search

yarnpkg / berry

📦🐈 Active development trunk for Yarn ⚒
https://yarnpkg.com
BSD 2-Clause "Simplified" License
7.38k stars 1.11k forks source link

[Bug?]: `yarn workspaces list --since <sha>` ignores yarn.lock changes #5245

Open runeh opened 1 year ago

runeh commented 1 year ago

Self-service

Describe the bug

yarn workspaces list --since <sha> does not consider changes to yarn.lock when determining if a workspace has been modified.

For example, if there is a change triggered by yarn dedupe, then the packages whose resolved dependencies changed are not included in the output of the list command.

The same likely applies to using the --since argument with workspaces foreach. They both use the same code path for this https://github.com/yarnpkg/berry/blob/3bf438d259b6db462a3591a080d61c3cb4a39e87/packages/plugin-git/sources/gitUtils.ts#L352

To reproduce

There's a repo here: https://github.com/runeh/yarn-list-repro

To reproduce:

Run yarn workspaces list --json -R --verbose --since=4fad77b815dbd49350b4faa53e93914909feaeb5

Expected result:

Shows the pkg1 workspace as changed, due to the resolved version of date-fns in yarn.lock changing.

Actual:

Shows no workspaces as changed

Environment

System:
  OS: macOS 13.0.1
  CPU: (10) arm64 Apple M1 Pro
Binaries:
  Node: 16.15.0 - /private/var/folders/cs/kxlm10p53_g7tvptsrw889br0000gn/T/xfs-c6d8d539/node
  Yarn: 3.3.0 - /private/var/folders/cs/kxlm10p53_g7tvptsrw889br0000gn/T/xfs-c6d8d539/yarn
  npm: 8.11.0 - ~/.nvm/versions/node/v16.15.0/bin/npm

Additional context

No response

MatthewMaclean commented 1 year ago

In most cases, you wouldn't want an update to yarn.lock to trigger this because an update to a package.json in any workspace can update it. That said, I'm about to do a yarn dedupe change and will experience the exact same issue that you're describing.

I don't think updating a workspace's package.json is ever fully isolated, but at least in my team's repo, we're fine with it not triggering CI/CD on all packages. I can see the value in it being more configurable at least.

Looks like this is similar to: https://github.com/yarnpkg/berry/issues/4610

runeh commented 1 year ago

In most cases, you wouldn't want an update to yarn.lock to trigger this [..]

What does "this" refer here?

In my case I want to use --since to find what apps in a monorepo to build. The package.json files are irrelevant. The yarn.lock is the source of truth for this.