Error on yarn install if the lockfile is out of date (#453)

Error on yarn install if the lockfile is out of date

Error on yarn install if the lockfile is out of date (#453)
Error on yarn install if the lockfile is out of date
c02a4b97 · Jeremy Morrell · GitHub · 4a7f4c71 · c02a4b97 · c02a4b97
Commit c02a4b97 authored Jul 24, 2017 by Jeremy Morrell Committed by GitHub Jul 24, 2017
6 changed files
--- a/bin/compile
+++ b/bin/compile
@@ -41,6 +41,7 @@ echo "" > "$LOG_FILE"
 handle_failure() {
  header "Build failed"
+  fail_yarn_lockfile_outdated "$LOG_FILE"
  warn_untracked_dependencies "$LOG_FILE"
  warn_angular_resolution "$LOG_FILE"
  warn_missing_devdeps "$LOG_FILE"

--- a/lib/dependencies.sh
+++ b/lib/dependencies.sh
@@ -59,12 +59,27 @@ log_build_scripts() {
  fi
 }
+yarn_supports_frozen_lockfile() {
+  local yarn_version="$(yarn --version)"
+  # Yarn versions lower than 0.19 will crash if passed --frozen-lockfile
+  if [[ "$yarn_version" =~ ^0\.(16|17|18).*$ ]]; then
+    mcount "yarn.doesnt-support-frozen-lockfile"
+    false
+  else
+    true
+  fi
+}
 yarn_node_modules() {
  local build_dir=${1:-}
  echo "Installing node modules (yarn.lock)"
  cd "$build_dir"
-  yarn install --pure-lockfile --ignore-engines 2>&1
+  if yarn_supports_frozen_lockfile; then
+    yarn install --frozen-lockfile --ignore-engines 2>&1
+  else
+    yarn install --pure-lockfile --ignore-engines 2>&1
+  fi
 }
 npm_node_modules() {

--- a/lib/failure.sh
+++ b/lib/failure.sh
@@ -116,6 +116,29 @@ fail_multiple_lockfiles() {
  fi
 }
+fail_yarn_lockfile_outdated() {
+  local log_file="$1"
+  if grep -qi 'error Your lockfile needs to be updated' "$log_file"; then
+    mcount "failures.outdated-yarn-lockfile"
+    echo ""
+    warn "Outdated Yarn lockfile
+       Your application contains a Yarn lockfile (yarn.lock) which does not 
+       match the dependencies in package.json. This can happen if you use npm
+       to install or update a dependency instead of Yarn.
+       Please run the following command in your application directory and check
+       in the new yarn.lock file:
+       $ yarn install
+       $ git add yarn.lock
+       $ git commit -m \"Updated Yarn lockfile\"
+       $ git push heroku master
+    " https://kb.heroku.com/why-is-my-node-js-build-failing-because-of-an-outdated-yarn-lockfile
+    exit 1
+  fi
+}
 warning() {
  local tip=${1:-}
  local url=${2:-https://devcenter.heroku.com/articles/nodejs-support}

--- a/test/fixtures/yarn-lockfile-out-of-date/package.json
+++ b/test/fixtures/yarn-lockfile-out-of-date/package.json
+{
+  "name": "yarn",
+  "version": "1.0.0",
+  "main": "index.js",
+  "license": "MIT",
+  "dependencies": {
+    "lodash": "4.17.4"
+  }
+}
--- a/test/fixtures/yarn-lockfile-out-of-date/yarn.lock
+++ b/test/fixtures/yarn-lockfile-out-of-date/yarn.lock
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+lodash@4.16.0:
+  version "4.16.0"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.16.0.tgz#834cb785057157032242beaf101bb3d99e55d0d8"
--- a/test/run
+++ b/test/run
@@ -129,6 +129,14 @@ testErrorYarnAndNpmShrinkwrap() {
  assertCapturedError
 }
+testYarnLockfileOutOfDate() {
+  compile "yarn-lockfile-out-of-date"
+  assertCaptured "error Your lockfile needs to be updated"
+  assertCaptured "Outdated Yarn lockfile"
+  assertCaptured "https://kb.heroku.com/why-is-my-node-js-build-failing-because-of-an-outdated-yarn-lockfile"
+  assertCapturedError
+}
 testDefaultToNpm5() {
  compile "npm-lockfile-no-version"
  assertCaptured "Detected package-lock.json"