Run clean install in npm run bootstrap#343
Conversation
- Change package.json bootstrap to use 'npm ci --prefix packages/hooklib' - Change k8s-tests workflow to use 'npm ci' instead of 'npm install' - All three packages (hooklib, k8s, docker) now use deterministic installs - All three CI jobs (format-and-lint, docker-tests, k8s-tests) now use npm ci
There was a problem hiding this comment.
Pull request overview
Updates the repository bootstrap and CI workflow to use clean, lockfile-driven npm installs for more reproducible builds across the root project and subpackages.
Changes:
- Switched
npm run bootstrapto usenpm ciforpackages/hooklib(consistent clean installs across all packages). - Updated CI (k8s job) to use
npm ciinstead ofnpm install. - Added CI logging of Node and npm versions to aid debugging.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| package.json | Makes bootstrap use npm ci for hooklib to enforce lockfile consistency. |
| .github/workflows/build.yaml | Improves CI reproducibility (uses npm ci) and adds version logging for Node/npm. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| with: | ||
| node-version: 24 | ||
| cache: npm | ||
| - run: node --version && npm --version | ||
| name: Log Node and npm versions |
There was a problem hiding this comment.
actions/setup-node caching is enabled (cache: npm), but this repo installs dependencies from multiple lockfiles (root plus packages/*/package-lock.json). Without setting cache-dependency-path to include those lockfiles, CI cache keys won’t reflect changes in subpackage dependencies and cache hit rate will be lower. Consider adding cache-dependency-path with a glob like package-lock.json and packages/*/package-lock.json.
| with: | ||
| node-version: 24 | ||
| cache: npm | ||
| - run: node --version && npm --version | ||
| name: Log Node and npm versions |
There was a problem hiding this comment.
actions/setup-node caching is enabled (cache: npm), but installs also happen from packages/*/package-lock.json during npm run bootstrap. Consider configuring cache-dependency-path to include the subpackage lockfiles so cache keys track dependency changes and improve cache hits.
| - run: node --version && npm --version | ||
| name: Log Node and npm versions | ||
| - run: npm ci | ||
| name: Install dependencies |
There was a problem hiding this comment.
This job now uses npm ci + npm run bootstrap, which installs from multiple lockfiles (root and packages/*/package-lock.json). To keep actions/setup-node’s cache: npm effective, consider setting cache-dependency-path (in the earlier setup-node step) to include the subpackage lockfiles as well.
No description provided.