ci: use pnpm publish to resolve workspace dependencies#1651
ci: use pnpm publish to resolve workspace dependencies#1651
Conversation
commit: |
📝 WalkthroughWalkthroughThe release workflow in Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/release.yml:
- Line 39: The publish step currently runs "pnpm publish --no-git-checks" which
will publish a scoped package as restricted; update the publish command to
include the access flag by changing the run invocation that uses pnpm publish
(the line containing "pnpm publish --no-git-checks") to add "--access public" so
the final command is "pnpm publish --no-git-checks --access public".
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: a85a724e-e1b1-46c8-9ca0-95a5930fcfbc
📒 Files selected for processing (1)
.github/workflows/release.yml
|
|
||
| - name: 📦 Release | ||
| run: npm publish --access public | ||
| run: pnpm publish --no-git-checks |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
For pnpm v10+, when publishing a scoped package, what is the default access if --access is omitted, and does pnpm follow npm’s default behavior? Please include pnpm docs and npm docs links.
💡 Result:
Default access (pnpm v10+) when --access is omitted (scoped packages)
For a scoped package (e.g. @scope/name), if you run pnpm publish without --access, the publish ends up using the registry’s default access behavior—i.e. restricted (private) for scoped packages (same as npm). pnpm documents --access only as a way to tell the registry whether the package should be public or restricted, but does not document a different pnpm-specific default. [1]
Does pnpm follow npm’s default behavior?
Yes—effectively pnpm follows npm’s default behavior here: npm’s CLI docs explicitly state the default is restricted for scoped packages (and public for unscoped). [2] npm’s scoped-package publishing docs also restate that scoped packages are private by default unless you publish with --access public. [3]
Docs links:
pnpm publish (v10.x): https://pnpm.io/cli/publish
npm publish (CLI docs): https://docs.npmjs.com/cli/v8/commands/npm-publish/
npm scoped public packages guide: https://docs.npmjs.com/creating-and-publishing-scoped-public-packages
Sources: pnpm CLI docs for pnpm publish / --access behavior [1]; npm CLI docs for npm publish default access [2]; npm scoped package publishing guide (private by default) [3].
[1] (pnpm.io)
[2] (docs.npmjs.com)
[3] (docs.npmjs.com)
Citations:
- 1: https://pnpm.io/cli/publish
- 2: https://docs.npmjs.com/cli/v8/commands/npm-publish/?utm_source=openai
- 3: https://docs.npmjs.com/creating-and-publishing-scoped-public-packages?utm_source=openai
🏁 Script executed:
# Find and read package.json to verify package name and publishConfig
fd -e json -n "package.json" --max-depth 1 | head -1 | xargs cat -nRepository: nuxt/test-utils
Length of output: 289
🏁 Script executed:
# Find and read the root package.json
find . -maxdepth 1 -name "package.json" -type f | xargs catRepository: nuxt/test-utils
Length of output: 5080
🏁 Script executed:
# Check the actual release.yml file around line 39 to see the context
cat -n .github/workflows/release.yml | sed -n '30,50p'Repository: nuxt/test-utils
Length of output: 359
Add --access public to the publish command.
Line 39 must explicitly include --access public. The package @nuxt/test-utils is scoped, and pnpm (like npm) defaults scoped packages to restricted (private) when the access flag is omitted. Without this flag, the package will be published as private and unavailable on the public registry.
Required change
- - name: 📦 Release
- run: pnpm publish --no-git-checks
+ - name: 📦 Release
+ run: pnpm publish --access public --no-git-checks📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| run: pnpm publish --no-git-checks | |
| run: pnpm publish --access public --no-git-checks |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release.yml at line 39, The publish step currently runs
"pnpm publish --no-git-checks" which will publish a scoped package as
restricted; update the publish command to include the access flag by changing
the run invocation that uses pnpm publish (the line containing "pnpm publish
--no-git-checks") to add "--access public" so the final command is "pnpm publish
--no-git-checks --access public".
danielroe
changed the title
2 participants
🔗 Linked issue
📚 Description
The release workflow used
npm publish, which doesn't understand pnpm'sworkspace:*protocol. This causedvitest-environment-nuxt: "workspace:*"to be published as-is to npm, breaking installation for users.Switched to
pnpm publish --no-git-checkswhich automatically resolvesworkspace:*to concrete versions during publish. I usednuxt/fontsrelease script as reference (https://github.com/nuxt/fonts/blob/main/.github/workflows/release.yml).