CCM-16068 - Added support for setting up pnpm tooling#102
CCM-16068 - Added support for setting up pnpm tooling#102rhyscoxnhs wants to merge 4 commits intomainfrom
Conversation
| - name: pnpm install | ||
| working-directory: ./docs | ||
| run: npm ci --min-release-age 3 | ||
| run: pnpm install --frozen-lockfile |
There was a problem hiding this comment.
This should default to true in CI environments. I can't see GitHub mentioned but probably falls under env.CI with GitLab:
https://pnpm.io/cli/install#--frozen-lockfile
There was a problem hiding this comment.
Actually the bash scripts do want it explicitly set as we might run it locally. So we could just stick with it being explicitly set everywhere.
| return sub; | ||
| }), | ||
| subscriptions: config.subscriptions.map( | ||
| // eslint-disable-next-line sonarjs/function-return-type -- false positive: complex conditional spread returns are all SubscriptionConfiguration subtypes |
There was a problem hiding this comment.
Why do we have a load of lint fixes on this branch? Was the linter not picking these up?
| - "tools/*" | ||
|
|
||
| engineStrict: true | ||
| minimumReleaseAge: 720 |
There was a problem hiding this comment.
Is 12 hours enough? Gone from 0 -> 3 days -> 12 hours.
I think 1 day at least would give us enough time to be alerted to a supply chain attack but 2 would be safer.
| ts-node: "^10.9.2" | ||
| tsx: "^4.21.0" | ||
| typescript: "^5.9.3" | ||
| zod: "^4.3.6" |
There was a problem hiding this comment.
Is zod not app rather than tools?
2 participants
Description
Context
Type of changes
Checklist
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.