-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yarn v2/v3 zero-install not updating cache files #5946
Comments
Could you link to a repo where this reproduces? The new dependency should be included in the cache, which I can reproduce in test repo's and we also have tests for. There is an upstream issue on yarn regarding the old entry not getting removed from the cache: yarnpkg/berry#4886, is that what you're running into? |
We currently run yarn with |
The repo in question is Looking more closely, it might actually be 2 issues, the old cache item not being removed that you mentioned above, as well as |
We're actually not able to see any of that 😄
Maybe we need to try and manually do this for now? Seems a bit icky 😞 We could drop
Ah, I think this should actually be an easy fix, we just need to track those files as things that need to be updated with the PR. We'll need to check if the path for those is configurable and pull it from the config file if so |
@jurre thanks for the quick response! Re: Great to hear that the |
Looking more closely at |
Here's a PR that Dependabot has just created in my repo in which .yarn/cache is checked out: As you can see, clearly, old core_js is no longer used, as it's completely wiped from yarn.lock. However, the binary from |
And |
I've deployed the fix for this, feel free to re-open if you continue to see issues with zero-install enabled repos. |
@pavera just tried it! Things look good, except that the permissions of |
@pavera Thanks for looking at this! There's one more thing missing that I'd like to report. If packages specify build scripts, Dependabot seems to undo these changes to the To reproduce: add (for example) the protobufjs package, and let dependabot run on the repo. (Can be a different package that gets updated.) |
We believe this is caused by our policy on post install scripts. We currently disable post install scripts |
@pavera If you use the
|
I've begun work on a larger refactor to address this as well as hopefully regain the performance improvements we lost when we removed Adding to the complexity, Currently the proposed pseudo code solution looks like:
Hopefully this will satisfy performance and behavior requirements for the largest possible group of users :) |
You don't need to set |
I've now deployed #6017 which I believe should result in correct |
@pavera this seems to mostly be fixed, the only exception is the file permission of |
@osdiab There was a subsequent issue #6076 which I'm working to fix right now. Without more info about your specific repo setup I can't really tell if the fix will repair your issue, but if you want to move to that issue to continue the conversation that would be great. I'm going to deploy the fix later today, so hopefully it addresses your issue as well. |
As first mentioned by @viniciuspalma in #1297 (comment), dependency updates on Yarn v2/v3 are not including updates to cache files, making
yarn install --immutable --immutable-cache
fail due to outdated cache data.An example Dependabot run that generated a handful of dependency updates without updating the cache information in one of my repos is
489332542
. I thought it might be because I hadn't includedvendor: true
in my.dependabot.yml
configuration file, but adding that failed the Dependabot validation check./cc @jurre
The text was updated successfully, but these errors were encountered: