Skip to content

chore(deps): bump pnpm/action-setup from v5 to v6#31

Merged
iskhakovt merged 4 commits intomainfrom
chore/bump-action-setup-v6
Apr 25, 2026
Merged

chore(deps): bump pnpm/action-setup from v5 to v6#31
iskhakovt merged 4 commits intomainfrom
chore/bump-action-setup-v6

Conversation

@iskhakovt
Copy link
Copy Markdown
Owner

@iskhakovt iskhakovt commented Apr 12, 2026
edited
Loading

Summary

  • Bumps pnpm/action-setup from v5 to v6.0.3 across all 5 CI jobs (check, unit, integration, e2e, visual)
  • v6.0.2 included the fix for #225: the bootstrap v11 binary was shadowing the self-updated version on PATH due to addPath call order — fixed in pnpm/action-setup#230
  • v6.0.3 updates the bootstrap binary to pnpm v11.0.0-rc.5
  • Pinned to the exact v6.0.3 release commit SHA for supply-chain security
  • All action SHAs in ci.yml and publish.yml now have exact patch version comments (e.g. # v6.0.3) so Dependabot/Renovate can track and auto-update them
  • actions/setup-node updated to v6.4.0 (picked up during merge from main)

Replaces Dependabot's #15 which showed a confusing SHA-to-SHA bump because it couldn't resolve our pinned commit to a version tag.

Test plan

  • CI passes (all jobs use the updated action and correctly resolve pnpm from packageManager / engines.pnpm)

🤖 Generated with Claude Code

@iskhakovt iskhakovt mentioned this pull request Apr 12, 2026
Closed
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 12, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The CI workflow was updated to use a newer pinned version of pnpm/action-setup, replacing the @v5 reference with a commit-based pin marked # v6 across multiple jobs in the workflow.

Changes

Cohort / File(s) Summary
CI Workflow Update
.github/workflows/ci.yml		 Updated pnpm/action-setup version pin from @v5 to a v6 commit reference across check, unit, integration, and e2e jobs.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

dependencies

Poem

🐰 A hop, skip, and a pnpm jump away,
The workflow sings in v6 today!
From v5 to commit pins so neat,
Our GitHub Actions skip to the beat! ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title 'chore(deps): bump pnpm/action-setup from v5 to v6' directly and accurately describes the main change in the pull request, which updates a GitHub Action dependency from version 5 to version 6 across multiple CI jobs.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/bump-action-setup-v6

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@claude
chore(deps): bump pnpm/action-setup from v5 to v6
50ccf2c 
v6 adds pnpm v11 support and runs on Node.js 24. Replaces
Dependabot's confusing SHA-to-SHA PR (#15) with a clean version
bump.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@iskhakovt iskhakovt force-pushed the chore/bump-action-setup-v6 branch from c17b642 to 50ccf2c Compare April 12, 2026 10:59
@iskhakovt
Copy link
Copy Markdown
Owner Author

iskhakovt commented Apr 12, 2026

CI is failing because pnpm/action-setup@v6 always installs pnpm v11 (beta) regardless of the version input or packageManager field — known bug: pnpm/action-setup#225

pnpm 11 can't parse our v9.0 lockfile, hence ERR_PNPM_BROKEN_LOCKFILE: expected a single document in the stream.

Workaround from the issue: use commit 2e223e0f0d2b8fd9872cbadb8b7428e5f8b5556d instead of 08c4be7e.... Holding off until the v6 tag is fixed upstream.

iskhakovt and others added 3 commits April 25, 2026 20:35
@iskhakovt @claude
chore(deps): bump pnpm/action-setup from v6.0.0 to v6.0.3
938c05f 
Fixes the pnpm version input being ignored (v6.0.2 included the PATH
precedence fix from pnpm/action-setup#230).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@iskhakovt @claude
chore(ci): pin action version comments to exact patch versions
0508ffd 
Dependabot and Renovate can track and auto-update SHA pins when the
comment contains the exact semantic version (e.g. # v6.0.3 instead of
# v6). Updated all action comments in ci.yml and publish.yml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@iskhakovt @claude
chore(ci): merge main — bump pnpm/action-setup to v6.0.3, fix version…
a02c3c0 
… comments

Resolves conflicts from main adding the visual job, Docker-based e2e, and
setup-node v6.4.0. Takes our pnpm/action-setup v6.0.3 SHA everywhere;
applies exact patch version comments to all actions in both new and
existing jobs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@iskhakovt iskhakovt enabled auto-merge (squash) April 25, 2026 19:49
@iskhakovt iskhakovt merged commit 048b6dc into main Apr 25, 2026
9 checks passed
@iskhakovt iskhakovt deleted the chore/bump-action-setup-v6 branch April 25, 2026 19:54
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 27, 2026

🎉 This PR is included in version 1.19.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iskhakovt