Skip to content
This repository has been archived by the owner on Dec 12, 2020. It is now read-only.

[Question] Using with yarn's ---frozen-lockfile #195

Closed
maciej-gurban opened this issue Mar 25, 2019 · 7 comments
Closed

[Question] Using with yarn's ---frozen-lockfile #195

maciej-gurban opened this issue Mar 25, 2019 · 7 comments
Assignees
@rarkins

Comments

@maciej-gurban
Copy link

maciej-gurban commented Mar 25, 2019
edited
Loading

Which Renovate are you using? CLI, App, or Pro

Self-hosted

Which platform are you using? GitHub, GitLab, Bitbucket Azure DevOps

Github

Context

Based on yarnpkg/yarn#4147, we're using .yarnrc file in which we set --install.frozen-lockfile true. This prevents us from introducing changes to yarn.lock when only installing already added dependencies.

However, this requires that to update the yarn.lock file when adding or upgrading dependencies we need to use yarn add or yarn upgrade command.

Today, we noticed that renovate PRs in our codebase fail, with:

The lock file failure details are included below:
yarn.lock
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.

What is your question?

Does Renovate Bot simply modify contents of package.json without running commands like yarn upgrade? Is there a way to change that behavior, or otherwise solve this?

I tried replicating locally, and run yarn add foo, which updates yarn.lock and package.json. I then tried only changing the package.json to add that new package and running yarn in that scenario causes, as expected, Your lockfile needs to be updated, but yarn was run with --frozen-lockfile.
@maciej-gurban
Copy link
Author

Checked renovate's source code, and it turns out that dependency versions are changed using string replace in package.json and then runs yarn install, hence why having --install.frozen-lockfile true would not produce yarn.lock and cause the above mentioned issue.

Hopefully yarn stops the install command from making changes to the lock file, so we get more predictable results. Until then, we simply remove the .yarnrc in CI.

@rarkins
Copy link
Collaborator

rarkins commented Mar 26, 2019

Can we massage the .yarnrc file before running yarn? We already have at least one case like that

@stale
Copy link

stale bot commented Mar 29, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed soon if no further activity occurs.

@stale stale bot added the wontfix label Mar 29, 2019
@rarkins
Copy link
Collaborator

rarkins commented Mar 30, 2019

Can you copy in your exact yarnrc file here so I can use it in testing?

@stale stale bot removed the wontfix label Mar 30, 2019
@maciej-gurban
Copy link
Author 

--install.frozen-lockfile true

@Shub1nk
Copy link

Shub1nk commented Oct 7, 2020

Faced the same problem and it is not clear how to solve it.

RenovateBot launched, created 2 PRs, but cannot update artifacts because yarn is launched with a flag --frozen-lockfile

@rarkins
Copy link
Collaborator

rarkins commented Oct 7, 2020

@Shub1nk Please create an issue in github.com/renovatebot/config-help with logs, exact .yarnrc, etc.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rarkins rarkins

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maciej-gurban @Shub1nk @rarkins