From 9826efe0596e3bff7704414a095ac3dd65454f10 Mon Sep 17 00:00:00 2001
From: Daniel Szoke <daniel.szoke@sentry.io>
Date: Thu, 18 Sep 2025 12:07:31 +0200
Subject: [PATCH] ci(release): `npm install` in `test_node.yml` on release

`npm ci` will fail here, as the new versions of the optional dependencies are not published yet.

Additionally, add a script to bump the optional dependencies in the package-lock.json after a release is created. Otherwise, `npm ci` will continue to fail after the release, until someone updates the package-lock.json manually.
---
 .craft.yml                      |  1 +
 .github/workflows/ci.yml        |  2 ++
 .github/workflows/test_node.yml | 33 +++++++++++++++++++++++++--------
 scripts/post-release.sh         | 22 ++++++++++++++++++++++
 4 files changed, 50 insertions(+), 8 deletions(-)
 create mode 100644 scripts/post-release.sh

diff --git a/.craft.yml b/.craft.yml
index 56e81e4ab2..0b9c80d94a 100644
--- a/.craft.yml
+++ b/.craft.yml
@@ -1,5 +1,6 @@
 minVersion: 0.23.1
 changelogPolicy: auto
+postReleaseCommand: bash scripts/post-release.sh
 targets:
   - name: gcs
     bucket: sentry-sdk-assets
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 09f95c9941..6b5e2bfaa7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,6 +28,8 @@ jobs:
   test_node:
     name: Test Node
     uses: ./.github/workflows/test_node.yml
+    with:
+      triggered-by-release: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'release/') }}
 
   test_swift:
     name: Test Swift
diff --git a/.github/workflows/test_node.yml b/.github/workflows/test_node.yml
index a7a42c1163..848bb43121 100644
--- a/.github/workflows/test_node.yml
+++ b/.github/workflows/test_node.yml
@@ -2,6 +2,11 @@ name: Test Node
 
 on:
   workflow_call:
+    inputs:
+      triggered-by-release:
+        type: boolean
+        description: Whether the workflow was triggered by a release
+        default: false
     outputs:
       matrix-result:
         description: 'Matrix job result'
@@ -19,10 +24,16 @@ jobs:
         with:
           node-version-file: package.json
 
-      # We need to skip the fallback download because downloading will fail on release branches because the new version isn't available yet.
-      # We have to use npm here because yarn fails on the non-existing existing optionalDependency version:
-      # https://github.com/yarnpkg/berry/issues/2425#issuecomment-1627807326
-      - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm ci
+      - name: Install dependencies via npm ci
+        if: ${{ !inputs.triggered-by-release }}
+        run: npm ci
+
+      # For pushes to the release branch, we need to install the dependencies via `npm install`
+      # because the `package-lock.json` is not updated with the new versions of the optional
+      # dependencies yet. We also must skip the fallback download via --ignore-scripts.
+      - name: Install dependencies via npm install (for pushes to release branch)
+        if: ${{ inputs.triggered-by-release }}
+        run: npm install --omit=optional --ignore-scripts
 
       - run: npm run check:types
 
@@ -43,10 +54,16 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
-      # We need to skip the fallback download because downloading will fail on release branches because the new version isn't available yet.
-      # We have to use npm here because yarn fails on the non-existing existing optionalDependency version:
-      # https://github.com/yarnpkg/berry/issues/2425#issuecomment-1627807326
-      - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm ci
+      - name: Install dependencies via npm ci
+        if: ${{ !inputs.triggered-by-release }}
+        run: npm ci
+
+      # For pushes to the release branch, we need to install the dependencies via `npm install`
+      # because the `package-lock.json` is not updated with the new versions of the optional
+      # dependencies yet. We also must skip the fallback download via --ignore-scripts.
+      - name: Install dependencies via npm install (for pushes to release branch)
+        if: ${{ inputs.triggered-by-release }}
+        run: npm install --omit=optional --ignore-scripts
 
       # older node versions need an older nft
       - run: SENTRYCLI_SKIP_DOWNLOAD=1 npm install @vercel/nft@0.22.1
diff --git a/scripts/post-release.sh b/scripts/post-release.sh
new file mode 100644
index 0000000000..f4249cc94c
--- /dev/null
+++ b/scripts/post-release.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# This script is run by Craft after a release is created.
+# We currently use it to bump the platform-specific optional dependencies to their new versions
+# in the package-lock.json, immediately after a release is created. This is needed for CI to
+# pass after the release is created.c
+
+set -eux
+OLD_VERSION="${1}"
+NEW_VERSION="${2}"
+
+git checkout master
+
+# We need to update the package-lock.json to include the new version of the optional dependencies.
+npm install --package-lock-only
+
+git add package-lock.json
+
+# Only commit if there are changes
+git diff --staged --quiet || git commit -m "build(npm): 🤖 Bump optional dependencies to ${NEW_VERSION}"
+git pull --rebase
+git push