Skip to content

chore: enable staged publishing#563

Merged
jerome-benoit merged 4 commits into
mainfrom
staged-pubs
May 30, 2026
Merged

chore: enable staged publishing#563
jerome-benoit merged 4 commits into
mainfrom
staged-pubs

Conversation

@43081j

@43081j 43081j commented May 21, 2026

Copy link
Copy Markdown
Member

Also bumps all the actions using a sha rather than a mutable tag.

Also bumps all the actions using a sha rather than a mutable tag.
Copilot AI review requested due to automatic review settings May 21, 2026 11:42
@pkg-pr-new

pkg-pr-new Bot commented May 21, 2026

Copy link
Copy Markdown

Open in StackBlitz

npm i https://pkg.pr.new/tinylibs/tinybench@563

commit: 2d9cbff

@github-actions

github-actions Bot commented May 21, 2026

Copy link
Copy Markdown

size-limit report 📦

Path Size Loading time (3g) Running time (snapdragon) Total time
dist/index.js 10.13 KB (0%) 203 ms (0%) 51 ms (+1058.92% 🔺) 253 ms

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s GitHub Actions workflows to support staged publishing in the release pipeline and to make workflow dependencies more immutable by pinning actions to specific commit SHAs.

Changes:

  • Pin commonly used GitHub Actions (checkout, setup-node, pnpm setup, etc.) to commit SHAs across workflows.
  • Update the release workflow to publish via npm stage publish and add steps to install a specific npm version before upgrading.
  • Pin additional tooling actions used in QA/size-limit workflows (e.g., Bun/Deno setup, size-limit action).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
.github/workflows/size-limit.yml Pins checkout/node/pnpm/size-limit actions to SHAs for immutability.
.github/workflows/release.yml Switches publishing to npm stage publish, adds npm install steps, and pins several actions to SHAs.
.github/workflows/qa.yml Pins checkout/node/pnpm/Bun/Deno setup actions to SHAs across QA jobs.
.github/workflows/cr.yml Pins checkout/node/pnpm actions to SHAs in the CR workflow.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/release.yml Outdated
Comment thread .github/workflows/release.yml Outdated
@jerome-benoit

Copy link
Copy Markdown
Collaborator

pnpm is not supporting staged publishing ?

@43081j

43081j commented May 21, 2026

Copy link
Copy Markdown
Member Author

it was very recently added to npm (last day or two) so hasn't yet reached pnpm afaik.

though keep in mind pnpm publish does seem to do the same as npm publish in non-monorepo situations. so we're not losing anything by switching the publish command and can always flip it back later.

Copilot AI review requested due to automatic review settings May 30, 2026 14:42

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review is ineligible. To be eligible to request a review, you need a paid Copilot license, or your organization must enable Copilot code review.

`pnpm stage publish` ships natively in pnpm v11.3.0 (May 2026, PR
pnpm/pnpm#11863) with full subcommand parity to `npm stage`. The project
is already pinned to `pnpm@11.3.0` in `packageManager`, so the feature
is available without a version bump.

* Replace the four `npm stage publish` invocations with their `pnpm`
  equivalents — flags (`--no-git-checks`, `--tag next|beta|alpha`) are
  identical.
* Drop the two-step `npm install -g npm@~11.10.0 && npm install -g
  npm@11.15.0` workaround for npm/cli#9151; only pnpm is needed in the
  publish job now.
* Single package manager across the workflow; `pnpm stage publish` also
  rewrites `workspace:*` correctly should the project ever move to a
  workspace layout.
@jerome-benoit

jerome-benoit commented May 30, 2026

Copy link
Copy Markdown
Collaborator

Pushed 2d9cbff switching the four npm stage publish calls back to pnpm stage publish.

pnpm stage shipped natively in pnpm v11.3.0 (pnpm/pnpm#11863, released May 24) with full subcommand parity (publish, list, view, approve, reject, download). It reuses libnpmpublish ≥ 11.2.0 so it talks to the same registry endpoint as npm stage publish. Flags (--no-git-checks, --tag, --access, --provenance, --otp, --dry-run, --recursive) are identical — see pnpm.io/cli/stage.

Since package.json is already pinned to pnpm@11.3.0, no version bump was needed. The two-step npm install -g npm@~11.10.0 && npm install -g npm@11.15.0 workaround for npm/cli#9151 is also dropped — only pnpm is needed in the publish job now. Bonus: pnpm stage publish rewrites workspace:* correctly, which npm stage publish does not (the original motivation for pnpm/pnpm#11863, per @JoviDeCroock); future-proof if the project ever moves to a workspace layout.

The e18e/setup-publish reference template (same ecosystem as tinylibs) already uses pnpm stage publish.

@jerome-benoit jerome-benoit added this pull request to the merge queue May 30, 2026
Merged via the queue into main with commit c4cd483 May 30, 2026
34 checks passed
@jerome-benoit jerome-benoit deleted the staged-pubs branch May 30, 2026 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants