Skip to content

chore: ensure that pnpm also enforces minimumReleaseAge#40476

Merged
jamietanna merged 1 commit intomainfrom
chore/pnpm-mra
Apr 23, 2026
Merged

chore: ensure that pnpm also enforces minimumReleaseAge#40476
jamietanna merged 1 commit intomainfrom
chore/pnpm-mra

Conversation

@jamietanna
Copy link
Copy Markdown
Contributor

Changes

On top of our Renovate configuration0 not allowing Renovate to prepare
updates until npm packages have been available for 7 days, we can
provide "defence in depth" by also wiring in pnpm's configuration.

This takes the rules from 0 and applies them to explicitly allowlist
our packages, as well as set the limit to 7 days.

Context

Please select one of the below:

  • This closes an existing Issue: Closes #
  • This doesn't close an Issue, but I accept the risk that this PR may be closed if maintainers disagree with its opening or implementation

AI assistance disclosure

Did you use AI tools to create any part of this pull request?

Please select one option and, if yes, briefly describe how AI was used (e.g., code, tests, docs) and which tool(s) you used.

  • No — I did not use AI for this contribution.
  • Yes — minimal assistance (e.g., IDE autocomplete, small code completions, grammar fixes).
  • Yes — substantive assistance (AI generated non‑trivial portions of code, tests, or documentation).
  • Yes — other (please describe):

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

The public repository:

viceice
viceice previously approved these changes Jan 16, 2026
@jamietanna
Copy link
Copy Markdown
Contributor Author

OK, E2Es are failing becasue:

> renovate@0.0.0-semantic-release test-e2e:install /home/runner/work/renovate/renovate
> cd test/e2e && pnpm --ignore-workspace install --no-lockfile --prod
                      ^^^^^^^^^^^^^^^^^^

@jamietanna
Copy link
Copy Markdown
Contributor Author

@viceice thoughts on what we should do here?

viceice
viceice previously approved these changes Apr 14, 2026
Copy link
Copy Markdown
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can try it

@jamietanna
Copy link
Copy Markdown
Contributor Author

The trouble is that the E2Es don't seem to work with it:

# https://github.com/renovatebot/renovate/actions/runs/24401534360/job/71273345474?pr=40476
 ERR_PNPM_NO_MATURE_MATCHING_VERSION  Version 2.4.1 (released 6 days ago) of @renovatebot/osv-offline does not meet the minimumReleaseAge constraint

@viceice
Copy link
Copy Markdown
Member

viceice commented Apr 14, 2026

The trouble is that the E2Es don't seem to work with it:

# https://github.com/renovatebot/renovate/actions/runs/24401534360/job/71273345474?pr=40476
 ERR_PNPM_NO_MATURE_MATCHING_VERSION  Version 2.4.1 (released 6 days ago) of @renovatebot/osv-offline does not meet the minimumReleaseAge constraint

maybe we need to copy the e2e test to a tmp folder so we're out of the repo workspace?

@jamietanna jamietanna changed the title build: ensure that pnpm also enforces minimumReleaseAge chore: ensure that pnpm also enforces minimumReleaseAge Apr 23, 2026
@jamietanna
Copy link
Copy Markdown
Contributor Author

Weirdly this works locally 🤔

@jamietanna jamietanna marked this pull request as draft April 23, 2026 13:21
@jamietanna
Copy link
Copy Markdown
Contributor Author

Could be worth waiting for pnpm/pnpm#11224

@jamietanna jamietanna marked this pull request as ready for review April 23, 2026 13:43
@github-actions github-actions Bot requested a review from viceice April 23, 2026 13:43
@jamietanna jamietanna removed the request for review from viceice April 23, 2026 13:43
On top of our Renovate configuration[0] not allowing Renovate to prepare
updates until npm packages have been available for 7 days, we can
provide "defence in depth" by also wiring in pnpm's configuration.

This takes the rules from [0] and applies them to explicitly allowlist
our packages, as well as set the limit to 7 days.

To make sure our E2E tests still operate, we can - in a slightly hacky
manner - disable `minimumReleaseAge` by deleting the
`pnpm-workspace.yaml`, as it doesn't seem to be possible to
`--ignore-workspace` while using `minimumReleaseAge`, as it still
requires the `minimumReleaseAge` to pass.

[0]: https://github.com/renovatebot/.github/blob/095f454e8b1141edb1045dd389bee4c59c51613e/default.json
@jamietanna jamietanna requested review from a team and viceice April 23, 2026 13:53
@jamietanna jamietanna added this pull request to the merge queue Apr 23, 2026
Merged via the queue into main with commit 88098b9 Apr 23, 2026
46 checks passed
@jamietanna jamietanna deleted the chore/pnpm-mra branch April 23, 2026 15:21
@github-actions
Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 43.140.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants