Skip to content

fix(release): regenerate lockfile after version bump and guard it#189

Merged
KeKs0r merged 1 commit into
mainfrom
fix/release-regenerate-lockfile
Jul 9, 2026
Merged

fix(release): regenerate lockfile after version bump and guard it#189
KeKs0r merged 1 commit into
mainfrom
fix/release-regenerate-lockfile

Conversation

@KeKs0r

@KeKs0r KeKs0r commented Jul 8, 2026

Copy link
Copy Markdown
Member

Summary

Main CI went red on the chore: version packages commit with bun install --frozen-lockfile failing (lockfile had changes, but lockfile is frozen). Root cause: scripts/manual-release.ts runs changeset version (which bumps every package.json) but never regenerates the lockfile, then commits with git add -A. examples/clickbench pins its chkit deps to exact published betas; while the workspace version equals that pin, bun dedupes those deps onto the local workspace copies and the stale lockfile passes. Once a release bumps the workspace past the pin (beta.2 → beta.4), bun must resolve those packages from the registry — resolutions absent from the committed lockfile — so frozen install fails. Both existing lockfile guards live in CI after the push, so nothing stopped the bad lockfile from landing on main.

This PR fixes the release script:

  • Run bun install --lockfile-only right after version-packages so the release commit carries the updated resolutions.
  • Add bun install --frozen-lockfile to runReleaseGuards() so a stale lockfile fails the release locally before it is pushed.

The already-broken lockfile on main was regenerated separately in a3c7006 (main is green again); this PR prevents recurrence.

Test plan

  • bun run typecheck passes
  • biome check scripts/manual-release.ts clean
  • Next release runs cleanly and the chore: version packages commit passes CI's frozen-install step

changeset version bumps package.json versions but never touches the
lockfile. examples/* pin sibling chkit packages to exact published
betas, so once the workspace version moves past that pin bun can no
longer dedupe them onto the local copies and must record fresh registry
resolutions. Without regenerating the lockfile, the release commit ships
a stale one that CI's bun install --frozen-lockfile rejects on main.

- Run bun install --lockfile-only right after version-packages so the
  release commit carries the updated resolutions.
- Add bun install --frozen-lockfile to the release guards so a stale
  lockfile fails the release locally before it is pushed.
@KeKs0r KeKs0r merged commit 6e96e52 into main Jul 9, 2026
6 checks passed
@KeKs0r KeKs0r deleted the fix/release-regenerate-lockfile branch July 9, 2026 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant