chore(ci): inject npm versions at publish time + add hyperdb-api-node to CI#47
Merged
StefanSteiner merged 4 commits intoMay 27, 2026
Conversation
Strip the `version` field from all platform-specific and umbrella
npm package.json files (10 platform packages plus 2 umbrellas), and
strip the `optionalDependencies` block from the umbrellas. Slim
release-please-config.json to track only the root component (`.`),
removing the linked-versions plugin and 8 optionalDependencies
extra-files entries that were being patched but never reliably
propagated. Reduce .release-please-manifest.json to a single entry.
Why: release-please's linked-versions plugin requires each registered
"package" to receive scope-specific commits to bump. The npm platform
directories only contain a static package.json plus binaries injected
by CI — they never get real commits, so release-please skipped them
("No user facing commits found") and the linked sync never fired.
The result was platform package.json `version` fields stuck at 0.1.3
while the workspace bumped to 0.2.1, causing npm publish to fail
with E404 when the workflow tried `npm publish` from those dirs.
This commit removes the source-controlled versioning. The next commit
adds runtime injection in the publish workflow, making the version
field derived from the git tag instead.
Replace the "Determine npm dist-tag" step in npm-build-publish.yml with a single "Resolve version and dist-tag from event" step that sources VERSION from the workflow trigger (release tag or workflow_dispatch input) instead of reading the now-absent version field from package.json. Validate the version string against a strict semver shape before it flows into npm pkg set / npm publish (defense in depth against malformed workflow_dispatch inputs). Add a new "Inject version into all npm package.json files" step that runs `npm pkg set` to materialize the version field on all 8 platform packages (3 mcp + 5 api-node) plus both umbrella packages, and pin each umbrella's optionalDependencies to the exact version. Bash arrays MCP_PLATFORMS and NODE_PLATFORMS are the single source of truth for which platforms are published; they must stay in sync with the build-npm matrix and the publish loops. Mirror the same logic in scripts/assemble-npm.sh for local pack testing: derive VERSION from the workspace Cargo.toml and apply the same npm pkg set injection before each `npm pack`. The script's header now warns that it mutates the working tree and shows the `git restore` incantation to discard. Also add the new "hyperdb-api-node (build + smoke)" check name to the verify-ci REQUIRED regex so future releases block on it (the CI job itself lands in the next commit).
Add a Linux-only `node-bindings` job to ci.yml that builds the
napi-rs native addon (debug profile for speed) and runs the
existing __test__/smoke.mjs against a freshly-downloaded hyperd.
Catches regressions in the Node.js bindings on PRs instead of at
release time inside npm-build-publish.yml, which has been silently
the only coverage for this crate to date.
The job reuses the existing `test-ubuntu-latest` Cargo cache key
and the `hyperd-${{ runner.os }}-${{ runner.arch }}-...` cache key
shape from the existing test matrix, so it's warm on the second
run. Cold ~15 min, warm ~5 min. Runs in parallel with the existing
test matrix; doesn't extend wall-clock CI (bounded by the 45-min
test (windows-latest) slot).
Cross-platform napi compatibility continues to be exercised by the
per-platform build matrix in npm-build-publish.yml at release time.
The check name `hyperdb-api-node (build + smoke)` was added to the
verify-ci REQUIRED regex in the previous commit so future releases
block on it.
Adversarial review (BOTH reviewers in parallel) flagged platform-list drift and missing guardrails. This commit folds the fixes back into the same PR before pushing. Critical (CRITICAL severity from both reviewers): - npm-build-publish.yml had a 5-element NODE_PLATFORMS array but only iterated 3 platforms in the publish loop, so the umbrella was being published with optionalDependencies pointing at 2 platform packages (linux-arm64-gnu, linux-x64-musl) that were never built or published. Collapse MCP_PLATFORMS / NODE_PLATFORMS into a single PLATFORMS array (the 3 platforms actually built and published) and comment that splitting is required if the two ever diverge. - hyperdb-api-node/package.json `napi.targets` listed 5 targets to match the now-removed NODE_PLATFORMS aspirational list. Trim to the 3 targets actually built. Pre-existing drift, but with --ignore-scripts on the umbrella publish, the misalignment had become silent. Major: - Add a "Verify tag matches workspace Cargo.toml version" step in npm-build-publish.yml that aborts publish if the tag-derived $VERSION doesn't match Cargo.toml's [workspace.package].version. Without this, a hand-created tag could ship npm at version X while cargo publish ships crates.io at version Y. - Add an EXIT trap to scripts/assemble-npm.sh that always runs `git restore` on the in-source package.json files, so a contributor can't accidentally `git add -A` and re-introduce the `version` field the codebase is deliberately keeping out of git. - Extend the `version-consistency` CI job with an "in-source version" guard that fails CI if any of the 12 npm package.json files grows a `version` field. Locks in the invariant introduced by this PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
versionfield detection.Test plan
npm-build-publishworkflow_dispatch on a scratch branch withnpm publish --dry-runto verify the inject + publish path end-to-endnpm/, manifest only at.npm view hyperdb-mcp-darwin-arm64 versions --jsonlists the new version