Skip to content

Commit 21fc2cf

Browse files
B4nanclaude
B4nan
and
claude
authored
chore: migrate to pnpm and enable minimum release age (#534)
## Summary Migrates fingerprint-suite from npm to pnpm as part of an org-wide supply-chain hardening effort, aligning with the patterns established in apify/apify-shared-js#616, apify/actor-scraper#273 and apify/got-scraping#175. Enables a 24-hour `minimumReleaseAge` for third-party packages both at install time (via `pnpm-workspace.yaml`) and at dependency-update time (via `renovate.json`). `@apify/*` and `@crawlee/*` are excluded so our own releases can still be consumed immediately. ## Changes - Replace `package-lock.json` with `pnpm-lock.yaml`. - Move `workspaces` config from `package.json` to `pnpm-workspace.yaml` and add `minimumReleaseAge` settings with an exclude list for `@apify/*` and `@crawlee/*`. - Switch internal cross-package dependencies (`generative-bayesian-network`, `header-generator`, `fingerprint-generator`) to the `workspace:*` protocol so pnpm links the local copies rather than fetching from the registry. - Add `.npmrc` with `node-linker=hoisted`, `link-workspace-packages=true`, `prefer-workspace-packages=true`, `public-hoist-pattern[]=*`; drop `.npmrc` from `.gitignore`. - Add reusable composite action `.github/actions/pnpm-install` and use it from every workflow that installs deps (`test-and-sync`, `publish-to-npm`, `e2e-benchmark`, `model-updater`). - Replace all `npm run X` / `npx` with `pnpm X` / `pnpm exec` in root and package scripts and in workflows. - Bump `engines.node` to `>=18.0.0` in every workspace package and update the CI test matrix to `[18, 20, 22, 24]`. - Bump `packageManager` to `pnpm@10.24.0`. - `scripts/publish.sh` uses `pnpm publish --no-git-checks`. - Update `renovate.json`: add `"minimumReleaseAge": "1 day"` and `"internalChecksFilter": "strict"`, remove the legacy `"constraints": { "npm": "^7.0.0" }`, and add a package rule that sets `minimumReleaseAge: 0 days` for `@apify/*` and `@crawlee/*`. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 4ccb779 commit 21fc2cf

19 files changed

Lines changed: 5565 additions & 13367 deletions

File tree

.github/workflows/e2e-benchmark.yml

Lines changed: 4 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -17,24 +17,16 @@ jobs:
1717
with:
1818
node-version: 24
1919

20-
- name: Cache Node Modules
21-
uses: actions/cache@v5
22-
with:
23-
path: |
24-
node_modules
25-
key: cache-${{ github.run_id }}
26-
27-
- name: Install Dependencies
28-
run: npm ci
20+
- uses: apify/workflows/pnpm-install@main
2921

3022
- name: Install browsers
31-
run: npx playwright install
23+
run: pnpm exec playwright install
3224

3325
- name: Build the project
34-
run: npm run build
26+
run: pnpm build
3527

3628
- name: Run benchmarks
37-
run: npm run benchmark
29+
run: pnpm benchmark
3830

3931
- name: Update the benchmark report
4032
uses: stefanzweifel/git-auto-commit-action@v7

.github/workflows/model-updater.yml

Lines changed: 18 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -21,19 +21,10 @@ jobs:
2121
with:
2222
node-version: 24
2323

24-
- name: Cache node modules + browsers
25-
uses: actions/cache@v5
26-
with:
27-
path: |
28-
~/.npm
29-
~/.cache/ms-playwright
30-
key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }}
31-
32-
- name: Install Dependencies
33-
run: npm ci
24+
- uses: apify/workflows/pnpm-install@main
3425

3526
- name: Install Playwright deps
36-
run: npx playwright install
27+
run: pnpm exec playwright install
3728

