How to generate a lockfile for an isolated workspace package

[0x80]

As part of a quest to deploy to Firebase from a monorepo with shared workspace packages, I have created isolate-package.

Firebase tools deploy does not understand monorepos. It wants to upload a self-contained folder and run an install as part of its cloud pipeline.

The isolate process copies relevant content to a folder called "isolate", and makes sure the packages manifest files have file links instead of "workspace:*" to so it can deploy from there as a self-contained directory. It also copies over the lockfile.

This all works fine for NPM and Yarn, because it seems their lockfiles don't have a structure which depends on the shared packages paths.

For PNPM the lockfile is not accepted, as the firebase deploy process (which uses frozen-lockfile) complains that the lockfile will change.

I have tried altering the paths in pnpm-lock.yaml but to no avail. I think part of the problem is that pnpm wants to have very specific versions strings for each local package. When I run pnpm install --ignore-workspace to generate a new lockfile from the location of the isolated directory I see things like this:

dependencies:
      '@gemini/backend':
        specifier: file:packages/backend
        version: file:packages/backend(@google-cloud/[email protected])(@hapi/[email protected])([email protected])
      '@gemini/common':
        specifier: file:packages/common
        version: file:packages/common(@google-cloud/[email protected])(@hapi/[email protected])([email protected])

I wonder if I can maybe just use this generated lockfile for deployment, instead of the original one, but I'm unsure if it respects the absolute versions that were installed according to the original workspace lockfile.

Can someone shed some light on this?

[tilgovi]

pnpm deploy should help with this, and I've opened #10294 to try to make it better!