fix(release): regenerate lockfile after version bump and guard it#189
Merged
Conversation
changeset version bumps package.json versions but never touches the lockfile. examples/* pin sibling chkit packages to exact published betas, so once the workspace version moves past that pin bun can no longer dedupe them onto the local copies and must record fresh registry resolutions. Without regenerating the lockfile, the release commit ships a stale one that CI's bun install --frozen-lockfile rejects on main. - Run bun install --lockfile-only right after version-packages so the release commit carries the updated resolutions. - Add bun install --frozen-lockfile to the release guards so a stale lockfile fails the release locally before it is pushed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Main CI went red on the
chore: version packagescommit withbun install --frozen-lockfilefailing (lockfile had changes, but lockfile is frozen). Root cause:scripts/manual-release.tsrunschangeset version(which bumps everypackage.json) but never regenerates the lockfile, then commits withgit add -A.examples/clickbenchpins its chkit deps to exact published betas; while the workspace version equals that pin, bun dedupes those deps onto the local workspace copies and the stale lockfile passes. Once a release bumps the workspace past the pin (beta.2 → beta.4), bun must resolve those packages from the registry — resolutions absent from the committed lockfile — so frozen install fails. Both existing lockfile guards live in CI after the push, so nothing stopped the bad lockfile from landing on main.This PR fixes the release script:
bun install --lockfile-onlyright afterversion-packagesso the release commit carries the updated resolutions.bun install --frozen-lockfiletorunReleaseGuards()so a stale lockfile fails the release locally before it is pushed.The already-broken lockfile on
mainwas regenerated separately ina3c7006(main is green again); this PR prevents recurrence.Test plan
bun run typecheckpassesbiome check scripts/manual-release.tscleanchore: version packagescommit passes CI's frozen-install step