Commit Graph

1 Commits

Author SHA1 Message Date
George Kalpakas 3f68377c3d ci: check versions of non-local integration project dependencies (#33968)
In order to keep integration tests on CI as determinitstic as possible,
we need to ensure that the same dependencies (including transitive ones)
are installed each time. One way to ensure that is using a lockfile
(such as `yarn.lock`) to pin the dependencies to exact versions. This
works as long as the lockfile itself is in-sync with the corresponding
`package.json`, which specifies the dependencies.

Ideally, we would run `yarn install` with the `--frozen-lockfile` option
to verify that the lockfile is in-sync with `package.json`, but we
cannot do that for integration projects, because we want to be able to
install the locally built Angular packages). Therefore, we must manually
esnure that the integration project lockfiles remain in-sync, which is
error-prone.

This commit introduces a helper script that performs some checks on each
project's (non-local) dependencies:
- Ensure that exact versions (not version ranges) are specified in
  `package.json`. This reduces the probability of installing a breaking
  version of a direct or transitive dependency, in case of an
  out-of-sync lockfile.
- Ensure that the lockfile is in-sync with `package.json` wrt these
  dependencies.

While these checks are not full-proof, they provide yet another line of
defense against indeterminism.

PR Close #33968
2019-11-26 16:08:33 -08:00