Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/install/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,5 @@ runs:
restore-keys: ${{ runner.os }}-

- name: Install dependencies ⚙️
run: pnpm install
run: pnpm ci

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This cleans node_modules (noop) and runs pnpm install --frozen-lockfile (which was already the case with pnpm install when CI=true is detected). So no actual change but just stricter.

shell: bash
6 changes: 3 additions & 3 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@
},
"engines": {
"node": "24.x",
"pnpm": ">=10.26"
"pnpm": "11.x"
},
"packageManager": "pnpm@10.33.0",
"packageManager": "pnpm@11.5.0",
"type": "module",
"scripts": {
"start": "pnpm --filter demo start",
Expand Down Expand Up @@ -49,7 +49,7 @@
"cypress": "15.13.1",
"cypress-wait-for-stable-dom": "0.1.0",
"eslint": "9.39.2",
"playwright": "1.59.1",
"playwright": "1.60.0",

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Playwright browser installation was stuck in CI — see microsoft/playwright#40998

"prettier": "3.8.1",
"typescript": "5.9.3",
"vitest": "4.1.3",
Expand Down
226 changes: 213 additions & 13 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 5 additions & 10 deletions pnpm-workspace.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,30 +7,25 @@ packages:
engineStrict: true

# Use whichever pnpm version is available in the environment
managePackageManagerVersions: false
pmOnFail: ignore

# Manage peer dependencies explicitly and predictibly
strictPeerDependencies: true
autoInstallPeers: false
resolvePeersFromWorkspaceRoot: false

# Fail install if any dependency has unapproved build scripts
strictDepBuilds: true

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now the default

# Approve specific build scripts
allowBuilds:
cypress: true
esbuild: true

# Save exact dependency versions in `package.json`
savePrefix: ''

# Only install packages that are at least 2 days old
minimumReleaseAge: 2880

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now it defaults to 1 day, which seems good enough for us. We pin packages and manually check release notes when upgrading.

# Relax minimum release age protection for owned packages
minimumReleaseAgeExclude:
- '@h5web/*'
- '@esrf/eslint-config'

# Run install automatically if anything is out of date before running a script
verifyDepsBeforeRun: 'install'

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now the default

# Save exact dependency versions in `package.json`
savePrefix: ''

# Every project must have these scripts in their `package.json`
requiredScripts:
Expand Down