Skip to content

Spike: npm -> pnpm #339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cteyton wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Spike: npm -> pnpm #339

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
1a2c067
✨ feat(monorepo): bootstrap pnpm 9 in place of npm workspaces
claude May 28, 2026
5546660
✨ feat(monorepo): declare phantom deps surfaced by pnpm strict resolu…
claude May 28, 2026
5dc1749
👷 ci: switch GitHub Actions workflows to pnpm
claude May 28, 2026
ed33419
🐳 chore(docker): run pnpm via corepack in docker images and compose s…
claude May 28, 2026
bb498da
✨ feat(api): declare webpack as a direct devDependency
claude May 28, 2026
f4a42e0
✨ feat(frontend): declare @storybook/react as a direct devDependency
claude May 28, 2026
c8f8e76
🙈 chore: ignore Node V8 compile cache directory
claude May 28, 2026
8f1e5de
🐛 fix(cli): install dist runtime dependencies before invoking the bun…
claude May 28, 2026
13740a8
🐛 fix(integration-tests): widen transformIgnorePatterns for pnpm node…
claude May 28, 2026
64bb6aa
🩹 fix: address greptile review on the pnpm migration PR
claude May 28, 2026
40ee4a7
⚡ perf(docker): cache pnpm via shared COREPACK_HOME and reuse the sto…
claude May 28, 2026
f8429ca
⚡ perf(ci): skip prepare hook in CI and prefer offline package resolu…
claude May 28, 2026
71e86d3
🔧 chore(scripts): extract install-dist-cli-deps and use frozen lockfile
cteyton May 28, 2026
add2f31
🐛 fix(docker): ignore lifecycle scripts in API migrations install
cteyton May 28, 2026
262202d
🐛 fix(docker-compose): fail fast on pnpm lockfile drift
cteyton May 28, 2026
14bd612
🐛 fix(scripts): drop frozen-lockfile from dist CLI install
cteyton May 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 43 additions & 18 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,15 @@

steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9.15.0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci --ignore-scripts --no-audit --no-fund
cache: 'pnpm'
- run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 63 in .github/workflows/build.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn-HCv0_1Y1LXtZj&open=AZ5uTn-HCv0_1Y1LXtZj&pullRequest=339
- name: Generate tsconfig
env:
PACKMIND_EDITION: ${{ vars.PACKMIND_EDITION }}
Expand All @@ -75,7 +78,7 @@
run: ./node_modules/.bin/nx test api
- run: cp apps/api/docker-package.json dist/apps/api/.
- run: cp package.json dist/apps/api/.
- run: cp package-lock.json dist/apps/api/.
- run: cp pnpm-lock.yaml dist/apps/api/.
- run: cp tsconfig.base.effective.json dist/apps/api/.

- name: Upload API build artifacts
Expand All @@ -95,22 +98,25 @@

steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9.15.0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci --ignore-scripts --no-audit --no-fund
cache: 'pnpm'
- run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 109 in .github/workflows/build.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn-HCv0_1Y1LXtZl&open=AZ5uTn-HCv0_1Y1LXtZl&pullRequest=339
- name: Generate tsconfig
env:
PACKMIND_EDITION: ${{ vars.PACKMIND_EDITION }}
run: node scripts/select-tsconfig.mjs
- name: Generate Chakra types
env:
PACKMIND_EDITION: ${{ vars.PACKMIND_EDITION }}
run: npm run chakra:typegen
run: pnpm chakra:typegen
- name: Typechecks
run: npm run typecheck:frontend
run: pnpm typecheck:frontend
- name: Test Frontend
env:
PACKMIND_EDITION: ${{ vars.PACKMIND_EDITION }}
Expand Down Expand Up @@ -144,12 +150,15 @@

steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9.15.0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci --ignore-scripts --no-audit --no-fund
cache: 'pnpm'
- run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 161 in .github/workflows/build.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn-HCv0_1Y1LXtZn&open=AZ5uTn-HCv0_1Y1LXtZn&pullRequest=339
- name: Generate tsconfig
env:
PACKMIND_EDITION: ${{ vars.PACKMIND_EDITION }}
Expand All @@ -165,6 +174,7 @@
NODE_OPTIONS: '--max-old-space-size=16384 --no-experimental-strip-types'
run: ./node_modules/.bin/nx test mcp-server
- run: cp tsconfig.base.effective.json dist/apps/mcp-server/.
- run: cp pnpm-lock.yaml dist/apps/mcp-server/.

