Bug 1206381 - Add npm-shrinkwrap.json to pin grunt build dependencies

Whilst the packages listed in package.json are pinned to exact versions, they will have their own dependencies, which may be specified via version ranges. In order to make production/local behaviour more deterministic, these can be pinned too, using `npm shrinkwrap`. However the stock shrinkwrap command has a few deficiencies, so we're using a wrapper around it: https://github.com/uber/npm-shrinkwrap Note: Only packages listed under `dependencies` will be shrinkwrapped, not those under `devDependencies`. This is because using the `--dev` option (which would include the dev packages in npm-shrinkwrap.json) means there would then be no way to way to exclude the dev packages when installing in production. For more information about shrinkwrap in general, see: https://docs.npmjs.com/cli/shrinkwrap http://tilomitra.com/why-you-should-use-npm-shrinkwrap/ https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/
2015-09-22 18:46:44 +01:00 · 2015-09-22 18:46:44 +01:00 · 27941c32d9
--- a/docs/common_tasks.rst
+++ b/docs/common_tasks.rst
@ -208,3 +208,26 @@ To do this:
 * Tell people to visit: ``https://<your-username>.github.io/treeherder/ui/``

 There is no need to perform a ``grunt build`` prior. After switching away from the local gh-pages branch, you will need to recreate ``ui/js/config/local.conf.js`` if desired, due to the ``git add -f``.
+
+Updating packages in package.json
+---------------------------------
+
+If the package is required in production/during deployment (ie: will be listed under
+`dependencies` rather than `devDependencies`), the following update process must be
+followed:
+
+* Follow the instructions for installing `nodejs` and `build-essential` `here <https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions>`_.
+
+* Update the package list in ``package.json``, making sure to specify an exact version, and not tilde or caret range notation.
+
+* From the root of the Treeherder repo, run:
+
+  .. code-block:: bash
+
+     > npm install
+     # npm-shrinkwrap fixes some of the deficiencies of the in-built shrinkwrap
+     > sudo npm install -g npm-shrinkwrap
+     # Adds the packages listed under `dependencies` to npm-shrinkwrap.json
+     > npm-shrinkwrap
+
+* Now commit the changes to both ``package.json`` and ``npm-shrinkwrap.json``.
--- a/npm-shrinkwrap.json
+++ b/npm-shrinkwrap.json