[openstreetmap/openstreetmap-website] Upgrade to Yarn v3 (PR #3515)

Wed Apr 27 13:37:15 UTC 2022

> We should wait until dependabot supports yarn 2/3. We use dependabot on this project for the ruby side of things, and we're familiar with it from other projects too. Also given the linked issue has Github staff say they are working on it, then we should wait rather than either disabling it or moving to another provider.

You can still use dependabot for ruby side... You might disable this for yarn deps, so there would not be problems

> The ignore-engines flag (or rather, the fact that yarn 2/3 doesn't support node engine restrictions) is a bit of a red flag for me that yarn 2/3 isn't mature. If we need to add plugins to yarn (e.g. yarn-plugin-engines) then that's extra complexity since yarn 1 provides the same functionality built-in.

I agree, but this feature is not much a problem due to you still ignored engines before the PR (as said in #3275 )

> I think the approach of "install npm to install corepack to install yarn to install the packages" is both a) the right approach and also b) a complete mess. As I said before, we should wait either until we are using a version of node that has corepack built-in (debian/ubuntu packaging caveats apply), or until there's a stronger reason to go down this route. Node is a small part of what we deal with and so all this installation complexity is bad. I want our project-wide installation to be as easy as possible for our contributors, very few of whom are dealing with anything node-related.

For this I agree completely, so it would be better wait instead of close

>     * We have no need to move away from yarn 1 yet.
>     * There is no compelling reason to move to yarn 2/3 yet.

I cannot complain about that, but there are some security reasons, like the lockfile can be easily reviewed and the caching is faster (see below)

> There's other things I noticed in reviewing this PR, but I'm not asking for them to be fixed now given my comments above:
> 
>     * There is a `nodeLinker: node-modules` configuration, but the github actions caching has all been changed so `node_modules` won't get cached. That should be resolved.
> 
>     * There is a change to the eslint version, but that's not explained.
> 
>     * The multi-platform installation notes (INSTALL.md) and the vagrant provisioning script (script/vagrant/setup/provision.sh) also need to be aligned with all these installation changes.

* Should I zip node_modules folder or it would be better zip the cache which builds it? It takes less times zipping zips =)
* The eslint change might be changed, I simply ran yarn dedupe to clean more versions of packages and that was the result... I'm sorry for this
* Yes, maybe some documentation weren't updated yet, but for me it was important solve the others problem

So, good luck and happy coding!

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3515#issuecomment-1111013739
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/3515/c1111013739 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220427/dba91211/attachment.htm>