Level 20
It should work like that and not rewrite anything. How does the "new" package.json file differ from the original one? What does your deployment script and error message look like?
Aug 3, 2019
8
Level 15
npm run prod, commits, and forge
i don't get how the workflow is supposed to be. i develop on my local machine with npm run watch. my package.json and package-lock.json are committed. then i push to github, that sends the hook to forge. forge tries to install the repo but every time it can't because npm run prod generates a different package.json and package-lock.json and it can't merge. that means that every time before pushing my commits, i need to remember to run npm run prod to be sure i'll get the same files than on production. this is dumb. anyway to improve this? i thought that would work like composer, once you get your composer.json and composer.lock, they are not rewritten when installing on the server. but npm rewrites everything, breaking the repository pull.
Level 122
I'm not an npm user, but don't you have to npm install first so that the lock file is used to pull in all the same dependencies?
Level 15
@snapey, I omitted it in my description but npm install is run before npm run prod. the issue is that npm run prod updates package.json and package-lock.json, which then conflicts git tries to pull the update from the repo. see next comment on how those package files change.
Level 15
Here's a part of the diff between the package-json.lock i commit and the one that gets generated by npm run prod:
"ansi-regex": {
"version": "2.1.1",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
"aproba": {
"version": "1.2.0",
@@ -4111,14 +4110,12 @@
"balanced-match": {
"version": "1.0.0",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
the error message i get is just a basic git merge conflict. the npm run prod works well.
my deploy script:
cd /home/forge/hq.sleeplessmind.info
git pull origin master
composer install --no-dev --no-interaction --optimize-autoloader
echo "" | sudo -S service php7.3-fpm reload
npm install
npm run production
what i'm thinking doing is once npm ran, i'll delete both package.json and package-json.lock so that at the next deploy, git can pull. it's dumb, but it should work.
Level 20
It could be caused by a change in how package-lock.json is structured in newer versions of npm, you might be running different versions on your dev machine and prod server.
1 like
Level 88
You have to run npm ci if you want it to install from the package-lock.json file! After that you should be able to run npm run prod on production.
Note that you don't have to commit the generated files, only the package-lock.json file.
2 likes
Level 15
@nash good catch. v12 on my local dev, v10 on production. Still, I don't get the idea behind it. Just for install, I wouldn't expect neither package.json nor package-lock.json to change! Thanks.
1 like
Level 15
@bobbybouwmann thanks! There's a mention in the doc that yes, npm ci doesn't rewrite any package files. Seems the way to go.
Here's the doc for those interested: https://docs.npmjs.com/cli/ci.html
2 likes
Please or to participate in this conversation.