Skip to content

Force npm self-install in release workflow#258

Merged
mishushakov merged 1 commit intomainfrom
mishushakov/fix-ci-release
Apr 23, 2026
Merged

Force npm self-install in release workflow#258
mishushakov merged 1 commit intomainfrom
mishushakov/fix-ci-release

Conversation

@mishushakov
Copy link
Copy Markdown
Member

@mishushakov mishushakov commented Apr 22, 2026

Summary

  • The release workflow's "Update npm" step was failing with `Cannot find module 'promise-retry'` when upgrading the npm bundled with Node 22 (10.x) to 11.6. This is a known npm self-install bug (failed run).
  • Adding `--force` to `npm install -g npm@^11.6` works around the module-resolution failure during the self-overwrite.

Test plan

  • Next run of the Release workflow reaches the "Install dependencies" step without erroring in "Update npm".

🤖 Generated with Claude Code

@mishushakov @claude
Force npm self-install in release workflow
b412935 
Works around npm's "Cannot find module 'promise-retry'" error when
upgrading to npm 11.6 over the npm 10.x bundled with Node 22.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@cursor
Copy link
Copy Markdown

cursor Bot commented Apr 22, 2026
edited
Loading

PR Summary

Low Risk
Single-line CI workflow change affecting only the release pipeline; minimal code/runtime impact beyond how npm is upgraded in GitHub Actions.

Overview
Adjusts the Release GitHub Actions workflow to install npm@^11.6 with --force in the “Update npm” step, working around npm self-upgrade/module-resolution failures on Node 22 so the job can proceed to dependency installation and publishing.

Reviewed by Cursor Bugbot for commit b412935. Bugbot is set up for automated code reviews on this repo. Configure here.

claude[bot]
claude Bot reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — single-line workaround for the known npm self-install bug on Node 22.

Extended reasoning...

Overview

This PR modifies a single line in .github/workflows/release.yml: adding --force to the npm install -g npm@^11.6 command in the release job's "Update npm" step. No runtime code, tests, or application logic is touched.

Security risks

None. The --force flag here instructs npm to overwrite its own binary during a global self-upgrade, which is the documented workaround for the Cannot find module 'promise-retry' error that occurs when npm 10.x (bundled with Node 22) attempts to replace itself with npm 11.x. This does not bypass any authentication, expand permissions, or introduce injection risk.

Level of scrutiny

Low. This is a CI-only, single-line change fixing a known, reproducible npm breakage with a well-understood workaround. The change is isolated to the release pipeline and has no effect on the library code or its consumers.

Other factors

The bug report flags a pre-existing ::set-output deprecation in the charts-release job, which is unrelated to this PR's change. That issue has a masked impact (a fallback in build-docker-image compensates), so it does not block this merge — but it is worth fixing separately.

Comment thread .github/workflows/release.yml
@mishushakov mishushakov enabled auto-merge (squash) April 22, 2026 09:44
@mishushakov mishushakov merged commit 1c917b8 into main Apr 23, 2026
15 checks passed
@mishushakov mishushakov deleted the mishushakov/fix-ci-release branch April 23, 2026 17:28
@mishushakov mishushakov mentioned this pull request Apr 24, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@tvi tvi tvi approved these changes

@jakubno jakubno Awaiting requested review from jakubno jakubno is a code owner

@ValentaTomas ValentaTomas Awaiting requested review from ValentaTomas ValentaTomas is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mishushakov @tvi