Skip to content

Remove cache in publish workflow #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
0xisk merged 3 commits into from
May 24, 2026
Merged

Remove cache in publish workflow #93

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
02cf28a
remove cache in publish workflow
andrew-fleming May 21, 2026
791b77a
enable corepack after setup node
andrew-fleming May 21, 2026
52269d5
set explicit false for node package-manager-cache
andrew-fleming May 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions .github/workflows/release-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,16 @@ jobs:
echo "- Trigger: $EVENT"
} >> $GITHUB_STEP_SUMMARY

- name: Setup Environment
uses: ./.github/actions/setup
- name: Enable corepack
run: corepack enable

- name: Setup Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version-file: ".nvmrc"

@coderabbitai coderabbitai Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Reorder: enable corepack AFTER Node.js setup.

Enabling corepack before actions/setup-node means corepack is configured against the runner's pre-installed Node.js. When the workflow then switches to the Node.js version specified in .nvmrc, the corepack shims may reference the wrong Node.js installation, potentially causing version mismatches or inconsistent package manager behavior in a security-sensitive release workflow.

🔧 Proposed fix: swap the step order 
-      - name: Enable corepack
-        run: corepack enable
-
       - name: Setup Node.js
         uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: ".nvmrc"
+
+      - name: Enable corepack
+        run: corepack enable
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Enable corepack
run: corepack enable
- name: Setup Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version-file: ".nvmrc"
- name: Setup Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version-file: ".nvmrc"
- name: Enable corepack
run: corepack enable
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release-publish.yml around lines 102 - 108, Move the
"Enable corepack" step to run after the actions/setup-node step so corepack is
initialized against the Node.js version specified by node-version-file ".nvmrc";
specifically, reorder the workflow so the actions/setup-node@... (the step using
node-version-file: ".nvmrc") runs first and then run the "Enable corepack" step
(run: corepack enable) immediately after it to ensure corepack shims target the
correct Node.js installation.


- name: Install dependencies
run: yarn install --immutable

- name: Build package
run: yarn build --filter=@openzeppelin/${{ steps.pkg.outputs.name }}
Expand Down
Loading