From 6a6d629bcf7cfd86bff62835db393747bc030073 Mon Sep 17 00:00:00 2001 From: Kevin Riehl Date: Wed, 27 May 2026 14:49:18 -0700 Subject: [PATCH] Replace pnpm/action-setup with corepack to actually pin the pnpm version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit pnpm/action-setup@v4 was ignoring its `version` input on this runner and installing pnpm 10.x no matter what value we passed. That's why every attempt to land an onlyBuiltDependencies allowlist failed — ERR_PNPM_IGNORED_BUILDS kept blocking the install. Switch to corepack, which Node 22 ships with, and `corepack prepare pnpm@9.14.4 --activate`. Same mechanism the Dockerfiles use. Adds an explicit `pnpm --version` line so future CI runs make the actual installed version visible. Dropped `cache: pnpm` from actions/setup-node@v4 since pnpm isn't on PATH yet at that step — the pnpm store cache wasn't doing much for us on first runs anyway. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitea/workflows/ci.yml | 48 ++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 46a63b0..6aa6fc2 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -10,21 +10,21 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 - with: - # Pinned to a 9.x release that predates pnpm's strict - # ERR_PNPM_IGNORED_BUILDS gate (added in 9.15 / 10.x). With - # `version: 9` the action was resolving to a newer release that - # blocks the install over our onlyBuiltDependencies allowlist not - # being honored in this runner. 9.14.4 just runs the scripts the - # way pnpm always did, which matches what the Dockerfiles do via - # corepack `pnpm@9` and what production builds rely on. - version: "9.14.4" - - uses: actions/setup-node@v4 with: node-version: 22 - cache: pnpm + + - name: Set up pnpm via corepack + # pnpm/action-setup@v4 was ignoring its `version` input on this + # runner and always installing latest pnpm 10.x, which blocked the + # install with ERR_PNPM_IGNORED_BUILDS no matter how we configured + # onlyBuiltDependencies. Install pnpm 9.14.4 via corepack instead + # — same mechanism the Dockerfiles use, no strict-build gate, runs + # postinstall scripts the way pnpm has for years. + run: | + corepack enable + corepack prepare pnpm@9.14.4 --activate + pnpm --version - name: Install dependencies run: pnpm install --frozen-lockfile @@ -50,21 +50,21 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 - with: - # Pinned to a 9.x release that predates pnpm's strict - # ERR_PNPM_IGNORED_BUILDS gate (added in 9.15 / 10.x). With - # `version: 9` the action was resolving to a newer release that - # blocks the install over our onlyBuiltDependencies allowlist not - # being honored in this runner. 9.14.4 just runs the scripts the - # way pnpm always did, which matches what the Dockerfiles do via - # corepack `pnpm@9` and what production builds rely on. - version: "9.14.4" - - uses: actions/setup-node@v4 with: node-version: 22 - cache: pnpm + + - name: Set up pnpm via corepack + # pnpm/action-setup@v4 was ignoring its `version` input on this + # runner and always installing latest pnpm 10.x, which blocked the + # install with ERR_PNPM_IGNORED_BUILDS no matter how we configured + # onlyBuiltDependencies. Install pnpm 9.14.4 via corepack instead + # — same mechanism the Dockerfiles use, no strict-build gate, runs + # postinstall scripts the way pnpm has for years. + run: | + corepack enable + corepack prepare pnpm@9.14.4 --activate + pnpm --version - name: Install dependencies run: pnpm install --frozen-lockfile