Comments (7)
As far as I've looked into it, upstream does not have that issue because they don't run npm audit fix
during build. So maybe we should not either? (I mean the docker build continues because of the || true
so we do skip it). If we want to actually run npm audit fix
we could replace the $tailwindcss
manually with the concrete version of the dependency (e.g. 3.3.2
) or remove overrides.tailwindcss
.
Not sure what else can be done about this. I mean this is probably a bug in npm/cli.
When I run this locally, the debug file is gone, before I can check the contents.
You could add --rm=false
to the docker build
command so the temporary container does not get removed and then you should be able to inspect the file. If you run the build manually it will be easier to see the error.
(I've attached an excerpt with the relevant traceback, if you are interested.)
from bw_web_builds.
I do not know what the best option here is. Does this mean that the entire npm audit failed and was rolled back, or does it only mean that tailwinds or the module that requires tailwinds was not updated/fixed?
Either way, if this project wants the npm audit to succeed, your 2 suggestions seem the only viable way.
If not, it can be left as is, since maybe it will be fixed automatically when the module maintainers change the dependencies.
You could add --rm=false to the docker build
I was actually using make full
thus no docker, but when I tried to list the contents of the file (while the rest of the build process was still running), the file was no longer on my local disk. Weird.
I certainly could find a way to get this done, but often these debug files are rather useless.
from bw_web_builds.
Shall I close this issue or should I leave it open?
from bw_web_builds.
I would leave it open so we have a place to discuss if and how we want to address this. Personally, I would probably opt to not use npm audit fix
and I'd rather we follow upstream and just use the versions they have used.
I'm also not sure if we currently have the resources to actively maintain a fork of the web vault in case we want to keep dependencies up-to-date ourselves, but we could at least have a way (cf. #137) to keep track of such changes (which would be important for supply chain security).
Does this mean that the entire npm audit failed and was rolled back, or does it only mean that tailwinds or the module that requires tailwinds was not updated/fixed?
It means the former i.e. there are no packages updated because npm audit fix
fails to even generate a new package tree.
I was actually using make full thus no docker, but when I tried to list the contents of the file (while the rest of the build process was still running), the file was no longer on my local disk. Weird.
Sorry, I was assuming you used docker because of the quoted RUN npm audit fix || true
. You'll have to remove the || true
from scripts/build_web_vault.sh
so it stops there and you can inspect the file, because I think the next npm
command probably deleted the file - not sure why though because npm says that it will delete the oldest log files first. (Maybe cleaning the _logs
directory manually will solve the problem.)
from bw_web_builds.
I would leave it open
You got it.
It means the former
Thanks for the info.
I was assuming you used docker because of the quoted
RUN npm audit fix || true
.
Yeah, I thought that pointing to the error in the gh pipeline of this repo makes more sense than posting local info.
from bw_web_builds.
This is fixed by using node18.x instead of node16.x. See the EBADENGINE
warning here: https://github.com/dani-garcia/bw_web_builds/actions/runs/5842418493/job/15843518701#step:8:290
from bw_web_builds.
@AlexanderS No. The EBADENGINE
issue has been pointed out in #136 and has nothing to do with the error reported here. Building the project with node v18.17.1 will still fail if I remove the || true
from the npm audit fix
command.
Cf. the attached 2023-08-31T17_32_07_659Z-debug-0.log (or my previous excerpt with node v18.16.0).
from bw_web_builds.
Related Issues (20)
- GPG key used for releases package is expired HOT 2
- problem with creating new accounts in version 2022.11.1 HOT 3
- Link to 2FA recovery might not work properly HOT 2
- AGPL? HOT 3
- Unable to build on macOS HOT 2
- something off with version number
- Diagnostic page web version check HOT 1
- Would you mind offer the resources to be in the correct tree structure? HOT 1
- Link to Vaultwarden Github repository in footer HOT 11
- build web-vault v2023.5.0 patch HOT 1
- Web vault loads Ukraine hymn HOT 6
- Wrong web-vault version in diagnostic admin panel HOT 2
- Master password: input is required HOT 4
- Considering update to node 18? HOT 9
- Rethinking the web-vault repository HOT 3
- Remove version display on the frontpage. HOT 2
- BUG: importing json HOT 2
- how are assets created? HOT 4
- Current install instructions fail HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bw_web_builds.