Skip to content

ci: fix esbuild build-gate and decouple PR build from downstream repos#21

Merged
CameronBrooks11 merged 1 commit into
mainfrom
ci/fix-footguns
Jun 26, 2026
Merged

ci: fix esbuild build-gate and decouple PR build from downstream repos#21
CameronBrooks11 merged 1 commit into
mainfrom
ci/fix-footguns

Conversation

@CameronBrooks11

Copy link
Copy Markdown
Member

Fixes the two CI footguns from #20.

Footgun 1 — esbuild build-gate contradiction

The issue described allowBuilds as an unrecognized inert key and pnpm.onlyBuiltDependencies (package.json) as the working mechanism. Verifying against the pnpm version CI actually runs (version: latest → 11.7) showed the opposite:

  • pnpm 11 no longer reads the pnpm field in package.json — it warns and ignores pnpm.onlyBuiltDependencies (legacy key).
  • pnpm 11.0 replaced onlyBuiltDependencies with allowBuilds (a pkg → bool map). So allowBuilds: { esbuild: false } was the recognized current key, actively blocking esbuild's postinstall.

Net: both halves of the old config conspired to leave esbuild unbuilt — the exact breakage footgun. Fix:

  • pnpm-workspace.yaml: allowBuilds: { esbuild: true }
  • package.json: drop the dead pnpm field (consolidated into the workspace file)

Verified locally (pnpm 11.7): onlyBuiltDependencies: [esbuild][ERR_PNPM_IGNORED_BUILDS] Ignored ... esbuild; allowBuilds: { esbuild: true } → postinstall runs, esbuild --version = 0.21.5, install exits 0.

Footgun 2 — PR build hard-coupled to 7 downstream repos

scripts/fetch-metrics.mjs hit the GitHub API + release assets unauthenticated and exit(1) on any miss, so a docs-only PR could red-fail for rate limits or a missing downstream asset. Fix (matching the issue's "pass GITHUB_TOKEN … and/or non-blocking" intent):

  • Authenticate with GITHUB_TOKEN when present (passed to the build step in ci.yml and deploy.yml) to lift the unauthenticated rate limit.
  • On pull_request builds, a missing release/asset is non-fatal — warn and skip that repo instead of failing the build.
  • main/deploy (push) builds stay strict (exit(1)) so the published site is complete.

Verified locally with an injected bogus repo: PR build → WARN (skipped on PR build) + exit 0; push build → ERROR + exit 1; authenticated run fetches all 7 real repos, exit 0.

Scope notes

  • The metrics path (the "missing downstream asset" the issue calls out) is degraded gracefully; the git-clone steps in aggregate.mjs / generate-reference.mjs remain strict, since a genuinely missing repo's docs is a real content gap (degrading it would just surface as VitePress dead-link failures). Authenticating the REST/asset fetch addresses the realistic transient red-fail (the 60/hr unauthenticated limit shared across Actions runners).
  • Out of scope (issue's "Smaller" section, not part of the two footguns): orphan .markdownlint-test.json, pinning pnpm via packageManager, engines.node alignment.

Refs #20, anolishq/.github#84

Footgun 1 (esbuild build-gate): pnpm 11 replaced onlyBuiltDependencies
with allowBuilds and no longer reads the `pnpm` field in package.json
(it warns and ignores it). The old config was therefore inverted: the
legacy allowlist in package.json was inert, while
`allowBuilds: { esbuild: false }` in pnpm-workspace.yaml was the
recognized current key actively blocking esbuild's postinstall. Set
`allowBuilds: { esbuild: true }` and drop the dead `pnpm` field so the
esbuild binary is built. Verified: postinstall runs, `esbuild
--version` reports 0.21.5, install exits 0.

Footgun 2 (PR build coupled to 7 downstream repos): fetch-metrics.mjs
hit the GitHub API and release assets unauthenticated and exit(1) on
any miss, so a docs-only PR could red-fail for rate limits or a missing
asset. Authenticate with GITHUB_TOKEN (passed to the build step in both
workflows) to lift the rate limit, and on pull_request builds skip a
missing release/asset with a warning instead of failing. main/deploy
builds stay strict so the published site is complete.

Refs #20, anolishq/.github#84
@CameronBrooks11 CameronBrooks11 merged commit f18d8e1 into main Jun 26, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant