ci(release): npm install in test_node.yml on release (#2768)

szokeasaurusrex · runningcode · commit fa0522d45a91 · 2025-09-19T19:01:32.000+02:00
`npm ci` will fail here, as the new versions of the optional
dependencies are not published yet.

Additionally, add a script to bump the optional dependencies in the
package-lock.json after a release is created. Otherwise, `npm ci` will
continue to fail after the release, until someone updates the
package-lock.json manually.
diff --git a/.craft.yml b/.craft.yml
@@ -1,5 +1,6 @@
 minVersion: 0.23.1
 changelogPolicy: auto
+postReleaseCommand: bash scripts/post-release.sh
 targets:
   - name: gcs
     bucket: sentry-sdk-assets
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -28,6 +28,8 @@ jobs:
   test_node:
     name: Test Node
     uses: ./.github/workflows/test_node.yml
+    with:
+      triggered-by-release: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'release/') }}
 
   test_swift:
     name: Test Swift
diff --git a/.github/workflows/test_node.yml b/.github/workflows/test_node.yml
@@ -2,6 +2,11 @@ name: Test Node
 
 on:
   workflow_call:
+    inputs:
+      triggered-by-release:
+        type: boolean
+        description: Whether the workflow was triggered by a release
+        default: false
     outputs:
       matrix-result:
         description: 'Matrix job result'
@@ -19,10 +24,16 @@ jobs:
         with:
           node-version-file: package.json
 
-      # We need to skip the fallback download because downloading will fail on release branches because the new version isn't available yet.
-      # We have to use npm here because yarn fails on the non-existing existing optionalDependency version:
-      # https://github.com/yarnpkg/berry/issues/2425#issuecomment-1627807326
-      - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm ci
+      - name: Install dependencies via npm ci
+        if: ${{ !inputs.triggered-by-release }}
+        run: npm ci
+
+      # For pushes to the release branch, we need to install the dependencies via `npm install`
+      # because the `package-lock.json` is not updated with the new versions of the optional
+      # dependencies yet. We also must skip the fallback download via --ignore-scripts.
+      - name: Install dependencies via npm install (for pushes to release branch)
+        if: ${{ inputs.triggered-by-release }}
+        run: npm install --omit=optional --ignore-scripts
 
       - run: npm run check:types
 
@@ -43,10 +54,16 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
-      # We need to skip the fallback download because downloading will fail on release branches because the new version isn't available yet.
-      # We have to use npm here because yarn fails on the non-existing existing optionalDependency version:
-      # https://github.com/yarnpkg/berry/issues/2425#issuecomment-1627807326
-      - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm ci
+      - name: Install dependencies via npm ci
+        if: ${{ !inputs.triggered-by-release }}
+        run: npm ci
+
+      # For pushes to the release branch, we need to install the dependencies via `npm install`
+      # because the `package-lock.json` is not updated with the new versions of the optional
+      # dependencies yet. We also must skip the fallback download via --ignore-scripts.
+      - name: Install dependencies via npm install (for pushes to release branch)
+        if: ${{ inputs.triggered-by-release }}
+        run: npm install --omit=optional --ignore-scripts
 
       # older node versions need an older nft
       - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm install @vercel/nft@0.22.1
diff --git a/scripts/post-release.sh b/scripts/post-release.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# This script is run by Craft after a release is created.
+# We currently use it to bump the platform-specific optional dependencies to their new versions
+# in the package-lock.json, immediately after a release is created. This is needed for CI to
+# pass after the release is created.c
+
+set -eux
+OLD_VERSION="${1}"
+NEW_VERSION="${2}"
+
+git checkout master
+
+# We need to update the package-lock.json to include the new version of the optional dependencies.
+npm install --package-lock-only
+
+git add package-lock.json
+
+# Only commit if there are changes
+git diff --staged --quiet || git commit -m "build(npm): 🤖 Bump optional dependencies to ${NEW_VERSION}"
+git pull --rebase
+git push
