ci: pin pipeline to Node 22 to match packageManager (npm 10)#559
Merged
Conversation
Node 24 ships with npm 11, which requires platform-specific optional dependencies for all platforms to be present in package-lock.json. Lockfiles generated by npm 10 (per packageManager pin) only include the current platform's binaries, causing 'npm ci' to fail on Windows agents with 'Missing: @esbuild/win32-... from lock file' errors. Aligning the pipeline with Node 22 (npm 10) matches the local dev environment and unblocks the release pipeline.
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Pins the Azure DevOps publish pipeline’s Node version to avoid npm ci lockfile validation failures caused by a Node/npm version mismatch.
Changes:
- Switches pipeline NodeTool from Node 24.x to Node 22.x
- Updates the task display name accordingly
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
lilyydu
approved these changes
May 6, 2026
heyitsaamir
added a commit
that referenced
this pull request
May 6, 2026
Cherry-pick of #559 onto `release` to unblock the 2.0.10 publish pipeline. ## Why The publish pipeline fails on `npm ci` on Windows agents because Node 24 ships npm 11, which is stricter than the npm 10 pinned in `packageManager`. See #559 for full root-cause analysis. ## Change Pins the `NodeTool@0` task in `.azdo/publish.yml` from `24.x` to `22.x` (npm 10). One-line fix, no lockfile or dependency changes. ## After merge Re-trigger the [release pipeline](https://dev.azure.com/DomoreexpGithub/Github_Pipelines/_build?definitionId=52&_a=summary) on `release` with **Public** publish type to ship 2.0.10.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The release pipeline fails on
npm ciwith errors like:Root cause
The pipeline's
NodeTool@0task usesversionSpec: '24.x', which provisions Node 24 + npm 11. However:"packageManager": "npm@10.8.1"inpackage.json.package-lock.json(so a lockfile generated on macOS only contains Mac binaries for@esbuild/*andturbo-*).npm ci.Lockfile is valid under npm 10 —
npm cisucceeds locally. The mismatch is purely between the pipeline's npm and the project's pinned npm.Fix
Pin the pipeline to Node 22 (LTS), which ships with npm 10, matching the
packageManagerfield and every developer's local environment.Alternative considered
Bumping the project to npm 11 (update
packageManager, regenerate lockfile under npm 11, force every dev to upgrade). Rejected as larger blast radius for an unblock-the-release fix.Follow-up
This same change needs to be cherry-picked to
releaseto unblock the 2.0.10 publish.