Remove yarn config files

[alxndrsn]

yarn is no longer used in CI, so yarn-specific config files are no longer required.

[charmander]

Having some kind of lockfile is useful for developers. (Not to mention… CI.) Translate to package-lock.json?

[alxndrsn]

Having some kind of lockfile is useful for developers. (Not to mention… CI.) Translate to package-lock.json?

Added in #157.

[bendrucker]

As noted in #157, lockfiles are useful by default for applications but intentionally not used for most libraries. npm will obey a lockfile in a dependency. We want to test with the latest matching dependency according to the range in the package, not lock. Nor do we want to lock all the dependencies and have to release an update to this package on each new dependency version.

There's a tradeoff here and it's not necessarily wrong to lock library dependencies. But it's not typically the npm way and especially inconvenient for a meta package like this that wires up several smaller packages for complex types.

[charmander]

As noted in #157, lockfiles are useful by default for applications but intentionally not used for most libraries. npm will obey a lockfile in a dependency.

It sounds like you’re referring to npm-shrinkwrap.json. yarn.lock/package-lock.json aren’t published; in a library, they serve to make the full development state for a given revision reproducible.

[bendrucker]

Ah right:

https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#package-lockjson-vs-npm-shrinkwrapjson

The difference is that package-lock.json cannot be published, and it will be ignored if found in any place other than the root project.

Still, the point stands that it doesn't seem lockfiles are actually solving a problem here, and more likely creating one.

sindresorhus/ama#479 (comment)

[charmander]

They solve the problem I mentioned (which pg has been affected by, notably), and their absence isn’t really a solution to the problem sindresorhus mentioned back in 2017 (dependabot is more reliable). Almost the opposite, really: if you run npm update and things suddenly stop working, being able to diff the lockfile because it’s in version control makes for an easy way to know exactly what changed.

Anyway, not that big a deal one way or another for this repo – I’m used to reconstructing dependency trees for a point in time by now. Just wanted to get accurate information out there.

[bendrucker]

Right, the GHA addition is overdue and very valuable. I understand that lockfile benefits apply to library developers. Unlike applications, there's a real tradeoff to be considered. I'm unpersuaded that libraries having lockfiles is the right default. Tooling has improved since in the last 5 years but the need to configure and operate it is still extra work.

Definitely not something to sneak in alongside other changes. If someone wants to do the work to run tests both with and without a lockfile in GHA I'm happy to review that PR.

[alxndrsn]

Definitely not something to sneak in alongside other changes.

The lockfile was introduced in #152, and mentioned clearly in the PR description.

A build without yarn.lock can be seen at https://github.com/alxndrsn/node-pg-types/actions/runs/8408288755/job/23024258952#step:3:19; I include the logs here:

