Tammy would like to be able to have repeatable automation builds with a BOM file

[seansund]

By default, the automation generation process takes the latest version of the modules available that will satisfy the dependency requirements. This means that from one build to another the versions of the modules used in the output can vary considerably. One workaround for this is to include the version numbers of EVERY module and EVERY dependent module in the BOM. However, this makes the BOM difficult to read and maintain.

---

One option is for every module to be more precise in defining its dependencies. This creates a huge maintenance overhead since every time a dependent module changes we would need to update all the upstream references...

For now, a more direct solution is to allow for a "BOM lock" file to be provided along side the BOM. The BOM lock file contains the details about the module versions and all the dependencies. It should be automatically generated whenever the automation is built from the BOM and should be used if the file is present. We should also provide flags to regenerate the BOM lock file (--new-lock) and ignore reading/writing the BOM lock file (--no-lock)