refactor(publish): tmpdir staging + pnpm publish + publishConfig.provenance#72
Closed
John-David Dalton (jdalton) wants to merge 2 commits intomainfrom
Closed
refactor(publish): tmpdir staging + pnpm publish + publishConfig.provenance#72John-David Dalton (jdalton) wants to merge 2 commits intomainfrom
John-David Dalton (jdalton) wants to merge 2 commits intomainfrom
Conversation
Working tree never mutates during publish; the staged copy is what `pnpm publish` runs against. Eliminates a class of "interrupted publish leaves dirty git status" incidents: - Run `pnpm publish:ci` against the live tree. - Operator hits Ctrl-C mid-publish (or runner times out). - Old behavior: tree was being modified in-place; recovery awkward. - New behavior: tmpdir cleanup unconditional via try/finally + SIGINT/SIGTERM signal handlers; tree stays clean throughout. Switches from `npm publish` to `pnpm publish` (matches the fleet's package manager). Adds two flags required for tmpdir publishing: - `--no-git-checks`: the staged tmpdir has no git history; pnpm's default would refuse to publish without one. - `--ignore-scripts`: the prepublishOnly guard in package.json exists to refuse direct `pnpm publish` runs from the working tree. The orchestrated publish already validated upstream, so the guard's purpose is moot for the staged copy. Local validated: `node scripts/publish.mts --dry-run --force` runs through cleanly with working tree staying clean throughout.
Same shape as socket-lib + socket-tui. Pins provenance to the package manifest so it survives any future direct publish path.
Collaborator
Author
|
Switching to direct push to main per repo policy. |
John-David Dalton (jdalton)
temporarily deployed
to
github-pages
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
os.tmpdir()viafs.cpbefore invokingpnpm publish. Working tree never mutates during publish; an interrupted run leavesgit statusclean.npm publishtopnpm publish(matches the fleet's package manager). Adds--no-git-checks(staged tmpdir has no git history) and--ignore-scripts(the source'sprepublishOnlyguard exists to refuse direct working-tree publishes; the orchestrator already validated upstream).publishConfig: {access:public, provenance:true}on root so attestation is a property of the package, not a property of the workflow's--provenanceCLI flag.try/finally+ SIGINT/SIGTERM handlers feedingsafeDelete()/safeDeleteSync().Test plan
node scripts/publish.mts --dry-run --forceproduces clean dry-run output