Support yarn? #314
Comments
|
As far as I can tell, the |
|
Yeah, maybe these could be merged, but I was thinking more specifically:
Greenkeeper doesn't support this yet, and that's why I filed this issue. Happy to merge them though. But I think the work required will be pretty different. |
|
We would love to send updates to the yarn.lock file along with our pull requests. Especially because that would be a deterministic operation, that doesn't require a file system, like shrinkwrap does. We are operating Greenkeeper without any outside investment into the company. We want to build a business that must only serve the community we are building this for, which of course includes ourselves, but not any investors. With the very limited resources we're having because of this, we decided to focus our engineering efforts on migrating Greenkeeper over to GitHub integrations as fast as possible. It doesn't sound like that big of a change, but it's changing a lot behind the curtains. I think that Yarn and Greenkeeper could be an excellent match, but unfortunately they did not reach out to us prior to their public launch. They pride themselves as an open community project, and that their ideas were discussed and validated by a lot of people. I'm sad to see that we weren't part of that group. All I'm left with now is the very sad task to tell you that this isn't going to land anytime soon. It could have been different a few weeks ago when we set our current roadmap. We're trying our very best to get this to you as soon as possible, and hope you understand our current priorities. Thank you, |
|
Thanks for the explanation @boennemann! Best of luck on your endeavors! I appreciate all that you do for the community. Looking forward to when you can get around to this! |
|
@boennemann I completely see where you're coming from. I'd be happy to help implement this feature as it could be a really nice win for yarn projects. Do you think you could provide some tips on how to do this? I understand if it is out of scope and that's fine too. Also as a sidenote I took a quick glance through the code and found evilhackerdude and some other random files. :P what's the story there? |
|
I am actually wondering if this could be solved on the CI side, eg. Travis. When greenkeeper makes a pull request, Travis could spot a difference in |
|
Thanks for the idea, but the PR should update the lock file too |
|
Oh, misunderstood your comment. Yes, this would still require work on greenkeepers part |
|
Really? How so? Once there is a PR, the greenkeeper doesn't care about it anymore, right? So if Travis can just commit to that PR with updated Thinking about it, there actually no need to check on change in package.json, because yarn takes care of it. After successful build, the Travis would just need to commit yarn.lock if it has changed during run. |
|
There is a slight issue when build is actually executed for a multiple environments (node versions). It would be necessary to specify which version is used for this update I guess. |
|
I guess this is no longer that hot idea after recent discoveries: https://medium.com/@boennemann/avoid-yarn-for-packages-and-fully-enjoy-its-benefits-for-application-development-8bdd4deb33cf#.vnapi4xvi For open source apps it can still find it's use, but there is a probably much lower number than modules. |
|
It would be cool to know whether this will be implemented in Greenkeeper since that would be one of a few reasons to switch from private Bitbucket to private Github. |
|
@FredyC you may be interested in a recent Yarn blog post about this subject - https://yarnpkg.com/blog/2016/11/24/lockfiles-for-all The blog post was made shortly after a discussion here sindresorhus/meta#4 |
|
i see lots of value in what yarn provides, but greenkeeper is more important to my workflow at this point. because of this, i'm holding off adopting yarn until greenkeeper supports it, but would love to be able to use it for some of my projects. |
|
A quick update: For the time being there is a community built workaround for this: https://gist.github.com/maxrimue/16e272c4e0b8a8ac9dd5570e180e08c0 We published our roadmap: https://git.io/greenkeeper-roadmap |
|
Possibly useful: https://yarnpkg.com/en/docs/cli/generate-lock-entry |
|
@destroyerofbuilds, I read it but don't buy the idea. The problem is when the user discovers the problem, they report the issue to the contributors. With the lock file in the library, contributors have a hard time to figure out what actually breaks because when they run It is a burden on the contributor needing to aware that, "ah, maybe there is a break in the dependency". |
|
BTW I created this project to help with this: https://github.com/clarkbw/circleci-update-yarn-lock definitely not perfect but at least automates the process of creating an updated |
|
We should consider prioritizing this as Travis will soon run yarn with
If I got it correctly, it's because Reference on Travis repo: travis-ci/travis-ci#7395 (comment) |
|
@diegohaz well travis already run yarn with mass greenkeeper issues inc 🙈 |
|
Any updates on this? Circleci is not using If you need any help, please let us know how. (the workaround from @clarkbw does not work for us, because it uses |
