search

waterthetrees / wtt_server

Water The Trees Postgres/Express/Node.js backend
https://waterthetrees.com
Creative Commons Zero v1.0 Universal
0 stars 3 forks source link

Add package-lock.json #113

Closed jazhen closed 2 years ago

jazhen commented 2 years ago

Working on adding a GitHub Action for linting on push, pr and mostly need to add package-lock.json to enable caching node_modules for the CI/CD pipeline.

However it is recommended to commit lock files to vcs.

All supported package managers recommend that you always commit the lockfile, although implementations vary doing so generally provides the following benefits:

  • Enables faster installation for CI and production environments, due to being able to skip package resolution.
  • Describes a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
  • Provides a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself.
  • Facilitates greater visibility of tree changes through readable source control diffs.

https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#working-with-lockfiles

It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on. Additionally, the diffs from these changes are human-readable and will inform you of any changes npm has made to your node_modules, so you can notice if any transitive dependencies were updated, hoisted, etc.

https://docs.npmjs.com/cli/v6/configuring-npm/package-locks#using-locked-packages

Closes #112

zoobot commented 2 years ago

We should change install directions to npm ci so it installs w package lock versions

jazhen commented 2 years ago

@zoobot - Sure, I can do that. The readme for this repo is a bit outdated. I can kind of mirror what wtt_front looks like now. Do you still want the Production section in the readme?

jazhen commented 2 years ago

Actually, wtt_server is not set up well for instructions concerning only this repo. Unlike wtt_front there is not really a way atm to work only in this repo without needing wtt_db and then at that point we probably just want the user to run 80% of the fullstack instructions. I am considering just linking to our waterthetrees/waterthetrees README. Thoughts?

I changed the install directions in waterthetrees/waterthetrees#26.

zoobot commented 2 years ago

@jazhen Linking to the waterthetrees readme sounds good. Its ok if this has its own readme but dev install should go to there at least until we have some kind of curl or postman library. It'd be worth having a curl or postman library of all the posts and gets documented at some point.