Skip to content

ci: port alpha-aware release/publish flow + pnpm 10 to alpha#4464

Merged
matthew-dean merged 4 commits into
less:alphafrom
matthew-dean:alpha-release-port
Jul 12, 2026
Merged

ci: port alpha-aware release/publish flow + pnpm 10 to alpha#4464
matthew-dean merged 4 commits into
less:alphafrom
matthew-dean:alpha-release-port

Conversation

@matthew-dean

Copy link
Copy Markdown
Member

Release/publish infrastructure only — no packages/less/src changes.

Ports the alpha-aware release-PR flow from master onto alpha:

  • create-release-pr.yml (opens a chore: alpha release vX PR on push to alpha), publish.yml (publishes on release-PR merge, --prerelease), ci.yml (+ alpha branch filters) — from master.
  • bump-and-publish.js — master's idempotent, tag-backed version.
  • test:node wiring on alpha's existing packages/less build.
  • packageManagerpnpm@10.34.5 with a regenerated v9 lockfile.

First of a two-part sequence: this modernizes the release machinery; the v5 content (adoption modules replacing packages/less) lands in a follow-up PR. Versions intentionally left as-is (reconciled with the content PR).

- Add create-release-pr.yml (verbatim from master; already special-cases alpha)
- Replace publish.yml with master's PR-merge-triggered version (verbatim)
- Replace ci.yml with master's, adding 'alpha' to push/pull_request branch triggers
…tag-backed version

Version bump now arrives via the release PR; script only validates + tags + publishes
(no local commit/branch push). Matches the pull_request-merge publish trigger.
- Add root test:node delegating to packages/less
- Add packages/less test:node -> grunt test:node
- Register grunt test:node target reusing existing alpha shell targets (node ESM+CJS, no browser/sauce)
…nfra-only)

- packageManager pnpm@8.15.0 -> pnpm@10.34.5 (owner: pnpm 10 for v5 alpha)
- regenerate pnpm-lock.yaml to lockfileVersion 9.0 against alpha's EXISTING
  packages/less (no ESM refactor); verified --frozen-lockfile --ignore-scripts passes
- pnpm 10 needs Node >=18.12; ported workflows use lts/* (resolves >=18)
- CI-toolchain change only: packages/less engines.node left at alpha's >=14 (unchanged)
@dosubot dosubot Bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Jul 12, 2026
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6a827241-d6f4-4f8a-b6fd-50fbe532351e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps

greptile-apps Bot commented Jul 12, 2026

Copy link
Copy Markdown

Greptile Summary

This PR ports the alpha release and publish flow onto the alpha branch. The main changes are:

  • New release PR creation workflow for master and alpha.
  • Publish workflow triggered by merged release PRs.
  • Updated publish script that validates pre-bumped versions and pushes tags.
  • New test:node scripts for CI and publish checks.
  • pnpm 10 package manager and regenerated lockfile.

Confidence Score: 4/5

The release publish path needs fixes before merging.

  • Failed publishes can leave a GitHub tag without an npm release.
  • The npm auth token can be cleared in the child publish process.
  • The CI and node-only test wiring otherwise looks coherent from the inspected changes.

scripts/bump-and-publish.js

Comments Outside Diff (1)

  1. scripts/bump-and-publish.js, line 369 (link)

    P1 Publish Token Gets Cleared

    The publish workflow relies on setup-node registry auth, but this child process replaces NODE_AUTH_TOKEN with process.env.NPM_TOKEN. Since the workflow does not set NPM_TOKEN, npm publish runs without the token that was already present and the release fails with an npm auth error after the tag has been pushed.

Reviews (1): Last reviewed commit: "chore: bump packageManager to pnpm@10.34..." | Re-trigger Greptile

} catch (e) {
console.log(`⚠️ Push failed, but continuing with publish...`);
}
execSync(`git push origin "${tagName}"`, { cwd: ROOT_DIR, stdio: 'inherit' });

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Tag Push Precedes Publish

When an alpha validation or npm publish fails after this point, the workflow has already pushed vX.Y.Z to GitHub without publishing the package. A rerun then fails on the existing remote tag before it can retry the publish, leaving the release stuck until the tag is cleaned up manually.

@matthew-dean
matthew-dean merged commit 8783e31 into less:alpha Jul 12, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant