Skip to content

chore/6712: enhance pnpm lockfile and GitHub Actions config #6714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

chore/6712: enhance pnpm lockfile and GitHub Actions config #6714

wants to merge 3 commits into from

Conversation

kedar49
Copy link
Collaborator

@kedar49 kedar49 commented Jul 3, 2025

Resolves #6712

Summary

  • Removed hardcoded node-version: 20, now uses .node-version
  • Defined permissions explicitly at the top level in workflows
  • Replaced branch name with commit SHA in GitHub Actions
  • Also updated the docs accordingly

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 3, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 25cfa0f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions github-actions bot added the Type: Other Not an enhancement or a bug label Jul 3, 2025
@netlify Netlify
Copy link

netlify bot commented Jul 3, 2025
edited
Loading

Deploy Preview for mermaid-js ready!

Name Link
🔨 Latest commit c229509
🔍 Latest deploy log https://app.netlify.com/projects/mermaid-js/deploys/6868044427c78d000878cd6a
😎 Deploy Preview https://deploy-preview-6714--mermaid-js.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Jul 3, 2025
edited
Loading

Open in StackBlitz

mermaid

npm i https://pkg.pr.new/mermaid-js/mermaid@6714

@mermaid-js/layout-elk

npm i https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/layout-elk@6714

@mermaid-js/mermaid-zenuml

npm i https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/mermaid-zenuml@6714

@mermaid-js/parser

npm i https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/parser@6714

@mermaid-js/tiny

npm i https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/tiny@6714

commit: c229509

@codecov Codecov
Copy link

codecov bot commented Jul 3, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 3.82%. Comparing base (91f141f) to head (c229509).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           develop   #6714   +/-   ##
=======================================
  Coverage     3.82%   3.82%           
=======================================
  Files          430     430           
  Lines        44479   44479           
  Branches       683     683           
=======================================
  Hits          1701    1701           
  Misses       42778   42778
Flag Coverage Δ
unit 3.82% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@kedar49
Copy link
Collaborator Author

kedar49 commented Jul 3, 2025

@shubham-mermaid can you please guide me through this ?

@argos-ci Argos CI
Copy link

argos-ci bot commented Jul 3, 2025
edited
Loading

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build Status Details Updated (UTC)
default (Inspect) ⚠️ Changes detected (Review) 1786 changed Jul 4, 2025, 4:53 PM

@shubhamparikh2704
Copy link
Member

@shubham-mermaid can you please guide me through this ?
@kedar49 you have to update only validate-lockfile.yml file.

sidharthv96
sidharthv96 requested changes Jul 8, 2025
View reviewed changes
Copy link
Member

@sidharthv96 sidharthv96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Should not be using latest anywhere.
  • Any reason to move a lot of permissions to higher scope?

.github/workflows/e2e.yml
@@ -34,7 +34,7 @@ jobs:
cache:
runs-on: ubuntu-latest
container:
image: cypress/browsers:node-20.11.0-chrome-121.0.6167.85-1-ff-120.0-edge-121.0.2277.83-1
image: cypress/browsers:latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using latest for E2E tests that include rendering will introduce rendering inconsistencies. We should use a pinned version.

.node-version
@@ -1 +1 @@
22.14.0
20.19.0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is node downgraded?

.github/workflows/validate-lockfile.yml
Comment on lines -31 to -49
# 1) No tarball references
if grep -qF 'tarball:' pnpm-lock.yaml; then
issues+=("• Tarball references found (forbidden)")
fi

# 2) No unwanted vitepress paths
if grep -qF 'packages/mermaid/src/vitepress' pnpm-lock.yaml; then
issues+=("• Disallowed path 'packages/mermaid/src/vitepress' present. Run `rm -rf packages/mermaid/src/vitepress && pnpm install` to regenerate.")
fi

# 3) Lockfile only changes when package.json changes
git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} > changed.txt
if grep -q '^pnpm-lock.yaml$' changed.txt && ! grep -q 'package.json' changed.txt; then
issues+=("• pnpm-lock.yaml changed without any package.json modification")
fi

# If any issues, output them and fail
if [ ${#issues[@]} -gt 0 ]; then
# Use the new GITHUB_OUTPUT approach to set a multiline output
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These comments are useful.

.github/workflows/validate-lockfile.yml
Comment on lines +4 to +5
push:
branches: [main, develop]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't want to run this on push to main/develop.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sidharthv96 sidharthv96 sidharthv96 requested changes

Assignees
No one assigned
Labels
Type: Other Not an enhancement or a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enhancement in pnpm-lockfile
3 participants
@kedar49 @shubhamparikh2704 @sidharthv96