Skip to content

Commit 2f73d8c

Browse files
joker23joker23
authored
ci: upgrade yarn to 4.x.x (#1390)
This PR will update yarn 3 to yarn 4, with the following addition: 1. delegate subpackages to reference the root `package.json` for yarn version (before, we had specified them individually) 2. combined GHA action for setting up yarn (before almost all of our workflows will have redundant setup steps) 3. add a package minimium age gate set to 3 days (to protect against supply-chain attacks) <-- this is the main reason this PR exists <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches all CI install paths and adds an npm minimum-age gate that can fail builds on brand-new dependencies; no runtime SDK logic changes in the diff shown. > > **Overview** > Upgrades the monorepo from **Yarn 3 to Yarn 4** (`yarn@4.15.0` via root `packageManager` and `.yarn/releases`), and centralizes how CI installs Node/Yarn. > > **CI consolidation:** Dozens of workflows swap `actions/setup-node` plus ad‑hoc `corepack enable` for the composite **`./actions/setup-yarn`** (Node + Corepack). Release setup (`actions/setup-release-node`) uses the same action. **`dependency-scan.yml`** drops its standalone Corepack step. > > **Supply chain:** **`.yarnrc.yml`** adds **`npmMinimalAgeGate: 4320`** (~3 days) so newly published npm packages cannot be installed immediately. > > **Targeted CI fixes:** **Electron** jobs pin **Node 24.15** (matrix and examples) because newer runner Node breaks Electron installs. **`server-ai.yml`** tightens example builds by removing the `-A` flag from `yarn workspaces foreach`. > > **Yarn 4 cleanup:** The vendored **`.yarn/plugins/@yarnpkg/plugin-workspace-tools.cjs`** is removed (behavior expected from Yarn 4 / repo config). Workspace packages stop declaring their own `packageManager`; they inherit the root pin. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9350b92. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
1 parent 21961b0 commit 2f73d8c

66 files changed

Lines changed: 1015 additions & 984 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/akamai-base.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
18-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
18+
- uses: ./actions/setup-yarn
1919
- id: shared
2020
name: Shared CI Steps
2121
uses: ./actions/ci

.github/workflows/akamai-edgekv.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
18-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
18+
- uses: ./actions/setup-yarn
1919
- id: shared
2020
name: Shared CI Steps
2121
uses: ./actions/ci

.github/workflows/akamai-edgeworker-sdk.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
18-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
18+
- uses: ./actions/setup-yarn
1919
with:
2020
node-version: 24.x
2121
registry-url: 'https://registry.npmjs.org'

.github/workflows/browser-nightly.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
id-token: write
1212
steps:
1313
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
14-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
14+
- uses: ./actions/setup-yarn
1515
with:
1616
node-version: 24
1717
- uses: ./actions/run-example

.github/workflows/browser.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323

2424
steps:
2525
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
26-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
26+
- uses: ./actions/setup-yarn
2727
with:
2828
node-version: ${{ matrix.version }}
2929
registry-url: 'https://registry.npmjs.org'
@@ -135,7 +135,7 @@ jobs:
135135
id-token: write
136136
steps:
137137
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
138-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
138+
- uses: ./actions/setup-yarn
139139
with:
140140
node-version: 24
141141
- uses: ./actions/run-example

.github/workflows/cloudflare.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
18-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
18+
- uses: ./actions/setup-yarn
1919
- id: shared
2020
name: Shared CI Steps
2121
uses: ./actions/ci

.github/workflows/combined-browser.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323

2424
steps:
2525
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
26-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
26+
- uses: ./actions/setup-yarn
2727
with:
2828
node-version: ${{ matrix.version }}
2929
registry-url: 'https://registry.npmjs.org'

.github/workflows/common.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
runs-on: ubuntu-latest
1818
steps:
1919
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
20-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
20+
- uses: ./actions/setup-yarn
2121
with:
2222
node-version: 24.x
2323
registry-url: 'https://registry.npmjs.org'

.github/workflows/dependency-scan.yml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,10 @@ jobs:
1212
steps:
1313
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1414

15-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
15+
- uses: ./actions/setup-yarn
1616
with:
1717
node-version: 24.x
1818

19-
- name: Enable corepack
20-
run: corepack enable
21-
2219
- name: Install released package dependencies
2320
run: yarn workspaces focus $(node scripts/released-packages.js)
2421
env:

.github/workflows/electron.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
version: [24.15]
2727
steps:
2828
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
29-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
29+
- uses: ./actions/setup-yarn
3030
with:
3131
node-version: ${{ matrix.version }}
3232
registry-url: 'https://registry.npmjs.org'
@@ -81,7 +81,7 @@ jobs:
8181
id-token: write
8282
steps:
8383
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
84-
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
84+
- uses: ./actions/setup-yarn
8585
with:
8686
node-version: 24.15
8787
- uses: ./actions/run-example

0 commit comments

Comments
 (0)