Migrate to pnpm and update development instructions#4
Conversation
…lopment and build instructions in AGENTS.md, CONTRIBUTING.md, and DOCS.md. Remove package-lock.json and specify package manager in package.json.
There was a problem hiding this comment.
Pull request overview
This PR migrates the frontend from npm to pnpm, updating lockfiles, build tooling, CI, and developer documentation to standardize installs/builds around pnpm.
Changes:
- Add
pnpm-lock.yaml, removepackage-lock.json, and pin pnpm viapackageManagerinfrontend/package.json. - Update the frontend Docker build to use pnpm (
corepack+pnpm install --frozen-lockfile). - Add a dedicated GitHub Actions workflow to install/build the frontend with pnpm and update docs/instructions accordingly.
Reviewed changes
Copilot reviewed 7 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| frontend/pnpm-lock.yaml | Introduces pnpm lockfile for deterministic dependency resolution. |
| frontend/package.json | Pins pnpm via packageManager. |
| frontend/package-lock.json | Removes npm lockfile as part of the migration. |
| frontend/Dockerfile | Switches container build from npm to pnpm. |
| DOCS.md | Updates local frontend dev commands to pnpm. |
| CONTRIBUTING.md | Updates contributor build instructions to pnpm. |
| AGENTS.md | Updates quick commands for agents/dev workflow to pnpm. |
| .github/workflows/frontend-ci.yml | Adds pnpm-based frontend CI build workflow. |
| .cursor/rules/aperture-project.mdc | Updates project run/build instructions to pnpm. |
Files not reviewed (1)
- frontend/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| FROM node:20-alpine AS builder | ||
|
|
||
| RUN corepack enable && corepack prepare pnpm@9 --activate | ||
|
|
||
| WORKDIR /app | ||
|
|
||
| COPY package*.json ./ | ||
| RUN npm ci | ||
| COPY package.json pnpm-lock.yaml ./ | ||
| RUN pnpm install --frozen-lockfile |
There was a problem hiding this comment.
The build image is node:20-alpine, but the frontend toolchain in pnpm-lock.yaml (e.g. Vite / @vitejs/plugin-react) requires Node ^20.19.0 || >=22.12.0. node:20-alpine isn’t pinned to a minor/patch and may resolve to a Node 20 version < 20.19, which can break pnpm install/pnpm run build.
Also, corepack prepare pnpm@9 --activate pulls an arbitrary latest pnpm v9, which can drift from the pinned packageManager: pnpm@9.15.0 in package.json and reduce build reproducibility. Consider pinning the base image to node:20.19-alpine (or moving to node:22.12-alpine) and preparing the exact pnpm version from package.json (e.g. pnpm@9.15.0).
.github/workflows/frontend-ci.yml
Outdated
| version: 9 | ||
|
|
||
| - name: Set up Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '22' |
There was a problem hiding this comment.
CI pins pnpm to major 9 and Node to '22', but the lockfile indicates Vite and @vitejs/plugin-react require Node ^20.19.0 || >=22.12.0. Using '22' relies on whatever minor version setup-node selects; pinning to 22.12.0 (or using 20.19.0) avoids accidental engine mismatches.
For reproducibility, it would also help to align pnpm with frontend/package.json’s packageManager: pnpm@9.15.0 by setting pnpm/action-setup to version: 9.15.0 (or using corepack to honor packageManager).
| version: 9 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| version: 9.15.0 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.12.0' |
…e, and package.json for improved package management.
No description provided.