[英]How should I handle package-lock.json when I deploy from git via ssh?
I have a deployment process where I check code into a git repository, and via web hooks a deployment script is run on the production server. 我有一个部署过程,在该过程中,我将代码检入git存储库,并通过Web挂钩在生产服务器上运行部署脚本。 On that server, I connect to git using ssh and a .pem key, pull from git, npm install, build webpack and restart the service process.
在该服务器上,我使用ssh和.pem密钥连接到git,从git中拉出,安装npm,构建webpack并重新启动服务过程。
I never intend to commit anything from the prod servers - they should be able to deploy automatically. 我从不打算从生产服务器提交任何东西-它们应该能够自动部署。 However, this does not work, because the
package-lock.json
file is frequently updated when I run npm install
, and so the next time I deploy, the git pull
step fails, saying that I conflict with existing package-lock.json
file because it has changes that are not committed. 但是,这不起作用,因为当我运行
npm install
, package-lock.json
文件会经常更新,因此,下次我部署时, git pull
步骤会失败,并说我与现有的package-lock.json
文件冲突。因为它具有未提交的更改。
My current solution is to .gitignore the package-lock.json file. 我当前的解决方案是.gitignore package-lock.json文件。 But that defeats its purpose, to provide builds that are identical to the ones on my dev machine.
但这违背了它的目的,即提供与我的开发机器上相同的构建。
What would be the right way to handle package-lock.json
? 什么是处理
package-lock.json
的正确方法?
There's a helpful StackOverflow Question/Answer about why your package.lock is changing . 有一个有用的StackOverflow问题/答案,关于您的package.lock为何更改 。 The closest most useful answer seems to reference an NPM bug that's seeing much activity here in October 2017 .
最接近,最有用的答案似乎是引用了一个NPM错误,该错误在2017年10月在这里活跃 。
But currently, package.json
overrides package-lock.json
, meaning if you use ~2.1
and there's a 2.2 version of that package, your production deploy will get upgraded. 但目前
package.json
覆盖package-lock.json
,这意味着如果你使用~2.1
,并有一个2.2版本的软件包,您的生产部署将得到升级。
Assuming you're not from the future, there's two different ideas here: 假设您不是未来的人,这里有两种不同的想法:
npm install --no-save
... which doesn't solve the underlaying issue of lock files getting ignored, but I think will keep the package-lock.json
from being updated. npm install --no-save
...不能解决锁定文件被忽略package-lock.json
问题,但是我认为这可以防止package-lock.json
被更新。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.