Skip to content

fix: unblock publish job on auto-incrementing release branch#67

Closed
alexmercerpo wants to merge 1 commit into
release/2.14.xfrom
fix/publish-non-immutable-install
Closed

fix: unblock publish job on auto-incrementing release branch#67
alexmercerpo wants to merge 1 commit into
release/2.14.xfrom
fix/publish-non-immutable-install

Conversation

@alexmercerpo

@alexmercerpo alexmercerpo commented Jun 19, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Collaborator

Problem

The Publish Release workflow fails at its very first step (Setup Node + Yarnyarn install --immutable) on release/2.14.x:

The lockfile would have been modified by this install, which is explicitly forbidden.

release/2.14.x is consistent at the package.json level (libs and apps all at 2.14.0), but yarn.lock still carries a disconnected, self-referential cluster of stale @enclave-vm/*@npm:2.13.0 entries (PR #65 did not actually prune them). A clean install prunes that cluster; immutable mode forbids it, so the job dies before any version-bump / lock-sync step runs.

This is structural: release/* is a long-lived, auto-incrementing branch. Its committed lockfile legitimately lags the bumped versions, and the publish job rewrites the lock every run — so an immutable check at setup is the wrong guard there.

Fix

  • Setup Node + Yarninstall: "false" (skip the immutable install)
  • New Install dependencies step → yarn install --no-immutable

The publish job is the source of truth for versions, so it now self-heals lockfile drift instead of deadlocking. The next run prunes the stale entries, computes the next patch (2.14.1, since v2.14.0 is already published/tagged), bumps, syncs the lock, and commits a clean lockfile. Immutable installs still guard normal PR/push CI.

Pairs with the already-merged post-bump Sync lockfile to bumped versions step.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Optimized release workflow's dependency installation to prevent lockfile and version drift issues on long-lived release branches.

@davidantoon @claude
fix: make publish job install non-immutable on release branch
e421eaa 
The publish job's first step ran `yarn install --immutable`, which fails on
a long-lived auto-incrementing release branch whose committed yarn.lock lags
the bumped package.json versions (stale @enclave-vm/*@npm:2.13.0 entries that
a clean install prunes). Immutable mode forbids the prune, so the job died at
setup before any version-bump/lock-sync step could run.

Set `install: "false"` on Setup Node + Yarn and add an explicit
`yarn install --no-immutable` step. The publish job is the source of truth for
versions and rewrites the lock every run, so it self-heals drift instead of
deadlocking. Immutable installs still guard normal PR/push CI.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5b3da84f-7ea0-4f71-b200-9c9b7b540983

📥 Commits

Reviewing files that changed from the base of the PR and between 19720be and e421eaa.

📒 Files selected for processing (1)
  • .github/workflows/publish-release.yml
📝 Walkthrough

Walkthrough

In .github/workflows/publish-release.yml, the Node/Yarn setup step is changed to skip automatic installation via install: "false", and a new "Install dependencies" step is added to run yarn install --no-immutable, with comments explaining the lockfile drift concern on long-lived release branches.

Changes

Release Workflow Dependency Install Fix

Layer / File(s) Summary
Split setup and install steps
.github/workflows/publish-release.yml		 The Node/Yarn setup step sets install: "false" to skip automatic installation; a new subsequent step runs yarn install --no-immutable with comments explaining the lockfile/version drift rationale for the long-lived release branch.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

  • agentfront/enclave#65: Both PRs modify release-related GitHub workflows to use yarn install --no-immutable to prevent lockfile drift before version-bump and sync steps.

Poem

A rabbit hops down the release trail,
No frozen lockfile shall make me fail!
--no-immutable, let the yarn flow free,
Bumping versions as smooth as can be. 🐇🧶
Long-lived branches, no drift for me!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and accurately summarizes the main change: unblocking the publish job on the auto-incrementing release branch by fixing the yarn install lockfile issue.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/publish-non-immutable-install

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexmercerpo @davidantoon