ci(release): npm install in bump-version.sh

szokeasaurusrex · szokeasaurusrex · commit 5fc937760efd · 2025-09-18T15:32:17.000+02:00
Needed so that the `package-lock.json` remains in sync with the `package.json` after bumping version numbers.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -28,6 +28,8 @@ jobs:
   test_node:
     name: Test Node
     uses: ./.github/workflows/test_node.yml
+    with:
+      triggered-by-release: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'release/') }}
 
   test_swift:
     name: Test Swift
diff --git a/.github/workflows/test_node.yml b/.github/workflows/test_node.yml
@@ -2,6 +2,11 @@ name: Test Node
 
 on:
   workflow_call:
+    inputs:
+      triggered-by-release:
+        type: boolean
+        description: Whether the workflow was triggered by a release
+        default: false
     outputs:
       matrix-result:
         description: 'Matrix job result'
@@ -19,10 +24,17 @@ jobs:
         with:
           node-version-file: package.json
 
+      # We need to skip the fallback download because downloading will fail on release branches because the new version isn't available yet.
+      # We have to use npm here because yarn fails on the non-existing existing optionalDependency version:
+      # https://github.com/yarnpkg/berry/issues/2425#issuecomment-1627807326
+      - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm install --omit=optional --ignore-scripts
+        if: ${{ inputs.triggered-by-release }}
+
       # We need to skip the fallback download because downloading will fail on release branches because the new version isn't available yet.
       # We have to use npm here because yarn fails on the non-existing existing optionalDependency version:
       # https://github.com/yarnpkg/berry/issues/2425#issuecomment-1627807326
       - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm ci
+        if: ${{ !inputs.triggered-by-release }}
 
       - run: npm run check:types
 
@@ -46,7 +58,11 @@ jobs:
       # We need to skip the fallback download because downloading will fail on release branches because the new version isn't available yet.
       # We have to use npm here because yarn fails on the non-existing existing optionalDependency version:
       # https://github.com/yarnpkg/berry/issues/2425#issuecomment-1627807326
-      - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm ci
+      - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm install --omit=optional --ignore-scripts
+        if: ${{ inputs.triggered-by-release }}
+
+      - run: npm ci
+        if: ${{ !inputs.triggered-by-release }}
 
       # older node versions need an older nft
       - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm install @vercel/nft@0.22.1
diff --git a/scripts/bump-version.sh b/scripts/bump-version.sh
@@ -35,3 +35,7 @@ done
 # Update the optional deps in the main cli npm package
 # Requires jq to be installed - should be installed ootb on github runners
 jq '.optionalDependencies |= map_values("'"${TARGET}"'")' $SCRIPT_DIR/../package.json > package.json.tmp && mv package.json.tmp $SCRIPT_DIR/../package.json
+
+# Update the dependencies in the package-lock.json, too, skipping the download
+# because the new version is not published yet.
+SENTRYCLI_SKIP_DOWNLOAD=1 npm install --omit=optional --package-lock-only --ignore-scripts
