fix bootstrap ETARGET when customer has npm min-release-age policy (#725)
* fix bootstrap ETARGET when customer has npm min-release-age policy set npm_config_min_release_age=0 in the action runtime env so `npx --yes pullfrog@<spec>` doesn't get rejected by a customer-side release-age gate (npm 11.5+'s min-release-age / pnpm's minimumReleaseAge). env vars beat .npmrc in npm config precedence, so this neutralises the policy regardless of where it's defined. pullfrog's npm version is server-stamped from a SHA-pinned action ref customers already vet at the action layer — it isn't a customer-vetted dep, so the release-age policy is the wrong affordance for our bootstrap and would otherwise hard-fail every run while the latest publish ages into the customer's window. closes #713 * also cover pnpm's minimumReleaseAge key for corepack fallback path * correct pnpm env var (pnpm v11+ uses pnpm_config_*, not npm_config_*) the prior commit set `npm_config_minimum_release_age=0` to cover the pnpm corepack-dlx fallback path, but pnpm v11+ only reads env vars prefixed `pnpm_config_*` / `PNPM_CONFIG_*` (the v10→v11 migration explicitly renamed the prefix). swap to the correct env var so the fallback path actually neutralises pnpm's `minimumReleaseAge`. also tighten the comment block, and add an AGENTS.md rule reminding us to fetch top-level reviews AND inline review comments together — they live on different endpoints and the inline set is easy to miss with `gh pr view --json reviews,comments` alone. * add scripts/pr-reviews.ts for one-shot review evaluation dumps top-level reviews + inline review threads (with resolved/outdated state) + PR-level conversation in a single GraphQL round trip, so agents don't miss inline-comment feedback. fixes the trap where `gh pr view --json reviews,comments` silently omits the inline `pulls/{n}/comments` set. borrows `gh auth token` so no env vars are required. registered in `wiki/scripts.md`; AGENTS.md rule updated to point at the script instead of the two-step gh-CLI workaround. * pr-reviews: dump raw JSON for jq piping
This commit is contained in:
committed by
pullfrog[bot]
parent
951745ec89
commit
1a9d3c1f82
@@ -104,6 +104,15 @@ function createRuntimeContext(): RuntimeContext {
|
||||
const env: NodeJS.ProcessEnv = { ...process.env };
|
||||
env.npm_config_registry = NPM_REGISTRY;
|
||||
env.COREPACK_NPM_REGISTRY = NPM_REGISTRY;
|
||||
// bypass customer-side release-age gates (npm's `min-release-age`, pnpm's
|
||||
// `minimumReleaseAge`) so our bootstrap can resolve the latest publish.
|
||||
// pullfrog's npm version is server-stamped from a SHA-pinned action ref the
|
||||
// customer already vets at the action layer — not a customer-vetted dep, so
|
||||
// the gate is the wrong affordance here. env beats .npmrc in both tools.
|
||||
// npm uses `npm_config_*`; pnpm v11+ requires `pnpm_config_*` (the v10→v11
|
||||
// migration renamed the prefix). tracked: #713
|
||||
env.npm_config_min_release_age = "0";
|
||||
env.pnpm_config_minimum_release_age = "0";
|
||||
const currentPath = process.env.PATH ?? "";
|
||||
env.PATH = currentPath ? `${nodeBinDir}${delimiter}${currentPath}` : nodeBinDir;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user