Conversation
michael-valdron
requested review from
Jdubrick,
JslYoon,
johnmcollier and
thepetk
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: michael-valdron The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Signed-off-by: Michael Valdron <mvaldron@redhat.com>
…der devfile Signed-off-by: Michael Valdron <mvaldron@redhat.com>
Signed-off-by: Michael Valdron <mvaldron@redhat.com>
Signed-off-by: Michael Valdron <mvaldron@redhat.com>
michael-valdron
force-pushed
the
migrate-yarn-v4
branch
from
b1e41cf to
5a79287
Compare
Signed-off-by: Michael Valdron <mvaldron@redhat.com>
Jdubrick
left a comment
Jdubrick
left a comment
There was a problem hiding this comment.
Small comments, generally lgtm
| attributes: | ||
| container-overrides: | ||
| securityContext: | ||
| runAsUser: 1001 |
There was a problem hiding this comment.
Any particular reason for removing this user context? is it just because runAsNonRoot is true and its redundant?
There was a problem hiding this comment.
@Jdubrick Newer OpenShift versions set the uid of the runAsNonRoot user, setting the user to 1001 here causes conflicts now so I had to remove this.
| # Install corepack & node-gyp dependency | ||
| RUN microdnf install -y python3 gcc-c++ make && \ | ||
| npm install --build-from-resource node-gyp && \ | ||
| npm install -g corepack@0.34.6 |
There was a problem hiding this comment.
If possible can we pin this?
There was a problem hiding this comment.
@Jdubrick Cannot further pin (i.e with the package digest) this unless we do so in the package.json, not sure we want to do this for Dockerfile installs.
I did however pin more of them to the specific version rather than a relative pinning with the major.
Dockerfile
Outdated
| npm install -g corepack@0.34.6 | ||
|
|
||
| # Install yarn v4 | ||
| RUN corepack install -g yarn@4 |
There was a problem hiding this comment.
Same as above, is it possible to pin?
Signed-off-by: Michael Valdron <mvaldron@redhat.com>
| RUN microdnf install -y python3 gcc-c++ make && \ | ||
| npm install --build-from-resource node-gyp@12.2.0 && \ | ||
| npm install -g corepack@0.34.6 |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
| RUN microdnf install -y python3 gcc-c++ make && \ | ||
| npm install --build-from-resource node-gyp@12.2.0 && \ | ||
| npm install -g corepack@0.34.6 |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
| curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo && \ | ||
| microdnf install -y yarn | ||
| # Install corepack | ||
| RUN npm install -g corepack@0.34.6 |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
|
|
||
| # Install react-env to update environment variables during runtime | ||
| RUN npm install -g @beam-australia/react-env | ||
| RUN npm install -g @beam-australia/react-env@3.1.1 |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
2 participants
Description of Changes
With yarn classic development slowing down, we are moving to yarn v4 to continue receiving patches and support modern package managers.
Related Issue(s)
resolves devfile/api#1766
Acceptance Criteria
Update the sidebar if there is a new file added or an existing filename is changed
Tests Performed
Explain what tests you personally ran to ensure the changes are functioning as expected.
How To Test
Instructions for the reviewer on how to test your changes.
Notes To Reviewer
Any notes you would like to include for the reviewer.