3829
- name: Install xvfb
3930
run: |
@@ -42,19 +33,19 @@ jobs:
4233
4334
- name: Install Playwright browsers
4435
run: |
45-
npx playwright install webkit
46-
npx playwright install chrome
47-
npx playwright install msedge
36+
pnpm exec playwright install webkit
37+
pnpm exec playwright install chrome
38+
pnpm exec playwright install msedge
4839
4940
- name: Install Playwright deps v2
50-
run: npx playwright install-deps
41+
run: pnpm exec playwright install-deps
5142

5243
- name: Collect HTTP header orders
5344
run: |
5445
xvfb-run -- node ./packages/header-order-collector/collector.js | tee ./packages/header-generator/src/data_files/headers-order.json
5546
5647
- name: Generate model
57-
run: npm run buildNetwork
48+
run: pnpm buildNetwork
5849
env:
5950
APIFY_FINGERPRINT_DATASET_ID: ${{ secrets.APIFY_FINGERPRINT_DATASET_ID }}
6051

@@ -69,7 +60,7 @@ jobs:
6960
./packages/header-generator/src/data_files/input-network-definition.zip
7061
./packages/fingerprint-generator/src/data_files/fingerprint-network-definition.zip
7162
./package.json
72-
./package-lock.json
63+
./pnpm-lock.yaml
7364
7465
test_model_js:
7566
runs-on: ubuntu-22.04
@@ -84,8 +75,7 @@ jobs:
8475
with:
8576
node-version: 24
8677

87-
- name: Install Dependencies
88-
run: npm ci
78+
- uses: apify/workflows/pnpm-install@main
8979

9080
- name: Download artifacts
9181
uses: actions/download-artifact@v8
@@ -99,12 +89,12 @@ jobs:
9989
10090
- name: Test model changes (Node.JS packages)
10191
run: |
102-
npx playwright install --with-deps
103-
npx puppeteer browsers install chrome
104-
npx puppeteer browsers install firefox
92+
pnpm exec playwright install --with-deps
93+
pnpm exec puppeteer browsers install chrome
94+
pnpm exec puppeteer browsers install firefox
10595
106-
npm run build
107-
xvfb-run --auto-servernum -- npm test
96+
pnpm build
97+
xvfb-run --auto-servernum -- pnpm test
10898
10999
test_model_py:
110100
needs: build_model
@@ -124,8 +114,7 @@ jobs:
124114
with:
125115
node-version: 24
126116

127-
- name: Install Dependencies
128-
run: npm ci
117+
- uses: apify/workflows/pnpm-install@main
129118

130119
- uses: actions/download-artifact@v8
131120
with:
@@ -134,10 +123,10 @@ jobs:
134123
- name: Bump package version numbers
135124
id: bump_version
136125
run: |
137-
npm version patch --git-tag-version=false
126+
pnpm version patch --git-tag-version=false
138127
export GIT_TAG=$(node -p "require('./package.json').version")
139128
140-
npm run prerelease
129+
pnpm prerelease
141130
142131
echo "version=${GIT_TAG}" >> $GITHUB_OUTPUT
143132
@@ -164,7 +153,7 @@ jobs:
164153
branch: master
165154
tagging_message: 'v${{ steps.bump_version.outputs.version }}'
166155

167-
file_pattern: './packages/ ./package.json ./package-lock.json ./apify_fingerprint_datapoints/CHANGELOG.md ./pyproject.toml'
156+
file_pattern: './packages/ ./package.json ./pnpm-lock.yaml ./apify_fingerprint_datapoints/CHANGELOG.md ./pyproject.toml'
168157

169158
commit_user_name: 'modelmaker[bot] ⚒️'
170159
commit_user_email: modelmaker[bot]@users.noreply.github.com

.github/workflows/publish-to-npm.yaml

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ jobs:
2626
uses: actions/setup-node@v6
2727
with:
2828
node-version: 24
29-
cache: 'npm'
3029
registry-url: 'https://registry.npmjs.org/'
31-
cache-dependency-path: 'package-lock.json'
30+
31+
- uses: apify/workflows/pnpm-install@main
3232

