Skip to content

fix(release): use npm ci so package-lock.json is never modified in CI#76

Merged
sourcehawk merged 1 commit into
mainfrom
fix/release-npm-ci
Jun 17, 2026
Merged

fix(release): use npm ci so package-lock.json is never modified in CI#76
sourcehawk merged 1 commit into
mainfrom
fix/release-npm-ci

Conversation

@sourcehawk

@sourcehawk sourcehawk commented Jun 17, 2026

Copy link
Copy Markdown
Owner

Description

The v0.3.3 release failed because make frontend ran npm install, which rewrote
frontend/package-lock.json on the CI runner (different npm version, different
resolved metadata). GoReleaser's git-dirty check then aborted before any builds ran.

Switching to npm ci installs the exact locked versions without touching the lock
file, so the working tree stays clean for GoReleaser's check.

Changes

  • frontend: and test-frontend: Makefile targets now use npm ci instead of npm install

Testing

Reproduced the failure by inspecting the v0.3.3 run log (goreleaser: git is in a dirty state — M frontend/package-lock.json). The fix is mechanical: npm ci is
explicitly documented to never modify package-lock.json. The next tag push will
confirm it end-to-end.

@sourcehawk @claude
fix(release): use npm ci so package-lock.json is never modified in CI
6359343 
npm install can rewrite package-lock.json when the npm version on the
runner differs from the one used locally. GoReleaser's git-dirty check
then aborts the release. npm ci installs the exact locked versions
without touching the file.

Applies to both the frontend build target and the test-frontend target
for consistency.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 17, 2026 20:30
@sourcehawk sourcehawk merged commit 54b2965 into main Jun 17, 2026
4 of 6 checks passed
@sourcehawk sourcehawk deleted the fix/release-npm-ci branch June 17, 2026 20:31
Copilot AI reviewed Jun 17, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the build/test workflow for the embedded Next.js frontend so CI and release builds don’t mutate frontend/package-lock.json, preventing GoReleaser’s git-dirty check from aborting releases.

Changes:

  • Switch make frontend to use npm ci instead of npm install.
  • Switch make test-frontend to use npm ci instead of npm install.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@sourcehawk sourcehawk mentioned this pull request Jun 17, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sourcehawk