chore: migrate npm to pnpm across CI, Docker, and scripts#555
chore: migrate npm to pnpm across CI, Docker, and scripts#555Anshumancanrock wants to merge 13 commits intocameri:mainfrom
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
coverage: 74.946%. remained the same — Anshumancanrock:chore/pnpm-migration into cameri:main |
There was a problem hiding this comment.
Pull request overview
Migrates the project’s tooling and documentation from npm to pnpm across local scripts, CI workflows, and Docker-based environments.
Changes:
- Switch CI workflows to install/cache dependencies with
pnpmand frozen lockfile installs. - Update Dockerfiles/docker-compose migration steps and Husky hooks to use
pnpm/pnpm exec. - Refresh docs and script usage text to reference
pnpmcommands; add a changeset for CI requirements.
Reviewed changes
Copilot reviewed 27 out of 30 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
test/integration/docker-compose.yml |
Updates DB migration step to use corepack + pnpm dlx during integration tests. |
docker-compose.yml |
Updates DB migration step to use corepack + pnpm dlx in local compose setup. |
src/scripts/export-events.ts |
Updates CLI usage output from npm run to pnpm run. |
src/scripts/benchmark-queries.ts |
Updates docstring/usage output from npm run to pnpm run. |
src/import-events.ts |
Updates CLI usage output from npm run to pnpm run. |
src/clean-db.ts |
Updates help text examples from npm run to pnpm run. |
scripts/verify-index-impact.ts |
Updates usage doc comment to pnpm run. |
scripts/smoke-nip03.ts |
Updates usage doc comment to pnpm exec. |
scripts/smoke-nip03.md |
Updates instructions to pnpm run / pnpm exec. |
scripts/security-load-test.ts |
Updates usage doc comment to pnpm exec / pnpm run. |
package.json |
Adds packageManager pin and updates scripts to use pnpm. |
Dockerfile.test |
Switches dependency install to pnpm with frozen lockfile. |
Dockerfile.railwayapp |
Switches build/runtime installs and migration invocation to pnpm. |
Dockerfile |
Switches build/runtime installs and build step to pnpm. |
README.md |
Updates developer/user commands to pnpm. |
CONTRIBUTING.md |
Updates contributor commands to pnpm / pnpm exec. |
CONFIGURATION.md |
Updates benchmarking commands to pnpm. |
.husky/pre-commit |
Updates hook commands to pnpm run. |
.husky/commit-msg |
Updates hook to use pnpm exec commitlint. |
.gitignore |
Ignores package-lock.json and pnpm cache artifacts. |
.github/workflows/checks.yml |
Updates CI jobs to use pnpm/action-setup, pnpm cache, and frozen installs. |
.github/workflows/changesets.yml |
Updates release workflow to use pnpm install and pnpm-based changeset commands. |
.changeset/bright-clocks-jam.md |
Adds a patch changeset documenting the migration. |
src/routes/index.ts |
Adds explicit Router typing and import adjustments. |
src/routes/invoices/index.ts |
Adds explicit Router typing for router instance. |
src/routes/callbacks/index.ts |
Adds explicit Router typing for router instance. |
src/routes/admissions/index.ts |
Adds explicit Router typing for router instance. |
src/factories/web-app-factory.ts |
Adds explicit Express return type for createWebApp. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - sh | ||
| - -c | ||
| - 'cd code && npm install --no-save --quiet knex@2.4.0 pg@8.8.0 && npx knex migrate:latest' | ||
| - 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' |
There was a problem hiding this comment.
This migration container runs corepack enable && pnpm dlx ... in /code without a package.json, so Corepack can’t read the repo’s packageManager pin and may pick a different pnpm version over time. To keep CI/integration tests reproducible, explicitly prepare/activate the pnpm version you expect (e.g., corepack prepare pnpm@10.33.0 --activate) before invoking pnpm dlx.
| - 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' | |
| - 'cd code && corepack enable && corepack prepare pnpm@10.33.0 --activate && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' |
| - sh | ||
| - -c | ||
| - 'cd code && npm install --no-save --quiet knex@2.4.0 pg@8.8.0 && npx knex migrate:latest' | ||
| - 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' |
There was a problem hiding this comment.
corepack enable && pnpm dlx ... is executed in /code, which doesn’t include this repo’s package.json (and therefore doesn’t provide the packageManager: pnpm@10.33.0 pin). That makes the pnpm version selected by Corepack non-deterministic and could break migrations if Corepack defaults change. Consider explicitly preparing/activating the intended pnpm version here (e.g., corepack prepare pnpm@10.33.0 --activate) before running pnpm dlx.
| - 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' | |
| - 'cd code && corepack enable && corepack prepare pnpm@10.33.0 --activate && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' |
🦋 Changeset detectedLatest commit: ae62fa7 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Anshumancanrock
force-pushed
the
chore/pnpm-migration
branch
from
c8996be to
04cb64c
Compare
Anshumancanrock
force-pushed
the
chore/pnpm-migration
branch
from
71db1c1 to
5ccfb8e
Compare
|
hii @cameri , could you please review this pr when you have time? Thanks ! |
Anshumancanrock
force-pushed
the
chore/pnpm-migration
branch
from
f0be329 to
5ccfb8e
Compare
| COPY --from=build /build/package.json /build/pnpm-lock.yaml ./ | ||
|
|
||
| RUN npm install --omit=dev --quiet | ||
| RUN corepack enable && corepack prepare pnpm@10.33.0 --activate && pnpm install --prod --frozen-lockfile --silent |
There was a problem hiding this comment.
Can we make PNMP_VERSION an ARG and ENV var?
There was a problem hiding this comment.
Done ! Added ARG PNPM_VERSION=10.33.0 at the top of all three Dockerfiles and replaced every hardcoded reference with$PNPM_VERSION
|
|
||
| ``` | ||
| NODE_OPTIONS="-r dotenv/config" npm run db:migrate | ||
| NODE_OPTIONS="-r dotenv/config" pnpm run db:migrate |
There was a problem hiding this comment.
Let's check if this NODE_OPTIONS can be removed and use node owns env file loading mechanism.
…on containers, drop redundant 'run' keyword
|
|
||
| ``` | ||
| npm run dev | ||
| pnpm run dev |
There was a problem hiding this comment.
Shall we remove run from commands in this file as well?
|
|
||
| ``` | ||
| npm run knip | ||
| pnpm run knip |
There was a problem hiding this comment.
Can we rename knip script in package json to check:dependencies or check:deps?
| npm run lint | ||
| npm run format:check | ||
| pnpm run lint | ||
| pnpm run format:check |
There was a problem hiding this comment.
Can we rename format:check to check:format?
| COPY . . | ||
|
|
||
| RUN npm run build | ||
| RUN pnpm run build |
| COPY . . | ||
|
|
||
| RUN npm run build | ||
| RUN pnpm run build |
| Basic import: | ||
| ``` | ||
| npm run import -- ./events.jsonl | ||
| pnpm run import ./events.jsonl |
Migrates the package manager from
npmtopnpmto improve install times, enforce strict dependency resolution, and reduce disk space usage.Changes
package-lock.jsonwithpnpm-lock.yaml(usingpnpm@10.33.0).pnpm/action-setupandpnpm install --frozen-lockfile.Dockerfileanddocker-composeconfiguration to usepnpm.pnpm exec.README.md,CONTRIBUTING.md, andCONFIGURATION.md.Closes #434
npm vs pnpm benchmark (cold install, 3 runs each)
Installation is ~2.5× faster
Testing