Skip to content

PF-3329: migrate to pnpm + node 24 + GitHub Packages#33

Open
genisd wants to merge 7 commits into
mainfrom
PF-3329
Open

PF-3329: migrate to pnpm + node 24 + GitHub Packages#33
genisd wants to merge 7 commits into
mainfrom
PF-3329

Conversation

@genisd
Copy link
Copy Markdown
Member

@genisd genisd commented May 21, 2026

Summary

Migrates @gynzy/ember-sortable to pnpm v10, Node 24, and publishing to GitHub Packages on top of util.workflowJavascriptPackage() from lib-jsonnet. Also performs a publish-hygiene pass: package now uses a files allowlist instead of .npmignore, dropping the published tarball from 459 KB to 21 KB.

Migration scope

  • Package manager: yarn -> pnpm (packageManager: "pnpm@10.33.4").
  • Node: bumped engines.node to >=24, .nvmrc -> 24, CI image -> node:24.
  • Registry: publishes only to GitHub Packages (@gynzy:registry=https://npm.pkg.github.com). Generated YAML has no references to npm.gynzy.net or setGynzyNpmToken.
  • Version: 4.0.13 -> 4.0.14 (PATCH bump for publish-preview's check-version-bump action).
  • lib-jsonnet PR-257 pulled (adds packageManager='pnpm' support to workflowJavascriptPackage). Repo was already onboarded to lib-jsonnet — no bootstrap needed.
  • Removed legacy ci/npm.sh + ci/publish.sh (yarn publish to npm.gynzy.net), now superseded by helper-generated publish jobs.
  • Lint script and .husky/pre-commit hook switched from yarn to pnpm (corepack blocks the yarn binary once packageManager is pinned). Deprecated husky v9 shebang lines removed.

Dependency

This PR depends on lib-jsonnet#257. Workflows are currently regenerated from pr-257. Follow-up after adopted-ember-addons#257 merges to prod: re-run sh .github/jsonnet/pull-upstream-and-rebuild.sh (no PR_NUMBER) to repin to prod and commit the diff.

Repo facts (discovery)

  • Default branch: main
  • Visibility: PUBLIC -> isPublicFork=true (runner: ubuntu-latest)
  • Detected scripts: build=ember build, lint=ember-template-lint . && eslint ., test:ember=ember test, test:all=ember try:each. No plain test script.
  • Existing CI behavior: builds inside the publish job (no separate test/lint job). Preserved: the new helper-generated pnpm-publish-preview job runs pnpm run build by default, matching previous behavior. testJob=null is deliberate — there was no separate test job before, and adding browser-based test:ember to CI is out of scope for this migration.
  • No non-helper extra pipelines to preserve.
  • Local verification: pnpm install --frozen-lockfile, pnpm run lint, pnpm run build all pass.

Generated workflows

util.workflowJavascriptPackage(
  repositories=['github'],
  packageManager='pnpm',
  branch='main',
  isPublicFork=true,
  testJob=null,
)

Note: the spec template used repositories=['github', 'gynzy'], but the hard requirement of GitHub-Packages-only publishing forbids setGynzyNpmToken in the generated YAML, so the list is ['github'] only.

Publish hygiene

pnpm pack baseline vs after:

metric before after delta
packed 459 KB 21 KB -95%
unpacked 663 KB 76 KB -88%
file count 39 28 -11

The biggest single contributor to the previous tarball was demo.gif (510 KB, a README marketing asset). Other stripped: CHANGELOG.md (36 KB), V2_MIGRATION_RFC.md (33 KB), migration guides, RELEASE.md, CODE_OF_CONDUCT.md, .husky/, .claude/, .github.jsonnet, catalog-info.yaml, Makefile, .gitattributes, .nvmrc.

files array shipped:

"files": ["addon", "addon-test-support", "app", "config", "index.js"]

(npm/pnpm implicitly include package.json, README.md, LICENSE.md.)

.npmignore decision: deleted entirely (option a). The new tarball includes addon/.gitkeep, app/.gitkeep, and config/ember-try.js — a combined ~1.6 KB of leakage, trivial against the 438 KB reduction. The files array is the single source of truth for the published surface.

CI publish bloat observation (no action required this PR)

The helper-generated publish jobs run pnpm config set store-dir .pnpm-store && pnpm install --frozen-lockfile before pnpm publish. With the previous .npmignore-based approach, the in-workspace pnpm store risked leaking into the tarball in CI. The files allowlist eliminates that risk regardless — supporting motivation for the allowlist migration, not a blocker.

Test plan

  • CI: misc/verify-jsonnet-gh-actions job green.
  • CI: pnpm-publish-preview job builds with node:24 + pnpm and publishes a 4.0.14-pr<N>.<run> tarball to GitHub Packages.
  • Inspect uploaded preview tarball — confirm only the files in the files array (plus auto-included README/LICENSE/package.json) are present.
  • On merge to main: pnpm-publish job publishes 4.0.14 to GitHub Packages.
  • After lib-jsonnet#257 merges to prod, run sh .github/jsonnet/pull-upstream-and-rebuild.sh (without PR_NUMBER) and open a small follow-up PR with the diff.

Open Questions

  • None blocking. The existing CI did not run lint or browser tests pre-migration; this PR preserves that posture. If we want a separate test job that exercises pnpm run lint and pnpm run test:ember in CI going forward, that's a separate, scoped change.

genisd and others added 7 commits May 21, 2026 09:54
@genisd
chore: update jsonnet (lib-jsonnet PR-257)
9274a8b 
Pulls lib-jsonnet PR-257 which adds packageManager='pnpm' support to
workflowJavascriptPackage. Workflows still emit yarn-based output at
this step because .github.jsonnet has not been updated yet.
@genisd
chore: switch to pnpm + node 24
4c79dff 
- Pin packageManager to pnpm@10.33.4
- Bump engines.node to >=24
- Bump version 4.0.13 -> 4.0.14 (publish-preview check-version-bump)
- Add .nvmrc (24), .npmrc (@gynzy -> npm.pkg.github.com)
- Update lint script + pre-commit hook to use pnpm (corepack blocks
  yarn calls now that packageManager is pinned)
- Drop deprecated husky v9 shebang lines
@genisd
chore: swap lockfile yarn.lock -> pnpm-lock.yaml
0b96914
@genisd
chore: publish to GitHub Packages with pnpm
f97e5d6 
- .github.jsonnet now invokes workflowJavascriptPackage(packageManager='pnpm',
  repositories=['github']); regenerated workflows now use node:24, pnpm, and
  push exclusively to npm.pkg.github.com.
- Drop legacy ci/npm.sh + ci/publish.sh (npm.gynzy.net/yarn publish), now
  superseded by helper-generated publish jobs.

Generated YAML verified to contain no references to npm.gynzy.net,
setGynzyNpmToken, or yarn.
@genisd
chore: drop .npmignore in favor of files allowlist
d745181 
The files allowlist added to package.json is now the single source of
truth for what ships. Removing .npmignore eliminates duplicate config.

Tarball impact (pnpm pack):
- packed:   459 KB -> 21 KB (-95%)
- unpacked: 663 KB -> 76 KB (-88%)
- files:    39 -> 28

Net leakage vs. previous .npmignore behavior: ~1.6 KB
(addon/.gitkeep, app/.gitkeep, config/ember-try.js).
@genisd
chore: require node >=22
dead01a
@genisd
fix: publish to npm.gynzy.net as well
ba951e7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fhp fhp fhp approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@genisd @fhp