From a1e6688b2608c06e11b684e8b2f3192dcca99da3 Mon Sep 17 00:00:00 2001
From: =?utf8?q?S=C3=A9bastien=20Lesaint?=
 <sebastien.lesaint@sonarsource.com>
Date: Fri, 30 Aug 2019 00:38:11 +0200
Subject: [PATCH] "yarn install" should be executed with option
 "--frozen-lockfile"

---
 build.gradle | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/build.gradle b/build.gradle
index fe66bf28542..a967d1a6267 100644
--- a/build.gradle
+++ b/build.gradle
@@ -459,6 +459,12 @@ subprojects {
 def yarnInstallTasks = allprojects.findResults { it -> it.tasks.findByName('yarn') }
 yarnInstallTasks.drop(1).eachWithIndex { it, i -> it.mustRunAfter(yarnInstallTasks[0..i]) }
 
+// by default, Yarn will update lock file if it is not up to date with "package.json"
+// using option "--frozen-lockfile" will disable this behavior and "yarn install" will fail if lock file is out of date
+// all "yarn install" tasks should be executed with this option for reproducibility of builds
+// and to prevent developers from forgetting to update lock file when they update "package.json"
+yarnInstallTasks.each { it -> it.args = ['--frozen-lockfile'] }
+
 
 artifactory {
   clientConfig.setIncludeEnvVars(true)
-- 
2.39.5