2024-03-24T09:19:00.2730977Z Current runner version: '2.314.1'
2024-03-24T09:19:00.2754139Z ##[group]Operating System
2024-03-24T09:19:00.2754904Z Ubuntu
2024-03-24T09:19:00.2755249Z 22.04.4
2024-03-24T09:19:00.2755562Z LTS
2024-03-24T09:19:00.2755973Z ##[endgroup]
2024-03-24T09:19:00.2756366Z ##[group]Runner Image
2024-03-24T09:19:00.2756759Z Image: ubuntu-22.04
2024-03-24T09:19:00.2757235Z Version: 20240317.1.0
2024-03-24T09:19:00.2758234Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240317.1/images/ubuntu/Ubuntu2204-Readme.md
2024-03-24T09:19:00.2759670Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240317.1
2024-03-24T09:19:00.2760558Z ##[endgroup]
2024-03-24T09:19:00.2760962Z ##[group]Runner Image Provisioner
2024-03-24T09:19:00.2761439Z 2.0.359.1
2024-03-24T09:19:00.2761804Z ##[endgroup]
2024-03-24T09:19:00.2762656Z ##[group]GITHUB_TOKEN Permissions
2024-03-24T09:19:00.2764267Z Contents: read
2024-03-24T09:19:00.2764719Z Metadata: read
2024-03-24T09:19:00.2765226Z ##[endgroup]
2024-03-24T09:19:00.2768308Z Secret source: Actions
2024-03-24T09:19:00.2768891Z Prepare workflow directory
2024-03-24T09:19:00.3389946Z Prepare all required actions
2024-03-24T09:19:00.3543545Z Getting action download info
2024-03-24T09:19:00.5016534Z Download action repository 'actions/checkout@v4' (SHA:b4ffde65f46336ab88eb53be808477a3936bae11)
2024-03-24T09:19:00.6433804Z Download action repository 'actions/setup-node@v4' (SHA:60edb5dd545a775178f52524783378180af0d1f8)
2024-03-24T09:19:00.9556068Z Complete job name: lint
2024-03-24T09:19:01.0478778Z ##[group]Run actions/checkout@v4
2024-03-24T09:19:01.0479425Z with:
2024-03-24T09:19:01.0479847Z   persist-credentials: false
2024-03-24T09:19:01.0480375Z   repository: alxndrsn/node-pg-types
2024-03-24T09:19:01.0481139Z   token: ***
2024-03-24T09:19:01.0481553Z   ssh-strict: true
2024-03-24T09:19:01.0481941Z   clean: true
2024-03-24T09:19:01.0482381Z   sparse-checkout-cone-mode: true
2024-03-24T09:19:01.0482911Z   fetch-depth: 1
2024-03-24T09:19:01.0483314Z   fetch-tags: false
2024-03-24T09:19:01.0483750Z   show-progress: true
2024-03-24T09:19:01.0484174Z   lfs: false
2024-03-24T09:19:01.0484539Z   submodules: false
2024-03-24T09:19:01.0484974Z   set-safe-directory: true
2024-03-24T09:19:01.0485432Z ##[endgroup]
2024-03-24T09:19:04.3820701Z Syncing repository: alxndrsn/node-pg-types
2024-03-24T09:19:04.3822782Z ##[group]Getting Git version info
2024-03-24T09:19:04.3823835Z Working directory is '/home/runner/work/node-pg-types/node-pg-types'
2024-03-24T09:19:04.3825190Z [command]/usr/bin/git version
2024-03-24T09:19:04.3825803Z git version 2.43.2
2024-03-24T09:19:04.3827587Z ##[endgroup]
2024-03-24T09:19:04.3890634Z Temporarily overriding HOME='/home/runner/work/_temp/a50fd7bb-6120-4d30-a0d5-c4d9f39951be' before making global git config changes
2024-03-24T09:19:04.3893901Z Adding repository directory to the temporary git global config as a safe directory
2024-03-24T09:19:04.3896480Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/node-pg-types/node-pg-types
2024-03-24T09:19:04.3926453Z Deleting the contents of '/home/runner/work/node-pg-types/node-pg-types'
2024-03-24T09:19:04.3933667Z ##[group]Initializing the repository
2024-03-24T09:19:04.3937673Z [command]/usr/bin/git init /home/runner/work/node-pg-types/node-pg-types
2024-03-24T09:19:04.3988756Z hint: Using 'master' as the name for the initial branch. This default branch name
2024-03-24T09:19:04.3990772Z hint: is subject to change. To configure the initial branch name to use in all
2024-03-24T09:19:04.3992316Z hint: of your new repositories, which will suppress this warning, call:
2024-03-24T09:19:04.3993298Z hint: 
2024-03-24T09:19:04.3993880Z hint: 	git config --global init.defaultBranch <name>
2024-03-24T09:19:04.3994625Z hint: 
2024-03-24T09:19:04.3995314Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2024-03-24T09:19:04.3996517Z hint: 'development'. The just-created branch can be renamed via this command:
2024-03-24T09:19:04.3997544Z hint: 
2024-03-24T09:19:04.3998278Z hint: 	git branch -m <name>
2024-03-24T09:19:04.4001014Z Initialized empty Git repository in /home/runner/work/node-pg-types/node-pg-types/.git/
2024-03-24T09:19:04.4012517Z [command]/usr/bin/git remote add origin https://github.com/alxndrsn/node-pg-types
2024-03-24T09:19:04.4049039Z ##[endgroup]
2024-03-24T09:19:04.4050468Z ##[group]Disabling automatic garbage collection
2024-03-24T09:19:04.4052158Z [command]/usr/bin/git config --local gc.auto 0
