From 2319a3bd86b218e6e3f771edf8ca5289eedac794 Mon Sep 17 00:00:00 2001 From: Alex McKenzie Date: Sun, 19 Apr 2026 23:09:01 -0400 Subject: [PATCH 1/2] Fix publish workflow's npm upgrade step; bump to 8.0.1-alpha.1 The first dry-run (v8.0.1-alpha.0) failed because `npm install -g npm@latest` leaves a half-replaced install on GitHub runners, breaking the subsequent `npm install` with "Cannot find module 'promise-retry'". Install the newer npm into an isolated prefix and prepend that prefix to PATH instead, so the running npm is never replaced mid-flight. Version bumped to 8.0.1-alpha.1 to re-run the dry run on a fresh tag. --- .github/workflows/publish.yml | 15 +++++++++++++-- package.json | 2 +- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 94d6cdd..6b1f85e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,8 +24,19 @@ jobs: node-version: '22' registry-url: 'https://registry.npmjs.org' - - name: Upgrade npm (OIDC requires >= 11.5.1) - run: npm install -g npm@latest + - name: Install npm >= 11.5.1 (OIDC requires it) + # Self-upgrading the bundled npm (`npm install -g npm@latest`) is known + # to break mid-install on GitHub runners ("Cannot find module + # 'promise-retry'"). Install into an isolated prefix and prepend to PATH + # instead — avoids replacing the running npm. + run: | + NPM_DIR="$RUNNER_TEMP/npm-latest" + mkdir -p "$NPM_DIR" + npm install --prefix "$NPM_DIR" --no-save --no-audit --no-fund npm@latest + echo "$NPM_DIR/node_modules/.bin" >> "$GITHUB_PATH" + + - name: Show npm version + run: npm --version - name: Install run: npm install diff --git a/package.json b/package.json index 3499e83..8ecbaf5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@faceteer/cdk", - "version": "8.0.1-alpha.0", + "version": "8.0.1-alpha.1", "description": "CDK 2.0 constructs and helpers that make composing a Lambda powered service easier.", "main": "index.js", "files": [ From 2f56a3e58de84a8b37fa0c7bb22011ad10f51c6f Mon Sep 17 00:00:00 2001 From: Alex McKenzie Date: Sun, 19 Apr 2026 23:20:23 -0400 Subject: [PATCH 2/2] Use Node 24 instead of self-upgrading npm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Node 24 bundles npm 11.x, which in current releases is >= 11.5.1 — enough for OIDC Trusted Publishing. Drops the prefix-install workaround that was in place to avoid `npm install -g npm@latest` self-replacement breakage; the simpler path is just to run on a Node whose bundled npm already supports OIDC. `Show npm version` stays so the run log makes the actual version visible. --- .github/workflows/publish.yml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6b1f85e..47e8604 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,23 +18,16 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Use Node.js 22 + - name: Use Node.js 24 + # Node 24 bundles npm 11.x. OIDC Trusted Publishing needs npm >= 11.5.1, + # so if the bundled npm is recent enough we avoid a global upgrade step + # (which is fragile on GitHub runners). `Show npm version` below makes + # the actual bundled version visible in the run log. uses: actions/setup-node@v4 with: - node-version: '22' + node-version: '24' registry-url: 'https://registry.npmjs.org' - - name: Install npm >= 11.5.1 (OIDC requires it) - # Self-upgrading the bundled npm (`npm install -g npm@latest`) is known - # to break mid-install on GitHub runners ("Cannot find module - # 'promise-retry'"). Install into an isolated prefix and prepend to PATH - # instead — avoids replacing the running npm. - run: | - NPM_DIR="$RUNNER_TEMP/npm-latest" - mkdir -p "$NPM_DIR" - npm install --prefix "$NPM_DIR" --no-save --no-audit --no-fund npm@latest - echo "$NPM_DIR/node_modules/.bin" >> "$GITHUB_PATH" - - name: Show npm version run: npm --version