"yarn install" should be executed with option "--frozen-lockfile"

author Sébastien Lesaint <sebastien.lesaint@sonarsource.com>

Thu, 29 Aug 2019 22:38:11 +0000 (00:38 +0200)

committer SonarTech <sonartech@sonarsource.com>

Fri, 30 Aug 2019 18:21:02 +0000 (20:21 +0200)
author Sébastien Lesaint <sebastien.lesaint@sonarsource.com>
Thu, 29 Aug 2019 22:38:11 +0000 (00:38 +0200)
committer SonarTech <sonartech@sonarsource.com>
Fri, 30 Aug 2019 18:21:02 +0000 (20:21 +0200)
diff --git a/build.gradle b/build.gradle

index fe66bf2854270e7ca90a097a93f7896cacdc1303..a967d1a626702ab3bc9d62fba63172eb59503064 100644 (file)
--- a/build.gradle
+++ b/build.gradle
@@ -459,6 +459,12 @@ subprojects {
  def yarnInstallTasks = allprojects.findResults { it -> it.tasks.findByName('yarn') }
  yarnInstallTasks.drop(1).eachWithIndex { it, i -> it.mustRunAfter(yarnInstallTasks[0..i]) }
  
+// by default, Yarn will update lock file if it is not up to date with "package.json"
+// using option "--frozen-lockfile" will disable this behavior and "yarn install" will fail if lock file is out of date
+// all "yarn install" tasks should be executed with this option for reproducibility of builds
+// and to prevent developers from forgetting to update lock file when they update "package.json"
+yarnInstallTasks.each { it -> it.args = ['--frozen-lockfile'] }
+
  
  artifactory {
    clientConfig.setIncludeEnvVars(true)
author	Sébastien Lesaint <sebastien.lesaint@sonarsource.com>
	Thu, 29 Aug 2019 22:38:11 +0000 (00:38 +0200)
committer	SonarTech <sonartech@sonarsource.com>
	Fri, 30 Aug 2019 18:21:02 +0000 (20:21 +0200)