fix: add corepack enable to CI workflow to restore pnpm availability#317
Open
fix: add corepack enable to CI workflow to restore pnpm availability#317
Conversation
The check job calls make check in workers/javascript, which invokes bare pnpm commands. pnpm is not available on the Blacksmith runner by default. The Makefile was changed from npx pnpm to bare pnpm without a corresponding workflow update, breaking CI since Jan 8 2026. Add corepack enable + corepack prepare after setup-node so pnpm@10.29.2 is available before make check runs.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #317 +/- ##
==========================================
- Coverage 61.73% 61.72% -0.02%
==========================================
Files 250 250
Lines 17871 17871
Branches 172 172
==========================================
- Hits 11033 11031 -2
- Misses 6053 6055 +2
Partials 785 785
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
|
- check job: setup-node + corepack must run before pre-commit/action so the pnpm-lint-mocks hook can find pnpm; previously node was set up after pre-commit - test-js job: make build calls make deps which calls bare pnpm; add corepack enable step after setup-node to make pnpm available before make build
The pnpm-lint-mocks pre-commit hook requires mocks/node_modules to be populated. Add an explicit pnpm install step before pre-commit runs. The make build and make check steps in test-js and check jobs require authentication to npm.pkg.github.com to fetch private @superblocksteam packages. Set NPM_TOKEN=${{ secrets.GITHUB_TOKEN }} on those steps.
…space pnpm install --filter mocks installs only mocks' public dependencies (eslint etc.) without triggering auth for private @superblocksteam/* packages. GITHUB_TOKEN only has read access to same-repo packages and gets 403 for cross-repo org packages. Use AGENT_RELEASE_PAT (existing PAT secret) as NPM_TOKEN for the steps that do a full workspace install: make check and make build in test-js.
…EASE_PAT AGENT_RELEASE_PAT returns 401 Unauthorized for @superblocksteam/* packages. Switch to github.token with permissions.packages:read (plus contents:read for checkout) -- the correct modern approach for org-internal package access in GitHub Actions.
…cross-repo packages) github.token with packages:read returns 403 for @superblocksteam/* packages because they are in separate repos and GitHub Actions GITHUB_TOKEN cannot access cross-repo packages in the same org. AGENT_RELEASE_PAT (a classic PAT with read:packages scope) is the correct credential -- it just needs rotation as the current value is expired.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pnpmis not available by default on the Blacksmith runner -- it must be activated via corepackcheckjob'smake checkstep (inworkers/javascript) calls barepnpmcommands, which fail withpnpm: command not foundnpx pnpm installto barepnpm installwithout a corresponding workflow updatetest-jsjob was unaffected because it usesnpx pnpmdirectly in the workflow, which downloads pnpm on the flyFix
Add a single step after
actions/setup-nodeto enable corepack and activate pnpm:The version
10.29.2is pinned in the rootpackage.json"packageManager"field and is what corepack will resolve to anyway -- making it explicit avoids any network lookup.Test plan
checkjob passes on this branch (pnpm available,make checkinworkers/javascriptsucceeds)test-jsjob still passes (unaffected -- continues usingnpx pnpm)test-goandtest-pyjobs still pass (no changes to those jobs)