chore(releases): automatically update the lockfile in changeset PRs

[myftija]

This is a step which we currently need to do manually and it's rather painful. The lockfile update is necessary due to cross references in our packages.

Added it as a separate job instead of a step to start from fresh workspace, as the state that the changeset step leaves the workdir is not explicitly clear to the reader.

[changeset-bot]

⚠️ No Changeset found

Latest commit: da5e2ab

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

A new GitHub Actions job "Update lockfile on release PR" was added to .github/workflows/release.yml. It runs after the release job when needs.release.outputs.published != 'true', checks out the changeset-release/main branch, sets up pnpm and Node, runs pnpm install to refresh pnpm-lock.yaml, and commits/pushes the lockfile if changed. The release workflow also gains a step that, when a release is published, creates and pushes a Docker tag v.docker.<package_version> to the repository.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Verify needs.release.outputs.published is emitted by the release job and referenced correctly.
• Confirm the changeset-release/main branch name matches repository convention.
• Check that commit/push logic only stages and commits pnpm-lock.yaml when modified.
• Validate contents: write permission covers the push and tag operations.
• Inspect the Docker tag step: tag naming (v.docker.<package_version>), authentication, and push command.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description explains the motivation and implementation details but does not follow the required template structure with sections like Closes #, Checklist, Testing, Changelog, and Screenshots.	Follow the repository template by adding: issue number reference, completing the checklist items, describing testing steps performed, adding a changelog entry, and organizing content into the defined sections.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: automating lockfile updates in changeset PRs, which directly matches the PR's primary objective and the workflow changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch changeset-update-lockfile

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 41accee and da5e2ab.

📒 Files selected for processing (1)

• .github/workflows/release.yml (2 hunks)

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-11-27T16:27:48.109Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-27T16:27:48.109Z
Learning: pnpm version `10.23.0` and Node.js version `20.11.1` are required for development

Applied to files:

• .github/workflows/release.yml

📚 Learning: 2025-11-27T16:27:48.109Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-27T16:27:48.109Z
Learning: Use pnpm for package management in this monorepo

Applied to files:

• .github/workflows/release.yml

📚 Learning: 2024-09-23T12:51:42.019Z

Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 1306
File: .github/actions/get-image-tag/action.yml:51-62
Timestamp: 2024-09-23T12:51:42.019Z
Learning: In the 'get-image-tag' GitHub Action, prefer dependent workflows to fail immediately when the tag is invalid, without outputting the validity status as an output.

Applied to files:

• .github/workflows/release.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (23)

• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (8, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (2, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (7, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (8, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (6, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (1, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (6, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (3, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (4, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (7, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (4, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (2, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (5, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (1, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (3, 8)
• GitHub Check: units / packages / 🧪 Unit Tests: Packages (1, 1)
• GitHub Check: typecheck / typecheck
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (4)

.github/workflows/release.yml (4)

85-91: Docker tag error handling is now in place.

The set -e and explicit git push origin address the previous review feedback on error handling and clarity.

---

119-127: Node version mismatch with development requirements.

The development setup per learnings specifies Node.js 20.11.1, but this uses 20.19.0. While the main release job also uses 20.19.0, verify that this is an intentional update to the development requirements and not an oversight. If the requirements have changed, update the learnings documentation.

---

106-142: Unresolved feedback: minimumReleaseAge configuration.

A previous review comment from myftija flagged that line 130 (the pnpm install step) should respect the root level minimumReleaseAge: 4320 config set in pnpm-workspace.yaml. This concern has not been addressed in the current implementation. Please clarify the intended behavior:

• Should this job include a check to ensure the minimum release age has elapsed before updating the lockfile?
• Or should the pnpm install command be modified to respect this configuration in some way?

Without understanding the requirement, it's unclear if the current implementation is sufficient.

---

132-142: Error handling and git operations look solid.

The set -e, proper git config, and explicit branch specification address the previous feedback about defensive error handling.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[myftija]

this should respect the root level minimumReleaseAge: 4320 config set in pnpm-workspace.yaml

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 331882f and 9701c40.

📒 Files selected for processing (1)

• .github/workflows/release.yml (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-27T16:27:48.109Z
Learning: pnpm version `10.23.0` and Node.js version `20.11.1` are required for development

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: units / internal / 🧪 Unit Tests: Internal (7, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (8, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (3, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (6, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (8, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (2, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (4, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (4, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (1, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (7, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (6, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (2, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (1, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (3, 8)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
• GitHub Check: units / packages / 🧪 Unit Tests: Packages (1, 1)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
• GitHub Check: typecheck / typecheck
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (1)

.github/workflows/release.yml (1)

98-104: Job structure and conditional logic are sound.

The job definition correctly targets release PRs (when published != 'true') and uses appropriate permissions for git operations. The dependency on needs: release ensures this runs after the main release job completes. This approach of using a separate job (rather than a step within the release job) is good for isolation—each job gets a fresh workspace as intended.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9701c40 and 41accee.

📒 Files selected for processing (1)

• .github/workflows/release.yml (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-11-27T16:27:48.109Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-27T16:27:48.109Z
Learning: pnpm version `10.23.0` and Node.js version `20.11.1` are required for development

Applied to files:

• .github/workflows/release.yml

📚 Learning: 2025-11-27T16:27:48.109Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-27T16:27:48.109Z
Learning: Use pnpm for package management in this monorepo

Applied to files:

• .github/workflows/release.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (23)

• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (8, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (7, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (8, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (4, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (3, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (6, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (3, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (1, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (2, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (7, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (6, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (1, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (2, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (4, 8)
• GitHub Check: units / packages / 🧪 Unit Tests: Packages (1, 1)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
• GitHub Check: typecheck / typecheck
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (2)

.github/workflows/release.yml (2)

118-126: Verify Node.js version consistency.

The update-lockfile job specifies Node 20.19.0, which differs from the learnings indicating Node 20.11.1 is required for development. Ensure this version upgrade is intentional and compatible with the monorepo.

Was the Node.js version intentionally upgraded from 20.11.1 to 20.19.0? Please confirm this is compatible with the rest of the codebase.

---

128-142: Error handling improvements look good.

The commit and push step now includes set -e for proper error handling and specifies the branch explicitly in the git push command (git push origin changeset-release/main), addressing the prior review feedback. The conditional check (git diff --quiet) ensures no unnecessary commits are made when the lockfile is unchanged.