chore: enable staged publishing#563
Conversation
Also bumps all the actions using a sha rather than a mutable tag.
commit: |
size-limit report 📦
|
There was a problem hiding this comment.
Pull request overview
Updates the repository’s GitHub Actions workflows to support staged publishing in the release pipeline and to make workflow dependencies more immutable by pinning actions to specific commit SHAs.
Changes:
- Pin commonly used GitHub Actions (checkout, setup-node, pnpm setup, etc.) to commit SHAs across workflows.
- Update the release workflow to publish via
npm stage publishand add steps to install a specific npm version before upgrading. - Pin additional tooling actions used in QA/size-limit workflows (e.g., Bun/Deno setup, size-limit action).
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/size-limit.yml | Pins checkout/node/pnpm/size-limit actions to SHAs for immutability. |
| .github/workflows/release.yml | Switches publishing to npm stage publish, adds npm install steps, and pins several actions to SHAs. |
| .github/workflows/qa.yml | Pins checkout/node/pnpm/Bun/Deno setup actions to SHAs across QA jobs. |
| .github/workflows/cr.yml | Pins checkout/node/pnpm actions to SHAs in the CR workflow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
pnpm is not supporting staged publishing ? |
|
it was very recently added to npm (last day or two) so hasn't yet reached pnpm afaik. though keep in mind |
`pnpm stage publish` ships natively in pnpm v11.3.0 (May 2026, PR pnpm/pnpm#11863) with full subcommand parity to `npm stage`. The project is already pinned to `pnpm@11.3.0` in `packageManager`, so the feature is available without a version bump. * Replace the four `npm stage publish` invocations with their `pnpm` equivalents — flags (`--no-git-checks`, `--tag next|beta|alpha`) are identical. * Drop the two-step `npm install -g npm@~11.10.0 && npm install -g npm@11.15.0` workaround for npm/cli#9151; only pnpm is needed in the publish job now. * Single package manager across the workflow; `pnpm stage publish` also rewrites `workspace:*` correctly should the project ever move to a workspace layout.
|
Pushed
Since The e18e/setup-publish reference template (same ecosystem as tinylibs) already uses |
Also bumps all the actions using a sha rather than a mutable tag.