- name: Upload MCP-Server build artifacts
uses: actions/upload-artifact@v4
Expand All @@ -183,12 +193,15 @@

steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9.15.0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci --ignore-scripts --no-audit --no-fund
cache: 'pnpm'
- run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 204 in .github/workflows/build.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn-HCv0_1Y1LXtZp&open=AZ5uTn-HCv0_1Y1LXtZp&pullRequest=339
- name: Generate tsconfig
env:
PACKMIND_EDITION: ${{ vars.PACKMIND_EDITION }}
Expand Down Expand Up @@ -224,11 +237,14 @@

steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9.15.0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache: 'pnpm'

- name: Set up Bun
uses: oven-sh/setup-bun@v2
Expand All @@ -239,7 +255,7 @@
id: get-version
run: echo "version=$(node -p "require('./apps/cli/package.json').version")" >> $GITHUB_OUTPUT

- run: npm ci --ignore-scripts --no-audit --no-fund
- run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 258 in .github/workflows/build.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn-HCv0_1Y1LXtZr&open=AZ5uTn-HCv0_1Y1LXtZr&pullRequest=339
- name: Generate tsconfig
env:
PACKMIND_EDITION: ${{ vars.PACKMIND_EDITION }}
Expand Down Expand Up @@ -272,6 +288,9 @@
echo "Built executables (with embedded WASM files):"
ls -lh dist/apps/cli-executables/

- name: Install dist CLI runtime dependencies
run: sh scripts/install-dist-cli-deps.sh

- name: Test executables
run: |
node dist/apps/cli/main.cjs --version
Expand Down Expand Up @@ -300,14 +319,17 @@

steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9.15.0

- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache: 'pnpm'

- run: npm ci --ignore-scripts --no-audit --no-fund
- run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 332 in .github/workflows/build.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn-HCv0_1Y1LXtZt&open=AZ5uTn-HCv0_1Y1LXtZt&pullRequest=339

- name: Generate tsconfig
env:
Expand All @@ -316,6 +338,9 @@

- run: ./node_modules/.bin/nx run packmind-cli:build

- name: Install dist CLI runtime dependencies
run: sh scripts/install-dist-cli-deps.sh

- name: Fix CLI artifacts permissions
run: |
chmod +x dist/apps/cli/main.cjs || true
Expand Down Expand Up @@ -358,12 +383,12 @@
NODE_OPTIONS: '--max-old-space-size=16384 --no-experimental-strip-types'
run: ./node_modules/.bin/nx test cli-e2e-tests

- name: Install latest production CLI from npm
- name: Install latest production CLI from registry
run: |
PROD_CLI_DIR="$(mktemp -d)"
cd "${PROD_CLI_DIR}"
npm init -y --silent
npm install @packmind/cli
pnpm init
pnpm add @packmind/cli

Check warning on line 391 in .github/workflows/build.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn-HCv0_1Y1LXtZu&open=AZ5uTn-HCv0_1Y1LXtZu&pullRequest=339
CLI_BINARY_PATH="$(node -e "console.log(require.resolve('@packmind/cli'))")"
cd -
echo "Installed CLI version: $(node "${CLI_BINARY_PATH}" --version)"
Expand Down
8 changes: 6 additions & 2 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,11 +92,15 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- uses: pnpm/action-setup@v4
with:
version: 9.15.0

- name: Set up Node.js ${{ inputs.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
cache: 'npm'
cache: 'pnpm'

- name: Get package version
id: get-version
Expand Down Expand Up @@ -145,7 +149,7 @@ jobs:
fi

- name: Install dependencies
run: npm ci --ignore-scripts --no-audit --no-fund
run: pnpm install --frozen-lockfile --prefer-offline

# Download all build artifacts
- name: Download API build artifacts
Expand Down
16 changes: 11 additions & 5 deletions .github/workflows/quality.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,15 @@
- uses: actions/checkout@v4
with:
fetch-depth: 10
- uses: pnpm/action-setup@v4
with:
version: 9.15.0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci --ignore-scripts --no-audit --no-fund
cache: 'pnpm'
- run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 69 in .github/workflows/quality.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn9pCv0_1Y1LXtZf&open=AZ5uTn9pCv0_1Y1LXtZf&pullRequest=339
- name: Generate Proprietary tsconfig
env:
PACKMIND_EDITION: ${{ env.ENTERPRISE_EDITION }}
Expand All @@ -73,7 +76,7 @@
PACKMIND_EDITION: ${{ env.ENTERPRISE_EDITION }}
run: ./node_modules/.bin/nx run-many -t lint --tuiAutoExit
- name: Check code formatting
run: npm run prettier:check
run: pnpm prettier:check

sonarqube:
if: vars.PACKMIND_EDITION != 'proprietary'
Expand All @@ -87,12 +90,15 @@
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: pnpm/action-setup@v4
with:
version: 9.15.0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci --ignore-scripts --no-audit --no-fund
cache: 'pnpm'
- run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 101 in .github/workflows/quality.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn9pCv0_1Y1LXtZh&open=AZ5uTn9pCv0_1Y1LXtZh&pullRequest=339
- name: Generate Proprietary tsconfig
env:
PACKMIND_EDITION: ${{ env.ENTERPRISE_EDITION }}
Expand Down
14 changes: 11 additions & 3 deletions .github/workflows/tmp-cli-lint-windows.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,25 @@
- name: Checkout
uses: actions/checkout@v4

