Add option to avoid installing npm dependencies for a plugin

Question

Add option to avoid installing npm dependencies for a plugin

PhMemmel opened this issue 8 months ago · 2 comments

Like in moodle core github repository where the whole node_modules directory already is being included in the git repository, most repositories of moodle plugins are already "deployment ready" which means, all libraries are already part of the git repository.

Currently, moodle-plugin-ci will execute npm install in the plugin directory anywhere as soon as it finds a package.json file. This however might not be necessary in most cases IMO, in some cases you even want to prevent this (reduce pipeline run time, traffic). Also moodle-plugin-ci will not check the current state of the repository but the eventually changed one (in case package.json is not in sync with the node_modules directory).

I suggest a command line option for the installation command which allows to prevent moodle-plugin-ci of executing the npm install for the plugin.

Answer 1 · 2024-03-07T10:12:45.000Z

Hello @PhMemmel,

Like in moodle core github repository where the whole node_modules directory already is being included in the git repository

That is not the case, and it is generally recommended not to do that. We use shrinkwrap to lock dependencies and include npm-shrinkwrap.json in the repo.

If for whatever reason node_modules is already included in plugin, running npm install will be quick. I do not see the benefits of this patch TBH, would be good to hear more opinions.

Answer 2 · 2024-03-07T10:32:42.000Z

Hello @kabalin,

thanks for correcting me regarding the inclusion of node_modules directory, I was confused by the fact that whenever I'm working in the sourcecode, it's of course there and there are no git issues because it's in the .gitignore file :)

Let me elaborate on my use case besides that:

One of my plugins has (only) npm dev dependencies
npm install also installs dev dependencies
The dev dependencies however are only relevant for the local development process (thus dev dependencies ;-)) and do not need to be installed when running ci checks. After the installation of the dev dependencies locally some of the files of the dependencies will be deployed to another location inside the plugin which is being tracked in git by a npm job, so to use my plugin I do not need the npm at all, it's just for development purposes.
A dependabot pipeline runs on a daily schedule, checks for updates of the npm dev dependencies and sends a MR including the update and the fresh deployment of the needed files from the dev dependencies.
Another pain point for my specific case is that these dev dependencies are located in a private npm registry. So just to prevent npm install from failing the whole pipeline, because the install command of moodle-plugin-ci fails, I would have to provide the pipeline with authentication to this very specific private repository which the pipeline itself does not need because it is not supposed to install dev dependencies anyway.

So I hope you see that there are use cases in which you do not want moodle-plugin-ci to run npm install for your plugin. I agree with you, that usually it's perfectly fine to run npm install, that's why I used an additional command line switch and not change the default behavior.