logaritmisk/biggus-dickus
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

Pin the pnpm version for reproducible web installs #26

New Issue
Closed
opened 2026-06-03 21:43:48 +00:00 by logaritmisk · 0 comments
logaritmisk commented 2026-06-03 21:43:48 +00:00
Owner
Copy Link
Copy Source

Context

The web/ package has no packageManager field, and the CI web job pins pnpm only at the major level (pnpm/action-setup@v4 with version: 9). Locally the lockfile was written with pnpm 11.5.1; both emit lockfileVersion: '9.0', so --frozen-lockfile passes today — but the pnpm version is effectively unpinned and can drift between contributors and CI.

What to do

  • Add a "packageManager": "pnpm@<exact-version>" field to web/package.json (Corepack reads it for a deterministic pnpm).
  • Make the CI web job's pnpm version consistent with that pin (or rely on Corepack), so local and CI use the same pnpm.

Acceptance

  • web/package.json declares an exact packageManager pnpm version.
  • CI uses the same version; pnpm install --frozen-lockfile stays green.

Source: frontend SPA milestone 1 final review — reproducibility nit.

## Context The `web/` package has no `packageManager` field, and the CI `web` job pins pnpm only at the major level (`pnpm/action-setup@v4` with `version: 9`). Locally the lockfile was written with pnpm 11.5.1; both emit `lockfileVersion: '9.0'`, so `--frozen-lockfile` passes today — but the pnpm version is effectively unpinned and can drift between contributors and CI. ## What to do - Add a `"packageManager": "pnpm@<exact-version>"` field to `web/package.json` (Corepack reads it for a deterministic pnpm). - Make the CI `web` job's pnpm version consistent with that pin (or rely on Corepack), so local and CI use the same pnpm. ## Acceptance - `web/package.json` declares an exact `packageManager` pnpm version. - CI uses the same version; `pnpm install --frozen-lockfile` stays green. _Source: frontend SPA milestone 1 final review — reproducibility nit._
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
logaritmisk
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: logaritmisk/biggus-dickus#26
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?