[jira] [Commented] (AMBARI-20813) Convert ambari-web build process to use yarn package manager to fix dependencies and to make the process faster

Thu, 20 Apr 2017 18:33:26 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-20813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15977915#comment-15977915
 ] 

Hudson commented on AMBARI-20813:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #7327 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/7327/])
AMBARI-20813. Convert ambari-web build process to use yarn package (yusaku: 
[http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=4a8d3be91c29660b134c6b1583ff5fce607da915])
* (edit) ambari-web/pom.xml


> Convert ambari-web build process to use yarn package manager to fix 
> dependencies and to make the process faster
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20813
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20813
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-web
>    Affects Versions: 2.5.1
>            Reporter: Yusaku Sako
>            Assignee: Yusaku Sako
>            Priority: Critical
>             Fix For: 2.5.1
>
>         Attachments: AMBARI-20813.patch, yarn.lock.branch-2.5, yarn.lock.trunk
>
>
> We've seen too many build failures for Ambari even when there are no source 
> code changes due to dependent npm packages introducing breaking changes in 
> newer versions. This happens because npm installs the latest version of the 
> packages allowed by the specified version patterns in package.json. Even if 
> we fix the versions in package.json, we are still vulnerable to this issue, 
> because the dependent packages specified in package.json can bring in their 
> own dependencies and thus bring in new versions of these packages that can 
> have breaking changes.
> To get around issue, we will integrate "yarn", an npm package dependency 
> manager, to the mvn build process.
> Executing "yarn" will automatically create a "yarn.lock" file so that all the 
> packages that are installed, including recursive dependencies, will have the 
> exact version on subsequent installs. Note that this "yarn.lock" file needs 
> to be checked in to the repository so that installed versions are actually 
> fixed. An additional benefit of using "yarn" is that it dramatically speeds 
> up npm package installs: https://yarnpkg.com/lang/en/compare/
> There's a similar dependency management tool called "npm-shrinkwrap". 
> However, "yarn" seems superior in terms of install speed and also 
> reproducibility of installed package versions: 
> http://stackoverflow.com/questions/40057469/what-is-the-difference-between-yarn-lock-and-npm-shrinkwrap



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to