Enable package lock to reduce duration & CPU usage of "npm install" 🏎🌱 #2558
Conversation
bajtos
added
the
Internal Tooling
bajtos
requested review from
b-admike,
hacksparrow,
jannyHou and
marioestradarosa
as code owners
| @@ -1 +1 @@ | |||
| package-lock=false | |||
| package-lock=true | |||
There was a problem hiding this comment.
I am intentionally keeping .npmrc and forcing package-lock on all loopback-next developers.
Personally, I have a global .npmrc file setting package-lock to false, because that's what I need when working on LB3 repositories. If there was no .npmrc file in loopback-next, then I would not be using package-lock functionality because of my global config.
IMO, it's best to not make any assumptions about the global npm configuration and explicitly tell npm that we want to use package-lock files.
|
Bummer, Node.js 10.0.0 used on AppVeyor does not support |
|
@raymondfeng if the patch LGTY and there are no objections from other reviewers, then feel free to land it yourself. The sooner we speed up our CI builds, the better for us and the environment too. |
There was a problem hiding this comment.
LGTM 👍 .
@bajtos , as a side note, npm ci automatically do the rm -rf node_modules for us. According to its documentation. Also it mentions that it is faster because it skips certain user-oriented features.
bajtos
changed the title
|
We need to try out a few things:
|
|
I'm seeing a diff in
I had to do the following to resolve the problem:
|
| @@ -0,0 +1,361 @@ | |||
| { | |||
There was a problem hiding this comment.
It's surprising that I don't see entries for @loopback/* dependencies in the generated package-lock.json. Is it by design as they are symbolically linked? If so, what's the impact for published modules?
I just realized that
Basically, |
Turn on package-lock, we will rely on Greenkeeper to let us know when a new version of our (deep) dependency was published. Update CI configuration to run `npm ci` instead of `npm i`. This change speeds up the installation from approx. 1m44s to 0m52s, i.e down to a half.
The version 10.0.0 is way too outdated, it makes little sense to test it. Unfortunately we cannot upgrade to a newer 10.x version because the CLI tests freeze on Windows :( Also, Node.js 10.0.0 is shipping an outdated npm version that does not support `npm ci` command that we are using to speed up install times.
raymondfeng
force-pushed
the
enable-package-lock
branch
from
74a812a to
5b3757f
Compare
Exactly 👍 |
Historically, we were avoiding package locks to ensure our CI builds are using the latest version of all dependencies, the same versions that our consumers would receive when running
npm installin their projects.Now that we have Greenkeeper enabled to detect new versions in our dependency tree and semi-automatically update our package.json & package-lock.json files, I feel it's safe to use package-lock feature.
This pull request enables package-locks in the entire monorepo in the first commit, and adds individual
package-lock.jsonfiles in the second commit - I hope this will make the change easier to review. The third commit removes Node.js version 10.0.0 from the build matrix on Windows, becausenpm ciis not available there. (We cannot upgrade to a newer 10.x version - see #1431.)Note: To fully leverage the power of package locks, the CI is using
npm ciinstead ofnpm installnow. Similarly,lernais configured to usenpm ciwhen installing dependencies in individual monorepo packages.As a result, the time to install dependencies was cut by half - from 1m44s to 0m52s on my machine. Not only the installation is faster, it's also burning less CPU cycles (and energy).
before
after
Checklist
👉 Read and sign the CLA (Contributor License Agreement) 👈
npm testpasses on your machinepackages/cliwere updatedexamples/*were updated