ci: fix esbuild build-gate and decouple PR build from downstream repos#21
Merged
Conversation
Footgun 1 (esbuild build-gate): pnpm 11 replaced onlyBuiltDependencies
with allowBuilds and no longer reads the `pnpm` field in package.json
(it warns and ignores it). The old config was therefore inverted: the
legacy allowlist in package.json was inert, while
`allowBuilds: { esbuild: false }` in pnpm-workspace.yaml was the
recognized current key actively blocking esbuild's postinstall. Set
`allowBuilds: { esbuild: true }` and drop the dead `pnpm` field so the
esbuild binary is built. Verified: postinstall runs, `esbuild
--version` reports 0.21.5, install exits 0.
Footgun 2 (PR build coupled to 7 downstream repos): fetch-metrics.mjs
hit the GitHub API and release assets unauthenticated and exit(1) on
any miss, so a docs-only PR could red-fail for rate limits or a missing
asset. Authenticate with GITHUB_TOKEN (passed to the build step in both
workflows) to lift the rate limit, and on pull_request builds skip a
missing release/asset with a warning instead of failing. main/deploy
builds stay strict so the published site is complete.
Refs #20, anolishq/.github#84
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes the two CI footguns from #20.
Footgun 1 — esbuild build-gate contradiction
The issue described
allowBuildsas an unrecognized inert key andpnpm.onlyBuiltDependencies(package.json) as the working mechanism. Verifying against the pnpm version CI actually runs (version: latest→ 11.7) showed the opposite:pnpmfield in package.json — it warns and ignorespnpm.onlyBuiltDependencies(legacy key).onlyBuiltDependencieswithallowBuilds(apkg → boolmap). SoallowBuilds: { esbuild: false }was the recognized current key, actively blocking esbuild's postinstall.Net: both halves of the old config conspired to leave esbuild unbuilt — the exact breakage footgun. Fix:
pnpm-workspace.yaml:allowBuilds: { esbuild: true }package.json: drop the deadpnpmfield (consolidated into the workspace file)Verified locally (pnpm 11.7):
onlyBuiltDependencies: [esbuild]→[ERR_PNPM_IGNORED_BUILDS] Ignored ... esbuild;allowBuilds: { esbuild: true }→ postinstall runs,esbuild --version=0.21.5, install exits 0.Footgun 2 — PR build hard-coupled to 7 downstream repos
scripts/fetch-metrics.mjshit the GitHub API + release assets unauthenticated andexit(1)on any miss, so a docs-only PR could red-fail for rate limits or a missing downstream asset. Fix (matching the issue's "passGITHUB_TOKEN… and/or non-blocking" intent):GITHUB_TOKENwhen present (passed to the build step inci.ymlanddeploy.yml) to lift the unauthenticated rate limit.pull_requestbuilds, a missing release/asset is non-fatal — warn and skip that repo instead of failing the build.main/deploy (push) builds stay strict (exit(1)) so the published site is complete.Verified locally with an injected bogus repo: PR build →
WARN (skipped on PR build)+ exit 0; push build →ERROR+ exit 1; authenticated run fetches all 7 real repos, exit 0.Scope notes
aggregate.mjs/generate-reference.mjsremain strict, since a genuinely missing repo's docs is a real content gap (degrading it would just surface as VitePress dead-link failures). Authenticating the REST/asset fetch addresses the realistic transient red-fail (the 60/hr unauthenticated limit shared across Actions runners)..markdownlint-test.json, pinning pnpm viapackageManager,engines.nodealignment.Refs #20, anolishq/.github#84