Open mturley opened 2 years ago
Hello @mturley,
Thanks for the feedback. We are already aware of that problem and going to introduce a support of workspaces soon. Until that time I would suggest to not use the npm v7 feature in package.json.
Thanks @serg-cymbaluk !
Hello @serg-cymbaluk, would you please be able to provide a time frame for the workspace support ? The reason is we have another project release in a couple of sprints and we would like to have the feature for our monorepo structure.
The corresponding changes are already in 'master': https://github.com/containerbuildsystem/cachito/commit/947ea277e78684213be4fbbec013188a3a69012b
@gildub We plan to release the above mentioned changes on February 22nd.
@seg-cymbaluk, @nirzari,
That's great. Thank you for the update.
In https://github.com/konveyor/forklift-ui we're attempting to use the npm workspaces feature (new since npm v7) to manage our monorepo in the style of lerna / yarn workspaces but with simplified tooling. Our repo has a
pkg
subdirectory containingweb
,api
, andqe-tests
packages with their own package.json files, and the root package-lock.json file ends up with these lines:When Cachito encounters this lockfile, it fails with the following error:
Cachito appears to support
file:*
version specs for dependencies via settingcachito_npm_file_deps_allowlist
in/etc/cachito/celery.py
to include these packages, but I don't think we have control over the environment this is running in and I am hoping there is a way to allow this from within our repo. Otherwise any repo that uses npm workspaces would need to have those workspace names listed in this allowlist on the host that is running Cachito. It seems like Cachito could just look at theworkspaces
array in the lockfile and ignore packages that use those paths in theirfile:
specs as well. From the top of the lockfile:Ideally, because
pkg/api
is listed there as a workspace,forklift-ui-api@file:pkg/api
should be allowed without being specified incachito_npm_file_deps_allowlist
.