Remove yarn config files

[alxndrsn]

yarn is no longer used in CI, so yarn-specific config files are no longer required.

[alxndrsn]

Having some kind of lockfile is useful for developers. (Not to mention… CI.) Translate to package-lock.json?

Added in https://github.com/brianc/node-pg-types/pull/157.

[bendrucker]

As noted in #157, lockfiles are useful by default for applications but intentionally not used for most libraries. npm will obey a lockfile in a dependency. We want to test with the latest matching dependency according to the range in the package, not lock. Nor do we want to lock all the dependencies and have to release an update to this package on each new dependency version.

There's a tradeoff here and it's not necessarily wrong to lock library dependencies. But it's not typically the npm way and especially inconvenient for a meta package like this that wires up several smaller packages for complex types.

[charmander]

As noted in #157, lockfiles are useful by default for applications but intentionally not used for most libraries. npm will obey a lockfile in a dependency.

It sounds like you’re referring to npm-shrinkwrap.json. yarn.lock/package-lock.json aren’t published; in a library, they serve to make the full development state for a given revision reproducible.

[bendrucker]

Ah right:

https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#package-lockjson-vs-npm-shrinkwrapjson

The difference is that package-lock.json cannot be published, and it will be ignored if found in any place other than the root project.

Still, the point stands that it doesn't seem lockfiles are actually solving a problem here, and more likely creating one.

https://github.com/sindresorhus/ama/issues/479#issuecomment-310661514

[charmander]

They solve the problem I mentioned (which pg has been affected by, notably), and their absence isn’t really a solution to the problem sindresorhus mentioned back in 2017 (dependabot is more reliable). Almost the opposite, really: if you run npm update and things suddenly stop working, being able to diff the lockfile because it’s in version control makes for an easy way to know exactly what changed.

Anyway, not that big a deal one way or another for this repo – I’m used to reconstructing dependency trees for a point in time by now. Just wanted to get accurate information out there.

[bendrucker]

Right, the GHA addition is overdue and very valuable. I understand that lockfile benefits apply to library developers. Unlike applications, there's a real tradeoff to be considered. I'm unpersuaded that libraries having lockfiles is the right default. Tooling has improved since in the last 5 years but the need to configure and operate it is still extra work.

Definitely not something to sneak in alongside other changes. If someone wants to do the work to run tests both with and without a lockfile in GHA I'm happy to review that PR.

[alxndrsn]

Definitely not something to sneak in alongside other changes.

The lockfile was introduced in https://github.com/brianc/node-pg-types/pull/152, and mentioned clearly in the PR description.

