Skip to content

Commit 637ee44

Browse files
chore(deps): bump pnpm to v11 (#29)
* chore(deps): bump pnpm to v11 * build: make the pnpm 11 bump pass CI The packageManager bump to pnpm@11.5.2 broke every job: pnpm 11 requires Node >= 22.13 (it loads node:sqlite), but all workflows pinned Node 20, so install crashed before doing anything. - bump node-version 20 -> 22 in all five workflows (test, pr-title, cli-binaries, drift-check, watchdog); binaries still compile under bun, Node is only used for pnpm + tooling scripts - add pnpm-workspace.yaml with two pnpm-11 defaults neutralized: - allowBuilds.lefthook: true — pnpm 11 blocks dependency build scripts by default; lefthook needs its postinstall to install the git hooks - minimumReleaseAge: 0 — pnpm 11's release-age policy rejects deps published inside the cooldown window, which would intermittently fail --frozen-lockfile whenever drift-check bumps @rendobar/sdk the same day it publishes Verified locally: pnpm@11.5.2 install --frozen-lockfile exits 0 with no lockfile drift. --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Abdelrahman Essawy <abdelrahman.mo.essawy@gmail.com>
1 parent 47a3085 commit 637ee44

7 files changed

Lines changed: 19 additions & 6 deletions

File tree

.github/workflows/cli-binaries.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ jobs:
4242

4343
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
4444
with:
45-
node-version: 20
45+
node-version: 22
4646

4747
- name: Get pnpm store directory
4848
shell: bash

.github/workflows/drift-check.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1717
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
1818
with:
19-
node-version: 20
19+
node-version: 22
2020
- name: Compare @rendobar/sdk dep vs npm latest
2121
env:
2222
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-title.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919

2020
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
2121
with:
22-
node-version: 20
22+
node-version: 22
2323
cache: pnpm
2424

2525
- run: pnpm install --frozen-lockfile

.github/workflows/test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323

2424
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
2525
with:
26-
node-version: 20
26+
node-version: 22
2727
cache: pnpm
2828

2929
- uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0

.github/workflows/watchdog.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1818
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
1919
with:
20-
node-version: 20
20+
node-version: 22
2121
- name: Detect silent release skip
2222
env:
2323
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,5 +38,5 @@
3838
"lefthook": "^2.0.0",
3939
"typescript": "^6.0.0"
4040
},
41-
"packageManager": "pnpm@9.15.9"
41+
"packageManager": "pnpm@11.5.2"
4242
}

pnpm-workspace.yaml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
# pnpm 11 blocks dependency build scripts by default. lefthook needs its
2+
# postinstall to install the git hooks behind the commit-msg / pre-commit guards
3+
# (pnpm 9 ran these automatically).
4+
allowBuilds:
5+
lefthook: true
6+
7+
# pnpm 11 also enables a minimumReleaseAge supply-chain policy by default, which
8+
# rejects any dependency published within the cooldown window. The drift-check
9+
# cron bumps @rendobar/sdk to its newest release the same day it publishes, so
10+
# the default would intermittently fail `pnpm install --frozen-lockfile` in CI
11+
# until each release "ages in". Disable it to keep CI deterministic; SDK
12+
# provenance is already covered by npm publish attestations.
13+
minimumReleaseAge: 0

0 commit comments

Comments
 (0)