ppalaga commented on pull request #2452: URL: https://github.com/apache/camel-quarkus/pull/2452#issuecomment-815921361
> > Could you please explain the determinism aspect? Is there no way to perform `yarn install` so that the result is the same for everybody? > > In part it depends on how one specifies the versions in `package.json`, as NPM allows loose versions, that's the reason behind the lock files. So a `npm install` or a `yarn install` might not fetch the same version on two occasions (baring the lock file). More details on this can be found here: https://classic.yarnpkg.com/blog/2017/05/31/determinism/ and here https://npm.github.io/npm-like-im-5/npm3/non-determinism.html. Yarn's PnP was rethink of the `node_modules` bit and having the cache in source control is more one step along that path. Isn't `yarn install --immutable` solving the reproducibility problem well enough? The docs says it is the replacement for `--frozen-lockfile` that we used so far. `yarn install --immutable` takes 606ms if the `.yarn` folder is available and up to date. So for local development, the cache folder can just stay outside of git and `yarn install --immutable` invoked by the frontend plugin can care for keeping it up to date if necessary. If the dev does not delete it manually, the rebuilds should be fast. On the CI, it can be cached much like `~/.m2/repository`, no? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