A build without yarn.lock can be seen at https://github.com/alxndrsn/node-pg-types/actions/runs/8408288755/job/23024258952#step:3:19; I include the logs here:

``` 2024-03-24T09:19:00.2730977Z Current runner version: '2.314.1' 2024-03-24T09:19:00.2754139Z ##[group]Operating System 2024-03-24T09:19:00.2754904Z Ubuntu 2024-03-24T09:19:00.2755249Z 22.04.4 2024-03-24T09:19:00.2755562Z LTS 2024-03-24T09:19:00.2755973Z ##[endgroup] 2024-03-24T09:19:00.2756366Z ##[group]Runner Image 2024-03-24T09:19:00.2756759Z Image: ubuntu-22.04 2024-03-24T09:19:00.2757235Z Version: 20240317.1.0 2024-03-24T09:19:00.2758234Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240317.1/images/ubuntu/Ubuntu2204-Readme.md 2024-03-24T09:19:00.2759670Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240317.1 2024-03-24T09:19:00.2760558Z ##[endgroup] 2024-03-24T09:19:00.2760962Z ##[group]Runner Image Provisioner 2024-03-24T09:19:00.2761439Z 2.0.359.1 2024-03-24T09:19:00.2761804Z ##[endgroup] 2024-03-24T09:19:00.2762656Z ##[group]GITHUB_TOKEN Permissions 2024-03-24T09:19:00.2764267Z Contents: read 2024-03-24T09:19:00.2764719Z Metadata: read 2024-03-24T09:19:00.2765226Z ##[endgroup] 2024-03-24T09:19:00.2768308Z Secret source: Actions 2024-03-24T09:19:00.2768891Z Prepare workflow directory 2024-03-24T09:19:00.3389946Z Prepare all required actions 2024-03-24T09:19:00.3543545Z Getting action download info 2024-03-24T09:19:00.5016534Z Download action repository 'actions/checkout@v4' (SHA:b4ffde65f46336ab88eb53be808477a3936bae11) 2024-03-24T09:19:00.6433804Z Download action repository 'actions/setup-node@v4' (SHA:60edb5dd545a775178f52524783378180af0d1f8) 2024-03-24T09:19:00.9556068Z Complete job name: lint 2024-03-24T09:19:01.0478778Z ##[group]Run actions/checkout@v4 2024-03-24T09:19:01.0479425Z with: 2024-03-24T09:19:01.0479847Z persist-credentials: false 2024-03-24T09:19:01.0480375Z repository: alxndrsn/node-pg-types 2024-03-24T09:19:01.0481139Z token: *** 2024-03-24T09:19:01.0481553Z ssh-strict: true 2024-03-24T09:19:01.0481941Z clean: true 2024-03-24T09:19:01.0482381Z sparse-checkout-cone-mode: true 2024-03-24T09:19:01.0482911Z fetch-depth: 1 2024-03-24T09:19:01.0483314Z fetch-tags: false 2024-03-24T09:19:01.0483750Z show-progress: true 2024-03-24T09:19:01.0484174Z lfs: false 2024-03-24T09:19:01.0484539Z submodules: false 2024-03-24T09:19:01.0484974Z set-safe-directory: true 2024-03-24T09:19:01.0485432Z ##[endgroup] 2024-03-24T09:19:04.3820701Z Syncing repository: alxndrsn/node-pg-types 2024-03-24T09:19:04.3822782Z ##[group]Getting Git version info 2024-03-24T09:19:04.3823835Z Working directory is '/home/runner/work/node-pg-types/node-pg-types' 2024-03-24T09:19:04.3825190Z [command]/usr/bin/git version 2024-03-24T09:19:04.3825803Z git version 2.43.2 2024-03-24T09:19:04.3827587Z ##[endgroup] 2024-03-24T09:19:04.3890634Z Temporarily overriding HOME='/home/runner/work/_temp/a50fd7bb-6120-4d30-a0d5-c4d9f39951be' before making global git config changes 2024-03-24T09:19:04.3893901Z Adding repository directory to the temporary git global config as a safe directory 2024-03-24T09:19:04.3896480Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/node-pg-types/node-pg-types 2024-03-24T09:19:04.3926453Z Deleting the contents of '/home/runner/work/node-pg-types/node-pg-types' 2024-03-24T09:19:04.3933667Z ##[group]Initializing the repository 2024-03-24T09:19:04.3937673Z [command]/usr/bin/git init /home/runner/work/node-pg-types/node-pg-types 2024-03-24T09:19:04.3988756Z hint: Using 'master' as the name for the initial branch. This default branch name 2024-03-24T09:19:04.3990772Z hint: is subject to change. To configure the initial branch name to use in all 2024-03-24T09:19:04.3992316Z hint: of your new repositories, which will suppress this warning, call: 2024-03-24T09:19:04.3993298Z hint: 2024-03-24T09:19:04.3993880Z hint: git config --global init.defaultBranch 2024-03-24T09:19:04.3994625Z hint: 2024-03-24T09:19:04.3995314Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and 2024-03-24T09:19:04.3996517Z hint: 'development'. The just-created branch can be renamed via this command: 2024-03-24T09:19:04.3997544Z hint: 2024-03-24T09:19:04.3998278Z hint: git branch -m 2024-03-24T09:19:04.4001014Z Initialized empty Git repository in /home/runner/work/node-pg-types/node-pg-types/.git/ 2024-03-24T09:19:04.4012517Z [command]/usr/bin/git remote add origin https://github.com/alxndrsn/node-pg-types 2024-03-24T09:19:04.4049039Z ##[endgroup] 2024-03-24T09:19:04.4050468Z ##[group]Disabling automatic garbage collection 