2024-03-24T09:19:04.4081492Z ##[endgroup]
2024-03-24T09:19:04.4082895Z ##[group]Setting up auth
2024-03-24T09:19:04.4087496Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2024-03-24T09:19:04.4117331Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-03-24T09:19:04.4389968Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2024-03-24T09:19:04.4418779Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-03-24T09:19:04.4642300Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2024-03-24T09:19:04.4676250Z ##[endgroup]
2024-03-24T09:19:04.4677783Z ##[group]Fetching the repository
2024-03-24T09:19:04.4686557Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +4ccd11459defdd58422b4b4cb9703039c8d16bf7:refs/remotes/origin/github-actions
2024-03-24T09:19:04.7746932Z From https://github.com/alxndrsn/node-pg-types
2024-03-24T09:19:04.7748435Z  * [new ref]         4ccd11459defdd58422b4b4cb9703039c8d16bf7 -> origin/github-actions
2024-03-24T09:19:04.7772385Z ##[endgroup]
2024-03-24T09:19:04.7773553Z ##[group]Determining the checkout info
2024-03-24T09:19:04.7774768Z ##[endgroup]
2024-03-24T09:19:04.7775798Z ##[group]Checking out the ref
2024-03-24T09:19:04.7779978Z [command]/usr/bin/git checkout --progress --force -B github-actions refs/remotes/origin/github-actions
2024-03-24T09:19:04.7830615Z Switched to a new branch 'github-actions'
2024-03-24T09:19:04.7832749Z branch 'github-actions' set up to track 'origin/github-actions'.
2024-03-24T09:19:04.7839283Z ##[endgroup]
2024-03-24T09:19:04.7871945Z [command]/usr/bin/git log -1 --format='%H'
2024-03-24T09:19:04.7895428Z '4ccd11459defdd58422b4b4cb9703039c8d16bf7'
2024-03-24T09:19:04.7903945Z ##[group]Removing auth
2024-03-24T09:19:04.7907528Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2024-03-24T09:19:04.7935369Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-03-24T09:19:04.8159729Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2024-03-24T09:19:04.8181613Z http.https://github.com/.extraheader
2024-03-24T09:19:04.8189075Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2024-03-24T09:19:04.8217450Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-03-24T09:19:04.8435650Z ##[endgroup]
2024-03-24T09:19:04.8736221Z ##[group]Run actions/setup-node@v4
2024-03-24T09:19:04.8736677Z with:
2024-03-24T09:19:04.8736952Z   node-version: 18
2024-03-24T09:19:04.8737384Z   cache: yarn
2024-03-24T09:19:04.8737696Z   always-auth: false
2024-03-24T09:19:04.8738004Z   check-latest: false
2024-03-24T09:19:04.8738593Z   token: ***
2024-03-24T09:19:04.8738921Z ##[endgroup]
2024-03-24T09:19:05.0711153Z Found in cache @ /opt/hostedtoolcache/node/18.19.1/x64
2024-03-24T09:19:05.0725832Z ##[group]Environment details
2024-03-24T09:19:05.4440880Z node: v18.19.1
2024-03-24T09:19:05.4441704Z npm: 10.2.4
2024-03-24T09:19:05.4442173Z yarn: 1.22.22
2024-03-24T09:19:05.4444027Z ##[endgroup]
2024-03-24T09:19:05.4464100Z [command]/usr/local/bin/yarn --version
2024-03-24T09:19:05.5845902Z 1.22.22
2024-03-24T09:19:05.5953867Z [command]/usr/local/bin/yarn cache dir
2024-03-24T09:19:05.7877932Z /home/runner/.cache/yarn/v6
2024-03-24T09:19:05.8371471Z ##[error]Dependencies lock file is not found in /home/runner/work/node-pg-types/node-pg-types. Supported file patterns: yarn.lock
2024-03-24T09:19:05.8512312Z Post job cleanup.
2024-03-24T09:19:05.9233526Z [command]/usr/bin/git version
2024-03-24T09:19:05.9272657Z git version 2.43.2
2024-03-24T09:19:05.9314923Z Temporarily overriding HOME='/home/runner/work/_temp/fe6728e7-d635-4abb-afde-2f53904bc9fa' before making global git config changes
2024-03-24T09:19:05.9316646Z Adding repository directory to the temporary git global config as a safe directory
2024-03-24T09:19:05.9320566Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/node-pg-types/node-pg-types
2024-03-24T09:19:05.9354158Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2024-03-24T09:19:05.9385716Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-03-24T09:19:05.9621370Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2024-03-24T09:19:05.9650432Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-03-24T09:19:06.0080274Z Cleaning up orphan processes

[bendrucker]

"Sneak" is the wrong word, but ultimately there was an unrelated change (using Yarn) proposed that didn't need to be, which then necessitated another unrelated change (a lockfile). The GHA workflow is an unqualified improvement, thank you! There's more discussion/work needed on the lockfile and I don't have the time to devote to that right now.