pnpm install updates pnpm lockfile when it should not

[monilpat]

Describe the bug

The pnpm install command is incorrectly updating the lock file during installations, leading to potential inconsistencies in dependency versions across different environments. This behavior can cause unexpected issues when deploying or running the application, as the installed packages may not match the versions specified in the lock file.

To Reproduce

1. Clone the repository.
2. Run the command pnpm install without the --frozen-lockfile option.
3. Observe that the pnpm-lock.yaml file is updated with new versions of dependencies, even if they are not specified in the package.json.

Expected behavior

The pnpm install command should respect the --frozen-lockfile option, preventing any updates to the lock file. This ensures that the installed dependencies match the versions specified in the pnpm-lock.yaml file, maintaining consistency across different environments.

Screenshots

Additional context

This issue was addressed in a recent commit that added the --frozen-lockfile option to various installation commands in the project, including in the GitHub workflows, Dockerfile, and scripts. The explicit update script was also introduced to allow updates without the frozen lock file option, ensuring that developers can manage dependencies more effectively without risking unintended changes to the lock file.

[shakkernerd]

@pgoos How does the current smoke tests and integration tests work?
I observed it does not run the tests against the actual changes in a given PR but rather against already merged in code.
I might be wrong on this but can you kindly confirm this?

@monilpat said to tag you.

Awaiting your response.
Thanks!

[monilpat]

Closed as pnpm issue resolved :)