3333
- name: Turbo cache
3434
id: turbo-cache
@@ -39,23 +39,20 @@ jobs:
3939
restore-keys: |
4040
turbo-${{ github.job }}-${{ github.ref_name }}-
4141
42-
- name: Install Dependencies
43-
run: npm ci
44-
4542
- name: Release latest versions
4643
run: |
4744
git config --global user.name 'Apify Release Bot'
4845
git config --global user.email 'noreply@apify.com'
4946
5047
export GIT_TAG=$(echo $GITHUB_REF | sed 's/refs\/tags\///g')
51-
npm run release
48+
pnpm release
5249
5350
- name: Commit the version bump
5451
uses: stefanzweifel/git-auto-commit-action@v7
5552
with:
5653
branch: master
5754
commit_message: 'chore: [skip ci] sync new package.json versions'
58-
file_pattern: 'package*.json'
55+
file_pattern: 'package*.json pnpm-lock.yaml'
5956
commit_user_name: Apify Bot
6057
commit_user_email: my-github-actions-bot@example.org
6158
commit_author: Apify Bot <apify@apify.com>

.github/workflows/test-and-sync.yml

Lines changed: 9 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -27,17 +27,9 @@ jobs:
2727
with:
2828
node-version: 24
2929

30-
- name: Install Dependencies
31-
run: npm ci
30+
- uses: apify/workflows/pnpm-install@main
3231

33-
- name: Load Cache
34-
uses: actions/cache@v5
35-
with:
36-
path: |
37-
node_modules
38-
key: cache-${{ github.run_id }}
39-
40-
- run: npm run lint
32+
- run: pnpm lint
4133

4234
build_and_test:
4335
name: Build & Test
@@ -56,23 +48,15 @@ jobs:
5648
with:
5749
node-version: ${{ matrix.node-version }}
5850

59-
- name: Cache Node Modules
60-
uses: actions/cache@v5
61-
with:
62-
path: |
63-
node_modules
64-
key: cache-${{ github.run_id }}
65-
66-
- name: Install Dependencies
67-
run: npm ci
51+
- uses: apify/workflows/pnpm-install@main
6852

6953
- name: Install Playwright deps
70-
run: npx playwright install --with-deps
54+
run: pnpm exec playwright install --with-deps
7155

7256
- name: Install Puppeteer deps
7357
run: |
74-
npx puppeteer browsers install chrome
75-
npx puppeteer browsers install firefox
58+
pnpm exec puppeteer browsers install chrome
59+
pnpm exec puppeteer browsers install firefox
7660
7761
- name: Turbo cache
7862
id: turbo-cache
@@ -84,12 +68,12 @@ jobs:
8468
turbo-${{ github.job }}-${{ github.ref_name }}-
8569
8670
- name: Build
87-
run: npm run build
71+
run: pnpm build
8872

8973
- name: Run Windows or MacOs tests
90-
run: npm test
74+
run: pnpm test
9175
if: ${{ matrix.os == 'windows-latest' || matrix.os == 'macos-latest' }}
9276

9377
- name: Run Linux tests
94-
run: xvfb-run --auto-servernum -- npm test
78+
run: xvfb-run --auto-servernum -- pnpm test
9579
if: ${{ matrix.os == 'ubuntu-22.04'}}

.gitignore

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ pids
1414
.idea
1515
.vscode
1616
yarn.lock
17+
.yarn
1718
tmp
1819
jsconfig.json
1920
types
@@ -22,5 +23,4 @@ docs/typedefs
2223
.history
2324
.docusaurus
2425
tsconfig.tsbuildinfo
25-
.turbo
26-
.npmrc
26+
.turbo

.prettierignore

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,7 @@
22
build
33
coverage
44

5-
*.json
5+
*.json
6+
# pnpm
7+
pnpm-lock.yaml
8+
pnpm-workspace.yaml

0 commit comments

Comments
 (0)