Developers in the 2020s live in a world of vulnerabilities and lots of dependencies. My mantra has been "If it isn't used in production, it should not be in production" for a while. I try to implement this in all aspects of my development, but I am having issues with an angular application:
During my CI/CD pipeline I execute the following commands:
- During the staging step:
npm ci- installing the dependenciesng build- building the angular application for testing
- During the testing step:
npm run test-headless(translates tong test --watch=false --browsers=ChromeHeadless) - perform headless testing
- During Prod Deploy step: (different node)
npm ci --omit=dev- install w/o devDependenciesng build --base-href "https://${SITE_FQDN}"
The issue is that the final ng build step fails on the postinstall phase since ngcc is not installed (because it is a devDependency)
Searching around there are many questions about production versions and devDependencies .. even articles about there no longer being a dev build
I am brimming with questions at this point, feeling that I have no control or overview of what I am putting in production, but the main question is:
How do I ensure that what I produce with ng build is production ready without all the development bindings and devDependencies?
