Page MenuHomePhorge
Create Task
Maniphest T15013

Better handling of node/npm installation for Aphlict
Open, Needs TriagePublic
Actions

Description

The current installation process for Aphlict requires installing an abritrary version of ws. We should probably update the support/aphlict/server to be a proper nodejs project with a package.json and package-lock.json. Doing so will likely make upgrade process more involved requiring the Phorge admin to take manual steps to clean up and update this directory and aphlict service.

Discussion stemming from D25004: Update .gitignore to account for package-lock.json

In D25004#114, @speck wrote:

I was thinking about having it version controlled and I do think that would be a good idea at some point. If we do that now I think that might mess up installations which happen to be running different versions of ws, or the upgrade path would require some additional steps. I think it would be something like

  1. Run npm uninstall
  2. Delete package-lock.json
  3. Upgrade
  4. Run npm ci which should follow the package-lock.json definitions
In D25004#115, @chris wrote:

It _shouldn't_ mess up anything existing, I don't think. It's been a few months since I did a ton with JS so might be forgetting something obvious here, but if anyone already has Aphlict up and running, I'm pretty sure their existing install will be unimpacted by the presence/absense of package-lock.json. If they want to manually update their npm packages, then they might need the additional steps, but pretty sure it won't be disruptive outside of that.

In D25004#120, @tobiaswiese wrote:

The problem with package-lock.json is, that it either generates noise in the working copy (it just changes its content a lot of times during normal operation). And it needs an update every time a dependency (even indirect) got an security related update because production installs will otherwise not pull the updated dependency in.

In D25004#121, @Ekubischta wrote:

What happens if

  • User A has a local, untracked /support/aphlict/server/package-lock.json
  • We update Phorge and start tracking this file
  • User A updates their local install with a git pull

Will this cause a conflict? - I feel like it will..?

In D25004#123, @chris wrote:

Will it cause a conflict or ask the user to commit or stash untracked changes? But yeahhhhhh, will need some human intervention...

Related Objects

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0