Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ci, release): use fixed dependencies #9022

Merged
merged 5 commits into from
Jan 8, 2025
Merged

feat(ci, release): use fixed dependencies #9022

merged 5 commits into from
Jan 8, 2025

Conversation

alxndrsn
Copy link
Member

@alxndrsn alxndrsn commented Dec 9, 2024
edited
Loading

  • CI should alert when package-lock.json is out of sync
  • release builds should use the exact dependencies recorded in git so that builds are reproducible

From npm docs (https://docs.npmjs.com/cli/v10/commands/npm-ci):

This command is similar to npm install, except it's meant to be used in automated environments such as test platforms, continuous integration, and deployment -- or any situation where you want to make sure you're doing a clean install of your dependencies.

Depends on:

alxndrsn added 5 commits December 5, 2024 08:29
Don't ignore package-lock.json
b2607a8 
> reproducible builds are a huge +1 for us
> - pouchdb#6754 (comment)

It looks like this file was gitignored completely randomly in 9bf1310 / pouchdb#7331.
Add package-lock.json files
a5f8785
ci, release: use npm clean-install
2419019 
This should allow for more repdocible builds by ensuring that the packages listed in git are the same as those tested in CI and used when building release bundles.
Merge branch 'master' into reproducible-builds-2
55ab28f
Merge branch 'master' into reproducible-builds-2
5a988eb
@alxndrsn alxndrsn marked this pull request as ready for review December 11, 2024 13:59
@alxndrsn alxndrsn changed the title ci, release: use npm clean-install feat(ci, release) use fixed dependencies Dec 11, 2024
SourceR85
SourceR85 approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@SourceR85 SourceR85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very clean indeed ;)

@SourceR85 SourceR85 changed the title feat(ci, release) use fixed dependencies feat(ci, release): use fixed dependencies Jan 8, 2025
@SourceR85 SourceR85 merged commit d14aecc into pouchdb:master Jan 8, 2025
87 checks passed
@alxndrsn alxndrsn deleted the reproducible-builds-2 branch January 8, 2025 07:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SourceR85 SourceR85 SourceR85 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alxndrsn @SourceR85