Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[turborepo] prune package-lock.json not stable #4510

Closed
darthmaim opened this issue Apr 9, 2023 · 1 comment · Fixed by #4516
Closed

[turborepo] prune package-lock.json not stable #4510

darthmaim opened this issue Apr 9, 2023 · 1 comment · Fixed by #4516
Assignees
@chris-olszewski
Labels
kind: bug Something isn't working needs: triage New issues get this label. Remove it after triage

Comments

@darthmaim
Copy link

darthmaim commented Apr 9, 2023
edited
Loading

What version of Turborepo are you using?

1.8.8

What package manager are you using / does the bug impact?

npm

What operating system are you using?

Mac, Windows, docker

Describe the Bug

Running turbo prune --scope=<workspace> --docker multiple times always generates a different package-lock.json.

This causes the docker build to never use the cache to install dependencies.

The keys in the generated JSON have a different order, see for example this screenshot:
image

This occurs on MacOS, Windows (WSL) and inside the docker build.

Expected Behavior

The generated package-lock.json should be stable to allow docker to cache the build step.

To Reproduce

  1. Checkout the reproduction repo
  2. Run npx turbo prune --scope=worker --docker to create pruned output
  3. Copy out/package-lock.json somewhere…
  4. Run npx turbo prune --scope=worker --docker again
  5. Compare the newly created package-lock.json with the one from step 2.

The reproduction repo is kinda large, maybe I will create a smaller repro in the coming days.

Reproduction Repo

https://github.com/GW2Treasures/gw2treasures.com/tree/9c86b97ea829b25ee89cc2b28a07ec36b1cd8a0d
@darthmaim darthmaim added area: turborepo kind: bug Something isn't working needs: triage New issues get this label. Remove it after triage labels Apr 9, 2023
@darthmaim
Copy link
Author

A workaround is to sort the package-lock.json

-RUN npm i -g turbo
+RUN npm i -g turbo sort-json
 COPY . .
-RUN turbo prune --scope=worker --docker
+RUN turbo prune --scope=worker --docker && sort-json out/package-lock.json

This will ensure the package-lock.json is always the same as long as no dependencies changed and later build stages can be cached.

@chris-olszewski chris-olszewski self-assigned this Apr 10, 2023
@chris-olszewski chris-olszewski mentioned this issue Apr 10, 2023
Merged
chris-olszewski added a commit that referenced this issue Apr 10, 2023
@chris-olszewski
fix: use ordered data structure for npm lockfile (#4516)
748d55b 
### Description
Fixes #4510 by using `BTreeMap` instead of a `HashMap` so we have stable
ordering of the package entries.

### Testing Instructions

Setup a monorepo using NPM as a package manager. Run `turbo prune
--scope=web --out-dir=a && turbo prune --scope=web --out-dir=b && diff
a/package-lock.json b/package-lock.json` and expect a zero exit code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chris-olszewski chris-olszewski

Labels
kind: bug Something isn't working needs: triage New issues get this label. Remove it after triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: use ordered data structure for npm lockfile vercel/turborepo
2 participants
@darthmaim @chris-olszewski