diff --git a/.github/workflows/cli-binaries.yml b/.github/workflows/cli-binaries.yml index 53794fa..86bf417 100644 --- a/.github/workflows/cli-binaries.yml +++ b/.github/workflows/cli-binaries.yml @@ -42,7 +42,7 @@ jobs: - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 20 + node-version: 22 - name: Get pnpm store directory shell: bash diff --git a/.github/workflows/drift-check.yml b/.github/workflows/drift-check.yml index 5eb485f..57c8523 100644 --- a/.github/workflows/drift-check.yml +++ b/.github/workflows/drift-check.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 20 + node-version: 22 - name: Compare @rendobar/sdk dep vs npm latest env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index efc09b1..ede3d98 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 20 + node-version: 22 cache: pnpm - run: pnpm install --frozen-lockfile diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f587de1..8d2077e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 20 + node-version: 22 cache: pnpm - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 diff --git a/.github/workflows/watchdog.yml b/.github/workflows/watchdog.yml index d9f73c8..f5d520a 100644 --- a/.github/workflows/watchdog.yml +++ b/.github/workflows/watchdog.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 20 + node-version: 22 - name: Detect silent release skip env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/package.json b/package.json index 6ff53e3..2c9cf2e 100644 --- a/package.json +++ b/package.json @@ -38,5 +38,5 @@ "lefthook": "^2.0.0", "typescript": "^6.0.0" }, - "packageManager": "pnpm@9.15.9" + "packageManager": "pnpm@11.5.2" } diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml new file mode 100644 index 0000000..d3c8c18 --- /dev/null +++ b/pnpm-workspace.yaml @@ -0,0 +1,13 @@ +# pnpm 11 blocks dependency build scripts by default. lefthook needs its +# postinstall to install the git hooks behind the commit-msg / pre-commit guards +# (pnpm 9 ran these automatically). +allowBuilds: + lefthook: true + +# pnpm 11 also enables a minimumReleaseAge supply-chain policy by default, which +# rejects any dependency published within the cooldown window. The drift-check +# cron bumps @rendobar/sdk to its newest release the same day it publishes, so +# the default would intermittently fail `pnpm install --frozen-lockfile` in CI +# until each release "ages in". Disable it to keep CI deterministic; SDK +# provenance is already covered by npm publish attestations. +minimumReleaseAge: 0