From a2faa722feee501943a13532503b437871969246 Mon Sep 17 00:00:00 2001 From: mldangelo Date: Fri, 22 May 2026 01:17:51 -0400 Subject: [PATCH] fix: set up Node.js in validate-release-pr before the rebuild MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "Validate generated release payload" step rebuilds code-scan-action and ran `npm install -g` with no actions/setup-node, so npm's global prefix was /usr/local and the install failed with EACCES on the runner. Earlier file-scope failures masked this, so the content check had never actually run. Add actions/setup-node (Node 24, matching promptfoo's .nvmrc) — which also gives `npm install -g` a writable prefix — and pin the global npm to 11.11.0 to match the release job's toolchain. --- .github/workflows/validate-release-pr.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate-release-pr.yml b/.github/workflows/validate-release-pr.yml index 6476bc0..4716bbd 100644 --- a/.github/workflows/validate-release-pr.yml +++ b/.github/workflows/validate-release-pr.yml @@ -32,6 +32,14 @@ jobs: echo "Branch ${{ github.head_ref }} is not a generated release branch; artifact mirror files are unchanged." + # setup-node gives `npm install -g` a writable global prefix and pins the + # rebuild toolchain to match promptfoo's release job (.nvmrc -> Node 24). + - name: Set up Node.js + if: ${{ startsWith(github.head_ref, 'release/code-scan-action-v') }} + uses: actions/setup-node@v6 + with: + node-version: '24' + - name: Validate generated release payload if: ${{ startsWith(github.head_ref, 'release/code-scan-action-v') }} env: @@ -90,7 +98,7 @@ jobs: exit 1 fi - npm install -g npm@latest + npm install -g npm@11.11.0 npm ci npm ci --prefix code-scan-action npm run tsc --prefix code-scan-action