- uses: pnpm/action-setup@v4
with:
version: 9.15.0

- name: Use Node.js 24.15.0
uses: actions/setup-node@v4
with:
node-version: '24.15.0'
cache: 'npm'
cache: 'pnpm'

- name: Install dependencies
run: npm ci --ignore-scripts --no-audit --no-fund
run: pnpm install --frozen-lockfile --prefer-offline

Check warning on line 32 in .github/workflows/tmp-cli-lint-windows.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Omitting "--ignore-scripts" can lead to the execution of shell scripts. Make sure it is safe here. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn9VCv0_1Y1LXtZd&open=AZ5uTn9VCv0_1Y1LXtZd&pullRequest=339

- name: Build CLI
run: npm run packmind-cli:build
run: pnpm packmind-cli:build

- name: Install dist CLI runtime dependencies
shell: bash
run: sh scripts/install-dist-cli-deps.sh

- name: Run CLI lint
run: node dist/apps/cli/main.cjs lint .
Expand Down
5 changes: 4 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,7 @@ apps/mcp-server/key.pem
docker/nginx/ssl

.nx/polygraph
.nx/self-healing
.nx/self-healing

# Node.js V8 compile cache (auto-generated by Node 22+ when NODE_COMPILE_CACHE is set)
node-compile-cache/
2 changes: 1 addition & 1 deletion .husky/pre-commit
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
npx pretty-quick --staged
pnpm exec pretty-quick --staged
scripts/precommit-lint.sh
8 changes: 8 additions & 0 deletions .npmrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
package-manager-strict=false
auto-install-peers=true
strict-peer-dependencies=false
shamefully-hoist=false
enable-pre-post-scripts=true
public-hoist-pattern[]=@types/*
public-hoist-pattern[]=*eslint*
public-hoist-pattern[]=*prettier*
2 changes: 1 addition & 1 deletion apps/api/docker-package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"main": "main.js",
"engines": {
"node": "24.15.0",
"npm": "11.12.1"
"pnpm": ">=9.0.0 <10.0.0"
},
"dependencies": {
"@amplitude/analytics-node": "^1.5.18",
Expand Down
2 changes: 1 addition & 1 deletion apps/cli/jest.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@
moduleFileExtensions: standardModuleFileExtensions,
coverageDirectory: '../../coverage/apps/cli',
transformIgnorePatterns: [
'/node_modules/(?!(chalk|#ansi-styles|#supports-color|slug)/)',
'node_modules/(?!(?:.*[\\\\/])?(chalk|#ansi-styles|#supports-color|slug)[@\\\\/])',

Check warning on line 14 in apps/cli/jest.config.ts

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

`String.raw` should be used to avoid escaping `\`. 


See more on https://sonarcloud.io/project/issues?id=PackmindHub_packmind&issues=AZ5uTn5VCv0_1Y1LXtZV&open=AZ5uTn5VCv0_1Y1LXtZV&pullRequest=339
],
};
7 changes: 5 additions & 2 deletions apps/cli/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,13 @@
},
"dependencies": {
"@types/inquirer": "^9.0.9",
"dotenv": "^16",
"inquirer": "^13.0.2",
"zod": "^4.3.5",
"minimatch": "^10",
"semver": "^7.7.4",
"which": "^4.0.0"
"undici": "^7",
"which": "^4.0.0",
"zod": "^4.3.5"
},
"devDependencies": {
"@types/which": "^3.0.4"
Expand Down
2 changes: 1 addition & 1 deletion apps/frontend/jest.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ module.exports = {
],
},
transformIgnorePatterns: [
'/node_modules/(?!(slug|marked|@chakra-ui|@zag-js|framer-motion|lucide-react)).+\\.[tj]sx?$',
'node_modules/(?!(?:.*[\\\\/])?(slug|marked|@chakra-ui|@zag-js|framer-motion|lucide-react)[@\\\\/]).+\\.[tj]sx?$',
],
testMatch: ['<rootDir>/src/**/*.(spec|test).[jt]s?(x)'],
setupFilesAfterEnv: ['<rootDir>/src/test-setup.ts'],
Expand Down
1 change: 1 addition & 0 deletions apps/frontend/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
"version": "0.0.0",
"private": true,
"dependencies": {
"@packmind/assets": "workspace:*",
"@types/nprogress": "0.2.3",
"nprogress": "0.2.0"
}
Expand Down
Loading
Loading