chore: migrate npm to pnpm across CI, Docker, and scripts#555
chore: migrate npm to pnpm across CI, Docker, and scripts#555Anshumancanrock wants to merge 10 commits intocameri:mainfrom
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
coverage: 74.929%. remained the same — Anshumancanrock:chore/pnpm-migration into cameri:main |
There was a problem hiding this comment.
Pull request overview
Migrates the project’s tooling and documentation from npm to pnpm across local scripts, CI workflows, and Docker-based environments.
Changes:
- Switch CI workflows to install/cache dependencies with
pnpmand frozen lockfile installs. - Update Dockerfiles/docker-compose migration steps and Husky hooks to use
pnpm/pnpm exec. - Refresh docs and script usage text to reference
pnpmcommands; add a changeset for CI requirements.
Reviewed changes
Copilot reviewed 27 out of 30 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
test/integration/docker-compose.yml |
Updates DB migration step to use corepack + pnpm dlx during integration tests. |
docker-compose.yml |
Updates DB migration step to use corepack + pnpm dlx in local compose setup. |
src/scripts/export-events.ts |
Updates CLI usage output from npm run to pnpm run. |
src/scripts/benchmark-queries.ts |
Updates docstring/usage output from npm run to pnpm run. |
src/import-events.ts |
Updates CLI usage output from npm run to pnpm run. |
src/clean-db.ts |
Updates help text examples from npm run to pnpm run. |
scripts/verify-index-impact.ts |
Updates usage doc comment to pnpm run. |
scripts/smoke-nip03.ts |
Updates usage doc comment to pnpm exec. |
scripts/smoke-nip03.md |
Updates instructions to pnpm run / pnpm exec. |
scripts/security-load-test.ts |
Updates usage doc comment to pnpm exec / pnpm run. |
package.json |
Adds packageManager pin and updates scripts to use pnpm. |
Dockerfile.test |
Switches dependency install to pnpm with frozen lockfile. |
Dockerfile.railwayapp |
Switches build/runtime installs and migration invocation to pnpm. |
Dockerfile |
Switches build/runtime installs and build step to pnpm. |
README.md |
Updates developer/user commands to pnpm. |
CONTRIBUTING.md |
Updates contributor commands to pnpm / pnpm exec. |
CONFIGURATION.md |
Updates benchmarking commands to pnpm. |
.husky/pre-commit |
Updates hook commands to pnpm run. |
.husky/commit-msg |
Updates hook to use pnpm exec commitlint. |
.gitignore |
Ignores package-lock.json and pnpm cache artifacts. |
.github/workflows/checks.yml |
Updates CI jobs to use pnpm/action-setup, pnpm cache, and frozen installs. |
.github/workflows/changesets.yml |
Updates release workflow to use pnpm install and pnpm-based changeset commands. |
.changeset/bright-clocks-jam.md |
Adds a patch changeset documenting the migration. |
src/routes/index.ts |
Adds explicit Router typing and import adjustments. |
src/routes/invoices/index.ts |
Adds explicit Router typing for router instance. |
src/routes/callbacks/index.ts |
Adds explicit Router typing for router instance. |
src/routes/admissions/index.ts |
Adds explicit Router typing for router instance. |
src/factories/web-app-factory.ts |
Adds explicit Express return type for createWebApp. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - sh | ||
| - -c | ||
| - 'cd code && npm install --no-save --quiet knex@2.4.0 pg@8.8.0 && npx knex migrate:latest' | ||
| - 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' |
There was a problem hiding this comment.
This migration container runs corepack enable && pnpm dlx ... in /code without a package.json, so Corepack can’t read the repo’s packageManager pin and may pick a different pnpm version over time. To keep CI/integration tests reproducible, explicitly prepare/activate the pnpm version you expect (e.g., corepack prepare pnpm@10.33.0 --activate) before invoking pnpm dlx.
| - 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' | |
| - 'cd code && corepack enable && corepack prepare pnpm@10.33.0 --activate && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' |
| - sh | ||
| - -c | ||
| - 'cd code && npm install --no-save --quiet knex@2.4.0 pg@8.8.0 && npx knex migrate:latest' | ||
| - 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' |
There was a problem hiding this comment.
corepack enable && pnpm dlx ... is executed in /code, which doesn’t include this repo’s package.json (and therefore doesn’t provide the packageManager: pnpm@10.33.0 pin). That makes the pnpm version selected by Corepack non-deterministic and could break migrations if Corepack defaults change. Consider explicitly preparing/activating the intended pnpm version here (e.g., corepack prepare pnpm@10.33.0 --activate) before running pnpm dlx.
| - 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' | |
| - 'cd code && corepack enable && corepack prepare pnpm@10.33.0 --activate && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest' |
🦋 Changeset detectedLatest commit: 5ccfb8e The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Anshumancanrock
force-pushed
the
chore/pnpm-migration
branch
from
c8996be to
04cb64c
Compare
Anshumancanrock
force-pushed
the
chore/pnpm-migration
branch
from
71db1c1 to
5ccfb8e
Compare
|
hii @cameri , could you please review this pr when you have time? Thanks ! |
Anshumancanrock
force-pushed
the
chore/pnpm-migration
branch
from
f0be329 to
5ccfb8e
Compare
|
|
||
| ``` | ||
| NODE_OPTIONS="-r dotenv/config" npm run db:migrate | ||
| NODE_OPTIONS="-r dotenv/config" pnpm run db:migrate |
There was a problem hiding this comment.
@Anshumancanrock can you please try running this command? Do we need the node options env var since now we can pass .env files directly to node?
| ```sh | ||
| npm run db:benchmark | ||
| npm run db:benchmark -- --runs 5 --kind 1 --limit 500 | ||
| pnpm run db:benchmark |
There was a problem hiding this comment.
I think "run" isn't needed in most cases, we could probably drop it. Can you try running without run and see if it just works?
| COPY --from=build /build/package.json /build/pnpm-lock.yaml ./ | ||
|
|
||
| RUN npm install --omit=dev --quiet | ||
| RUN corepack enable && corepack prepare pnpm@10.33.0 --activate && pnpm install --prod --frozen-lockfile --silent |
There was a problem hiding this comment.
Can we make PNMP_VERSION an ARG and ENV var?
|
|
||
| ADD migrations /build/migrations | ||
|
|
||
| RUN npm install -g knex@2.4.0 && npm install --quiet |
There was a problem hiding this comment.
Are we sure not install knex globally here won't break Railway?
| Install dependencies: | ||
|
|
||
| ``` | ||
| npm install -g knex |
There was a problem hiding this comment.
Same question about install knex globally?
|
|
||
| ``` | ||
| NODE_OPTIONS="-r dotenv/config" npm run db:migrate | ||
| NODE_OPTIONS="-r dotenv/config" pnpm run db:migrate |
There was a problem hiding this comment.
Let's check if this NODE_OPTIONS can be removed and use node owns env file loading mechanism.
Migrates the package manager from
npmtopnpmto improve install times, enforce strict dependency resolution, and reduce disk space usage.Changes
package-lock.jsonwithpnpm-lock.yaml(usingpnpm@10.33.0).pnpm/action-setupandpnpm install --frozen-lockfile.Dockerfileanddocker-composeconfiguration to usepnpm.pnpm exec.README.md,CONTRIBUTING.md, andCONFIGURATION.md.Closes #438
npm vs pnpm benchmark (cold install, 3 runs each)
Installation is ~2.5× faster
Testing