fix(ci): refresh lockfile for the new shared-auth lib #207

Merged
julien merged 1 commits from fix/ci-lockfile-shared-auth into main 2026-05-23 21:22:00 +02:00
Owner

Summary

The auth-catalogue skeleton PR (#206) added libs/shared/auth/ with three dev dependencies (tslib, vitest, @nx/vite) in the new lib's package.json but did not refresh pnpm-lock.yaml. As a result the post-merge pnpm install --frozen-lockfile step in CI on main fails with:

ERR_PNPM_OUTDATED_LOCKFILE  Cannot install with "frozen-lockfile" because
pnpm-lock.yaml is not up to date with <ROOT>/libs/shared/auth/package.json
specifiers in the lockfile don't match specifiers in package.json:
* 3 dependencies were added: tslib@^2.3.0, vitest@^4.0.8, @nx/vite@^22.7.1

Running pnpm install locally adds the missing importers["libs/shared/auth"] block. No other dependency moves — every other version is pinned to what main already resolved.

What lands

File Change
pnpm-lock.yaml +12 lines: new importers["libs/shared/auth"] entry with the three deps resolved to tslib@2.8.1, vitest@4.1.6, @nx/vite@22.7.2 — same versions as the other libs/shared/* libs already use.

Notes for the reviewer

  • Why this didn't surface during #206's CI run. PR-level CI runs against the branch's pnpm-lock.yaml after pnpm install had refreshed it locally during the work. The lockfile delta should have been part of #206 but was missed at commit time. Post-merge CI on main is the first run that exercises a clean --frozen-lockfile against the merged tree, which is when the gap shows.
  • Why not amend #206. It's already on main. A separate small fix-up PR is cleaner than re-opening the merged history.
  • Preventing recurrence. Standard Nx flow: every PR that creates a new lib or moves a dep should run pnpm install and stage the lockfile alongside the source. A future drift-gate (mentioned in ADR-0025 §"Confirmation" for catalogue drift) could be extended to also assert lockfile-vs-package-json alignment, but that's out of scope for this fix.

Test plan

  • pnpm install --frozen-lockfile succeeds locally on this branch.
  • Post-merge CI on main runs through the install step cleanly.
## Summary The auth-catalogue skeleton PR (#206) added `libs/shared/auth/` with three dev dependencies (`tslib`, `vitest`, `@nx/vite`) in the new lib's `package.json` but did not refresh `pnpm-lock.yaml`. As a result the post-merge `pnpm install --frozen-lockfile` step in CI on `main` fails with: ``` ERR_PNPM_OUTDATED_LOCKFILE Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up to date with <ROOT>/libs/shared/auth/package.json specifiers in the lockfile don't match specifiers in package.json: * 3 dependencies were added: tslib@^2.3.0, vitest@^4.0.8, @nx/vite@^22.7.1 ``` Running `pnpm install` locally adds the missing `importers["libs/shared/auth"]` block. No other dependency moves — every other version is pinned to what `main` already resolved. ## What lands | File | Change | | --- | --- | | `pnpm-lock.yaml` | +12 lines: new `importers["libs/shared/auth"]` entry with the three deps resolved to `tslib@2.8.1`, `vitest@4.1.6`, `@nx/vite@22.7.2` — same versions as the other `libs/shared/*` libs already use. | ## Notes for the reviewer - **Why this didn't surface during #206's CI run.** PR-level CI runs against the branch's `pnpm-lock.yaml` *after* `pnpm install` had refreshed it locally during the work. The lockfile delta should have been part of #206 but was missed at commit time. Post-merge CI on `main` is the first run that exercises a clean `--frozen-lockfile` against the merged tree, which is when the gap shows. - **Why not amend #206.** It's already on `main`. A separate small fix-up PR is cleaner than re-opening the merged history. - **Preventing recurrence.** Standard Nx flow: every PR that creates a new lib or moves a dep should run `pnpm install` and stage the lockfile alongside the source. A future drift-gate (mentioned in ADR-0025 §"Confirmation" for catalogue drift) could be extended to also assert lockfile-vs-package-json alignment, but that's out of scope for this fix. ## Test plan - [x] `pnpm install --frozen-lockfile` succeeds locally on this branch. - [ ] Post-merge CI on `main` runs through the install step cleanly.
julien added 1 commit 2026-05-23 21:20:41 +02:00
fix(ci): refresh lockfile for the new shared-auth lib
CI / commits (pull_request) Successful in 2m59s
CI / a11y (pull_request) Successful in 2m2s
Docs site / build (pull_request) Successful in 4m33s
CI / perf (pull_request) Successful in 8m34s
CI / scan (pull_request) Failing after 3m17s
CI / check (pull_request) Failing after 4m0s
82467966e1
ADR-0025's auth-catalogue skeleton (#206) added libs/shared/auth/
with three dev deps (tslib, vitest, @nx/vite) but did not refresh
pnpm-lock.yaml, so the post-merge `pnpm install --frozen-lockfile`
in CI fails with ERR_PNPM_OUTDATED_LOCKFILE.

Re-running `pnpm install` adds the missing importer block for the
new lib; no other dep change.
julien merged commit a34709613f into main 2026-05-23 21:22:00 +02:00
julien deleted branch fix/ci-lockfile-shared-auth 2026-05-23 21:22:03 +02:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: julien/apf_portal#207