2024-03-24T09:19:04.4052158Z [command]/usr/bin/git config --local gc.auto 0 2024-03-24T09:19:04.4081492Z ##[endgroup] 2024-03-24T09:19:04.4082895Z ##[group]Setting up auth 2024-03-24T09:19:04.4087496Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-03-24T09:19:04.4117331Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-03-24T09:19:04.4389968Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-03-24T09:19:04.4418779Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-03-24T09:19:04.4642300Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic *** 2024-03-24T09:19:04.4676250Z ##[endgroup] 2024-03-24T09:19:04.4677783Z ##[group]Fetching the repository 2024-03-24T09:19:04.4686557Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +4ccd11459defdd58422b4b4cb9703039c8d16bf7:refs/remotes/origin/github-actions 2024-03-24T09:19:04.7746932Z From https://github.com/alxndrsn/node-pg-types 2024-03-24T09:19:04.7748435Z * [new ref] 4ccd11459defdd58422b4b4cb9703039c8d16bf7 -> origin/github-actions 2024-03-24T09:19:04.7772385Z ##[endgroup] 2024-03-24T09:19:04.7773553Z ##[group]Determining the checkout info 2024-03-24T09:19:04.7774768Z ##[endgroup] 2024-03-24T09:19:04.7775798Z ##[group]Checking out the ref 2024-03-24T09:19:04.7779978Z [command]/usr/bin/git checkout --progress --force -B github-actions refs/remotes/origin/github-actions 2024-03-24T09:19:04.7830615Z Switched to a new branch 'github-actions' 2024-03-24T09:19:04.7832749Z branch 'github-actions' set up to track 'origin/github-actions'. 2024-03-24T09:19:04.7839283Z ##[endgroup] 2024-03-24T09:19:04.7871945Z [command]/usr/bin/git log -1 --format='%H' 2024-03-24T09:19:04.7895428Z '4ccd11459defdd58422b4b4cb9703039c8d16bf7' 2024-03-24T09:19:04.7903945Z ##[group]Removing auth 2024-03-24T09:19:04.7907528Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-03-24T09:19:04.7935369Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-03-24T09:19:04.8159729Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-03-24T09:19:04.8181613Z http.https://github.com/.extraheader 2024-03-24T09:19:04.8189075Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader 2024-03-24T09:19:04.8217450Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-03-24T09:19:04.8435650Z ##[endgroup] 2024-03-24T09:19:04.8736221Z ##[group]Run actions/setup-node@v4 2024-03-24T09:19:04.8736677Z with: 2024-03-24T09:19:04.8736952Z node-version: 18 2024-03-24T09:19:04.8737384Z cache: yarn 2024-03-24T09:19:04.8737696Z always-auth: false 2024-03-24T09:19:04.8738004Z check-latest: false 2024-03-24T09:19:04.8738593Z token: *** 2024-03-24T09:19:04.8738921Z ##[endgroup] 2024-03-24T09:19:05.0711153Z Found in cache @ /opt/hostedtoolcache/node/18.19.1/x64 2024-03-24T09:19:05.0725832Z ##[group]Environment details 2024-03-24T09:19:05.4440880Z node: v18.19.1 2024-03-24T09:19:05.4441704Z npm: 10.2.4 2024-03-24T09:19:05.4442173Z yarn: 1.22.22 2024-03-24T09:19:05.4444027Z ##[endgroup] 2024-03-24T09:19:05.4464100Z [command]/usr/local/bin/yarn --version 2024-03-24T09:19:05.5845902Z 1.22.22 2024-03-24T09:19:05.5953867Z [command]/usr/local/bin/yarn cache dir 2024-03-24T09:19:05.7877932Z /home/runner/.cache/yarn/v6 2024-03-24T09:19:05.8371471Z ##[error]Dependencies lock file is not found in /home/runner/work/node-pg-types/node-pg-types. Supported file patterns: yarn.lock 2024-03-24T09:19:05.8512312Z Post job cleanup. 2024-03-24T09:19:05.9233526Z [command]/usr/bin/git version 2024-03-24T09:19:05.9272657Z git version 2.43.2 2024-03-24T09:19:05.9314923Z Temporarily overriding HOME='/home/runner/work/_temp/fe6728e7-d635-4abb-afde-2f53904bc9fa' before making global git config changes 2024-03-24T09:19:05.9316646Z Adding repository directory to the temporary git global config as a safe directory 2024-03-24T09:19:05.9320566Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/node-pg-types/node-pg-types 2024-03-24T09:19:05.9354158Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-03-24T09:19:05.9385716Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-03-24T09:19:05.9621370Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-03-24T09:19:05.9650432Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-03-24T09:19:06.0080274Z Cleaning up orphan processes ```

[bendrucker]

"Sneak" is the wrong word, but ultimately there was an unrelated change (using Yarn) proposed that didn't need to be, which then necessitated another unrelated change (a lockfile). The GHA workflow is an unqualified improvement, thank you! There's more discussion/work needed on the lockfile and I don't have the time to devote to that right now.