Skip to content

ci(release): disable pnpm 11 verifyDepsBeforeRun to fix ubuntu-arm hang#2290

Merged
peppescg merged 1 commit into
mainfrom
fix/studio-arm-release-verify-deps
May 27, 2026
Merged

ci(release): disable pnpm 11 verifyDepsBeforeRun to fix ubuntu-arm hang#2290
peppescg merged 1 commit into
mainfrom
fix/studio-arm-release-verify-deps

Conversation

@peppescg

@peppescg peppescg commented May 27, 2026

Copy link
Copy Markdown
Collaborator

Summary

Forward-ports the applicable half of stacklok/stacklok-enterprise-platform#1243 (by @lujunsan) to OSS. The Node 24.15.0 pin from that PR is already in .github/actions/setup/action.yaml, but the verifyDepsBeforeRun: false half is not — and OSS reproduces every precondition of the regression resolved on the enterprise overlay.

The bug

Precondition OSS
ubuntu-24.04-arm runner _build-matrix.yml:15, pr-build-test.yml:150, on-release.yml:83
pnpm 11.1.2 (default verifyDepsBeforeRun=true) actions/setup/action.yaml:9
npm version mutates package.json before pnpm run X on-release.yml:111pnpm run publish:170; pr-build-test.yml:187
overrides in pnpm-workspace.yaml (PR #2239)
verifyDepsBeforeRun unset (defaults to true on pnpm 11)

The npm version step mutates package.json. The next pnpm run publish then triggers pnpm 11's verify-deps-before-run second install pass — re-resolves overrides, prunes transitive packages, reruns postinstall: electron-rebuild. On ubuntu-24.04-arm that second pass hangs at end-of-install ~90% of the time in interruptible sleep at ~600MB RSS, blocking the job for 30+ min.

Evidence in OSS release history

Matches the fingerprint exactly:

Release Result
v0.35.3-rc.1 cancelled
v0.35.3-rc.0 failure
v0.35.1 cancelled
v0.35.1-rc.0 cancelled
v0.35.0-rc.1 cancelled
v0.35.0-rc.0 cancelled
v0.34.x and earlier clean (pnpm 10.33.0, no such setting)

v0.35.x is where this started — pnpm 11.1.2 landed via upstream PR #2239 (2026-05-13), which also moved overrides into pnpm-workspace.yaml.

The fix

Single line in pnpm-workspace.yaml:

```yaml
verifyDepsBeforeRun: false
```

Skips the second install pass while keeping pnpm 11.1.2 (so workspace-level overrides still apply correctly). Idempotent on local dev — first `pnpm install` is unaffected; only the pre-script consistency check is dropped.

Why this differs from the enterprise PR

Enterprise vendors studio as a submodule and mutates `pnpm-workspace.yaml` at job-time via `yq -i` (so the mutation lives only during the release job). OSS owns the file, so we set it directly — same effect, simpler.

Test plan

  • CI passes on this PR.
  • Next release / pre-release attempts ship arm artifacts first-try without 30+ min hangs.
  • `pnpm install --frozen-lockfile` continues to work locally and in CI (verified — no lockfile change).

References

🤖 Generated with Claude Code

@peppescg
ci(release): disable pnpm 11 verifyDepsBeforeRun to fix ubuntu-arm hang
c9766a5 
Forward-port (the applicable half) of stacklok/stacklok-enterprise-platform#1243
to OSS. The Node 24.15.0 pin from that PR is already in `.github/actions/setup`,
but the `verifyDepsBeforeRun: false` half is not — and OSS reproduces every
precondition of the regression Luis resolved on the enterprise overlay:

- `ubuntu-24.04-arm` runner in `_build-matrix.yml`, `pr-build-test.yml`,
  `on-release.yml`
- pnpm 11.1.2 (default `verifyDepsBeforeRun=true`)
- `npm version` mutates `package.json` before `pnpm run publish` /
  `pnpm run make`, which makes pnpm 11 trigger a second install pass that
  re-resolves overrides and reruns `postinstall: electron-rebuild`
- overrides moved to `pnpm-workspace.yaml` (upstream PR #2239)

The recent release history matches Luis's documented fingerprint exactly —
v0.35.0-rc.0, v0.35.0-rc.1, v0.35.1-rc.0, v0.35.1, v0.35.3-rc.0, v0.35.3-rc.1
all cancelled or failed on arm. v0.34.x ran on pnpm 10.33.0 (no such setting)
and shipped arm cleanly every time.

Setting `verifyDepsBeforeRun: false` skips the second install pass while
keeping pnpm 11.1.2 (so workspace-level overrides still apply correctly).

Refs: nodejs/node#62253, npm/cli#9118, stacklok/stacklok-enterprise-platform#1243
Copilot AI review requested due to automatic review settings May 27, 2026 16:57
@peppescg peppescg self-assigned this May 27, 2026
Copilot AI reviewed May 27, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Disables pnpm 11’s verify-deps-before-run behavior at the workspace level to prevent CI hangs on ubuntu-24.04-arm when package.json is mutated (e.g., by npm version) and a subsequent pnpm run would otherwise trigger pnpm’s extra verification/install pass.

Changes:

  • Set verifyDepsBeforeRun: false in pnpm-workspace.yaml.
  • Added inline documentation explaining the CI hang scenario and why the setting is needed.

@peppescg peppescg merged commit 84ea56b into main May 27, 2026
18 checks passed
@peppescg peppescg deleted the fix/studio-arm-release-verify-deps branch May 27, 2026 17:05
@claude claude Bot mentioned this pull request May 28, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@reyortiz3 reyortiz3 reyortiz3 approved these changes

Assignees

@peppescg peppescg

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@peppescg @reyortiz3