-updates, and step one of that will require a MUCH clearer description of what is actually being updated and when. (And where!)

@ethanherbertson ethanherbertson mentioned this issue Oct 23, 2024
Open
@Hiroki-Aoki Hiroki-Aoki mentioned this issue Jan 10, 2025
Open
@Hiroki-Aoki
Copy link
Author

Hiroki-Aoki commented Jan 10, 2025
edited
Loading

  1. When pinning the Serverless Framework version with frameworkVersion in serverless.yml, is there any way to reference the value in an external file? (I'd like to write the version in one configuration file and reference it from serverless.yml for multiple CloudFormation stacks.)

I create a new issue regarding question 6 above. #12984

@Hiroki-Aoki
Copy link
Author

Hiroki-Aoki commented Jan 10, 2025
edited
Loading

@skierkowski Sorry to contact you out of the blue. Could you please answer my questions? I really hope your response.

(We understand that pinning versions is not recommended by developers of Serverless Framework and that automatically updating versions can bring benefits such as automating security responses, but due to constraints on our team's development process, it is difficult to allow automatic version updates. So we'd like to know the detailed specifications of automatic updates and pinning the version.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation V4
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skierkowski @ethanherbertson @Hiroki-Aoki