BTW, I'm updating the fix right now. Happy to look into this as well. An important note for anyone working on this is that the |
|
Well with the May 2nd release of Greenkeeper 2.0 and a lot of features put out on the roadmap I hope this gets added! |
|
I've added |
|
Ya'll might dig that npm5, which in many cases is as fast as yarn, will have lock files too. |
|
Will greenkeeper support updating that lockfile? |
|
We're also using @jdalton Will npm5 have a command comparable to |
|
@keimlink I think your safest bet might be npm/npm#16244 |
|
@zcei Thanks for the links! The performance comparisons between npm and yarn in npm/npm#16244 were very interesting. |
@jrjohnson, @keimlink you may wan to run
@jdalton please keep in mind that
@SimenB GreenKeeper 2.0 supports
@keimlink @jdalton I haven't seen any support within npm for ensuring the lockfile doesn't fall out of sync. In general, if anyone wants to maintain their dependencies, and use Yarn, please look into renovate. I came across it several month ago, and it's been a really nice tool to throw into a Jenkins setup, and keep all my package dependencies updated, and occasionally update my project's lockfiles. |
|
@jdalton I am just curious, what makes that benchmark you have linked more relevant than the one posted later (by non-owner)? That shows kinda opposite opinion... |
|
@destroyerofbuilds @FredyC Others have reported wins too. It's been said that speeds of either vary from project to project so you'll likely see cases of both winning out. It's pretty rad though that they're that close to each other. It puts more pressure to support lock files for sure. Everyone wins 🎉 |
@unional I assume Upon encountering the failure, is it to much to ask them to run
@jdalton thank you for bringing that to my attention. I hadn't realized that feature made it into the npm@5 roadmap. Glad to see npm@5 adopting a feature that will lead to a greater adoption of lockfiles within our community. @unional the lockfile behavior of npm@5 will now, by default, be similar to yarn, though you will be able to still use
I do agree with you @jdalton that speeds with vary between projects, but also operating systems, network environments, etc. If you find any benchmarks that come with their test methodology, I'd appreciate references. I'm always trying to keep an eye out for how people benchmark the performance of these package managers (I have a slightly modified benchmark script myself). I'm also trying to keep an eye out for what conditions allow one package manager to excel over another. |
|
Hi everyone, I am a yarn contributor and I am not here to tell to use yarn instead of npm, but I need your help to understand better the situation :) I saw greenkeeper the last week and I think it does an awesome work; @finnp @boennemann are there any plans to support yarn in some ways and specifically to support the generation of yarn.lock file? We want to adopt it in the yarn project itself without doing things like that https://gist.github.com/maxrimue/16e272c4e0b8a8ac9dd5570e180e08c0 if we can. I tagged you guys because you seem the most active developers on the codebase, sorry if I am wrong O.o and thanks for your time! |
|
@voxsim please see the Greenkeeper roadmap - https://github.com/greenkeeperio/greenkeeper/projects?sort=oldest As noted by @boennemann, and listed under the title Open up Greenkepper on the Roadmap, the Greenkeeper core team will be looking at opening their core to community maintained modules that implement features, including Yarn support. Therefore, my assumption is that Yarn support is not imminent, but the core team of Greenkeeper is aware of the community's interest, and we can look forward to seeing Yarn support in the future. In the meantime, please consider employing an alternative such as renovate. (It comes with Yarn and |
|
@jdalton ? could you please explain me? who is competitor of who? Maybe I lost some pieces O.o btw thanks @destroyerofbuilds! :D |
|
Alrighty, yarn support, what's taking us so long? Generating lockfiles on the server side isn't the most trivial problem to solve, but with npm5 adopting In the meantime: We renamed We added
Please let us know how it works for y'all. I'm going to close this issue while we're trying to figure out how to best add server-side lockfile support, especially with private and git dependencies. Think you can beat us to it? Great news: This very repo now contains our core worker job implementation. It's not documented yet, but we made the first step of open sourcing it to progress with our promise of opening up Greenkeeper for community contributions. Peace and love, P.S.: Thanks a lot @maxrimue for providing initial yarn support with this script. |
This was just a thought that came to my head. But would ya'll consider supporting yarn? Seems like it'd be really useful here because the
yarn.locklocks down the package versions and maintainers would probably like to keep that up to date. I envision seeing pull requests that update theyarn.lockand potentially thepackage.jsonif the version range is out of date.The text was updated successfully, but these errors were encountered: