setup-node VS yarn

Setup environment with Nodejs and install dependencies with npm install, with Github Actions setup Node

No, PR review isn't the only thing that prevents these from being updated. In the yml it's set to a release branch. So it isn't especially fallible.

https://github.com/actions/setup-node/tree/releases/v2

➜ getting-started-with-act git:(master) act -j build WARN ⚠ You are using Apple M1 chip and you have not specified container architecture, you might encounter issues while running act. If so, try running it with '--container-architecture linux/amd64'. ⚠ [Node.js CI/build] 🚀 Start image=node:16-buster-slim [Node.js CI/build] 🐳 docker pull image=node:16-buster-slim platform= username= forcePull=false [Node.js CI/build] 🐳 docker create image=node:16-buster-slim platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] [Node.js CI/build] 🐳 docker run image=node:16-buster-slim platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] [Node.js CI/build] ☁ git clone 'https://github.com/actions/setup-node' # ref=v3 [Node.js CI/build] ☁ git clone 'https://github.com/actions/cache' # ref=v3 [Node.js CI/build] ☁ git clone 'https://github.com/actions/upload-artifact' # ref=v3 [Node.js CI/build] ⭐ Run Main actions/checkout@v3 [Node.js CI/build] 🐳 docker cp src=/Users/andrewevans/Documents/projects/getting-started-with-act/. dst=/Users/andrewevans/Documents/projects/getting-started-with-act [Node.js CI/build] ✅ Success - Main actions/checkout@v3 [Node.js CI/build] ⭐ Run Main Use Node.js 16.x [Node.js CI/build] 🐳 docker cp src=/Users/andrewevans/.cache/act/actions-setup-node@v3/ dst=/var/run/act/actions/actions-setup-node@v3/ [Node.js CI/build] 🐳 docker exec cmd=[node /var/run/act/actions/actions-setup-node@v3/dist/setup/index.js] user= workdir= [Node.js CI/build] 💬 ::debug::isExplicit: [Node.js CI/build] 💬 ::debug::explicit? false

steps: # Check out the current repository code - uses: actions/checkout@v3 # 3. https://github.com/actions/setup-node#usage - name: Setup node and build Gatsby uses: actions/setup-node@v1 with: node-version: '16.x' cache: 'npm' - run: npm install # This triggers `gatsby build` script in "package.json" - run: npm run build # 4. Deploy the gatsby build to Netlify - name: Deploy to netlify uses: netlify/actions/cli@master env: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} with: # 5. "gatsby build" creates "public" folder, which is what we are deploying args: deploy --dir=public --prod secrets: '["NETLIFY_AUTH_TOKEN", "NETLIFY_SITE_ID"]'

If you see repeated build or preparation steps that do not change when your codebase changes, look into caching the results. Here is a straightforward guide to caching, but also be aware caching is built into a lot of marketplace actions anyway, e.g. actions/setup-node can cache npm dependencies.

The most popular ones are Node.js, Python, Java JDK, Go, .Net Core SDK.

diff --git a/.github/workflows/gh-pages.yaml b/.github/workflows/gh-pages.yaml index 401fd33..3ddf6dd 100644 --- a/.github/workflows/gh-pages.yaml +++ b/.github/workflows/gh-pages.yaml @@ -11,42 +11,48 @@ on: jobs: deploy: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 + # Ensure that only a single job or workflow + # https://docs.github.com/en/actions/using-jobs/using-concurrency concurrency: + # workflow - The name of the workflow. + # ref - The branch or tag ref that triggered the workflow run. group: ${{ github.workflow }}-${{ github.ref }} steps: - uses: actions/checkout@v3 with: - submodules: true # Fetch Hugo themes (true OR recursive) fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod + # https://github.com/peaceiris/actions-hugo - name: Setup Hugo uses: peaceiris/actions-hugo@v2 with: - hugo-version: '0.91.2' - # extended: true + hugo-version: '0.101.0' + # https://github.com/actions/setup-node - name: Setup Node uses: actions/setup-node@v3 with: - node-version: '14' - - - name: Cache dependencies - uses: actions/cache@v2 - with: - path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- - - - run: npm ci + node-version: '18.7.0' + cache: npm + # The action defaults to search for the dependency file (package-lock.json, + # npm-shrinkwrap.json or yarn.lock) in the repository root, and uses its + # hash as a part of the cache key. + # https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#caching-packages-data + cache-dependency-path: ./blog/package-lock.json + + - name: Install npm dependencies + working-directory: ./blog/ + run: npm ci - name: Build - run: hugo --minify + working-directory: ./blog/ + run: npm run build + # https://github.com/peaceiris/actions-gh-pages - name: Deploy uses: peaceiris/actions-gh-pages@v3 if: ${{ github.ref == 'refs/heads/main' }} with: github_token: ${{ secrets.GITHUB_TOKEN }} - publish_dir: ./public + publish_dir: ./blog/src/public

