ci: use npm ci with caching, validate typedoc links, align Node versions#533
Merged
ci: use npm ci with caching, validate typedoc links, align Node versions#533
Conversation
- Switch npm install -> npm ci in ci.yml (build, build-wsl) and docs.yml to fail on lockfile drift rather than silently tolerating it - Add cache: npm to all setup-node steps that have a lockfile to hash (skipped test-git-install which has no checkout, and WSL which has no setup-node action) - Add TypeDoc link validation step after build (Linux x64 only, matching existing single-OS gate pattern for MCPB). Verified passing on main. - Align all workflows on Node 22 (active LTS) — previously CI used 20 but publish workflows used 22, so releases were tested on a different Node than PRs - Add engines.node >=20 to package.json so consumers on Node 18 get a warning
@modelcontextprotocol/ext-apps
@modelcontextprotocol/server-basic-preact
@modelcontextprotocol/server-basic-react
@modelcontextprotocol/server-basic-solid
@modelcontextprotocol/server-basic-svelte
@modelcontextprotocol/server-basic-vanillajs
@modelcontextprotocol/server-basic-vue
@modelcontextprotocol/server-budget-allocator
@modelcontextprotocol/server-cohort-heatmap
@modelcontextprotocol/server-customer-segmentation
@modelcontextprotocol/server-debug
@modelcontextprotocol/server-map
@modelcontextprotocol/server-pdf
@modelcontextprotocol/server-scenario-modeler
@modelcontextprotocol/server-shadertoy
@modelcontextprotocol/server-sheet-music
@modelcontextprotocol/server-system-monitor
@modelcontextprotocol/server-threejs
@modelcontextprotocol/server-transcript
@modelcontextprotocol/server-video-resource
@modelcontextprotocol/server-wiki-explorer
commit: |
jonathanhefner
approved these changes
Mar 6, 2026
ochafik
added a commit
that referenced
this pull request
Mar 10, 2026
Changes since 1.2.0: - fix: bundle SDK+zod in react-with-deps (was byte-identical to ./react) (#539) - fix(build): copy schema.json to dist and externalize zod (#534) - fix: skip debug log for high-frequency tool-input-partial notifications (#546) - fix(deps): drop @hono/node-server override to patch GHSA-wc8c-qw6v-h7f6 (#535) - fix(readme): use picture element for theme-aware logo (#545) - fix(ci): require maintainer association for /update-snapshots trigger (#532) - fix: pre-commit stages only originally-staged files; add .npmrc (#538) - ci: use npm ci with caching, validate typedoc links, align Node versions (#533) - test: exclude screenshot-gen from default E2E run; wire pdf-server tests (#537)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Four CI hygiene fixes identified in a workflow audit.
Changes
1.
npm install→npm cinpm installtolerates lockfile drift — a PR that works with drifted transitive deps can merge, then break for the next person runningnpm ci. Switched tonpm ciwhich fails fast on mismatch.ci.ymlbuild matrix (was line 76)ci.ymlbuild-wsl (was line 156)docs.ymldeploy job(
npm-publish.ymlandpublish.ymlalready usednpm ci.)2. npm dependency caching
Added
cache: npmtoactions/setup-nodesteps. Previously every CI job installed from cold. Now all jobs with apackage-lock.jsonavailable get caching:ci.yml: prettier-fix, build, e2edocs.yml: deployupdate-snapshots.yml: update-snapshotsIntentionally not added to:
ci.ymltest-git-install — no repo checkout, so no lockfile to hash (cache: npmwould fail)ci.ymlbuild-wsl — Node is installed manually inside WSL, nosetup-nodeaction to configure3. TypeDoc link validation
CLAUDE.md documents
npm exec typedoc -- --treatValidationWarningsAsErrors --emit noneas the way to catch broken{@link}references, but it ran in zero CI workflows. A renamed export could break doc links and only surface at release time (docs.ymlruns on release, not PR).Added as a step in the build job after
npm run build, gated to Linux x64 only (following the existing MCPB-pack pattern — doc validation is OS-agnostic).Verified locally: passes on current
main(exit 0, no broken links).4. Node version alignment +
enginesfieldPreviously: CI validated on Node 20, but
npm-publish.ymlpublished from Node 22. A Node-22-only API in build tooling would pass publish but was never tested in CI.ci.yml(5 places incl. WSL nodesource URL),docs.yml,update-snapshots.yml"engines": { "node": ">=20" }topackage.json— floor matches@types/node20.x and gives users on Node 18 a warningValidation
python3 yaml.safe_loadon all 5 workflow files)prettier --checkpasses on all edited filesnpm cialready proven working innpm-publish.yml/publish.yml— lockfile is in syncNot changed
package-lock.json— untouchednpm-publish.yml,publish.yml— already had Node 22 + cache + npm ci