Well, let’s consider the scenario we had with the DevHub. We were using the third-party action setup-node to install and configure the Node.js programming language. This action lets you specify the node version to install but it can’t be a dynamically acquired value. You either have to hardcode it or interpolate the value.

This is hitting workflows that use caching [1][2].

- [1] https://github.com/actions/setup-node/issues/516

- [2] https://github.com/actions/cache/issues/820

As of now (11:28 UTC) the status page has been updated.

https://www.githubstatus.com

instead. Please refer tothis issue for guidance. Following the instructions in this issue will ensure the correct installation of Yarn.

As an alternative, you can use the Yarn CLI command:

The PR for Auto detect and merge lockfile conflicts provides insight into the latest implementation in /src/lockfile/parse.js.

this this maybe https://github.com/yarnpkg/yarn/issues/8331

Yarn, but you can use npm or pnpm as alternatives to yarn if you prefer.

Yarn definitely shot themselves in the foot badly. PnP identified real problems & came up with a solution, but pnpm is doing a similar set of tricks but in a Node-ecosystem-compatible way, with next to no compatibility issues (versus package maintainers having to each individually support Yarn V2 PnP). Yarn V2 seemingly thought they could get the entire npm package world to switch to yarn, saw their growth & saw the thought-leaders & decided their winning was a fait-accompli.

And they didn't really execute very well... v2 landed, there was controversy, and there's been so little visible or exciting good news about it. It over-played Yarns so hand they renamed Yarn v2 as Berry, just to re-gather the troops & make a staging point forward. But it's still an incredibly hard pill to swallow, and the "yarn (berry) is great, the ecosystem needs to change" attitude seemingly isn't gaining any traction and it's hard to tell where Yarn could go.

In Yarn v3[1], they've introduced a modular "linker" system for how to install packages, that seemingly might get them able to experiment around/play around a little more & be less constrained than the hard-path they'd crusaded for.

One thing I will say for Yarn, that makes me unbelievably happy versus npm (announced during the V2[2] announcement):

> Yarn is first and foremost a Node API that can be used programmatically (via @yarnpkg/core)

Npm is the premier tool for open-source javascript, but it itself is one of the least open-source efforts on the planet. I finally started digging around the npm package and it's underlying cacache cache-structure, and it's just infinitely unpleasant to get started with. There's maybe like 3 articles on the whole planet that have any guidance for what npm is inside, how it works, what you can do with it, how you can hack it. Yarn identifying that the package manager itself is something that developers need access to is a huge win & I want to thank them forever for putting that on their bullet list of great Yarn things.

[1] https://dev.to/arcanis/yarn-3-0-performances-esbuild-better-...

[2] "Yarn's Future - v2 and beyond" https://github.com/yarnpkg/yarn/issues/6953

Unfortunately, as I found out, yarn's resolutions property has a long history of not playing well with optionalDependencies: anything placed into resolutions is treated as required and will abruptly fail to install if it is, for example, a platform-specific package appropriate for your deploy environment but not your dev environment or vice versa, as is the case here.

It was July 2021. I started with [email protected] since I’ve been using it for a long time. Yarn was fast, but soon I met several issues with Yarn Workspaces. E.g., not hoisting dependencies correctly, and tons of issues are tagged with “fixed in modern”, which redirects me to the v2 (berry).

Upgrading dependencies: Yarn 1's yarn upgradeonly upgrades direct dependencies of the current workspace. Yarn 2's up ignores the version ranges in your package.json and upgrades for all workspaces. npm's and pnpm'supdate respect your version ranges and upgrade indirect dependencies as well.