Skip to content

Make npm publish reruns safe#17

Merged
purnendu-convai merged 1 commit into
mainfrom
codex/idempotent-npm-publish
May 9, 2026
Merged

Make npm publish reruns safe#17
purnendu-convai merged 1 commit into
mainfrom
codex/idempotent-npm-publish

Conversation

@purnendu-convai
Copy link
Copy Markdown
Member

@purnendu-convai purnendu-convai commented May 9, 2026

Summary

  • skip npm packages that are already published for the requested release version
  • add CLI repository metadata so npm provenance validation accepts the package

Tests

  • npm_config_cache=/Users/purnendu/analytics/convai-analytics-bugfix/.npm-cache make package-check

@purnendu-convai @claude
ci: make npm publish reruns safe
9612570 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 9, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds repository metadata to the cli/package.json file. Feedback indicates that the implementation for skipping already published packages, which was mentioned in the PR summary to ensure idempotency, is currently missing from the changes.

Comment thread cli/package.json
Comment on lines +21 to +25
"repository": {
"type": "git",
"url": "https://github.com/Conv-AI/convai-analytics.git",
"directory": "cli"
},
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The pull request summary mentions skipping npm packages that are already published to make reruns safe, but the implementation for this logic (e.g., a check in prepublishOnly or a dedicated script using npm view) is missing from the changes in this file. While the addition of the repository metadata is correct and necessary for provenance validation, the logic to ensure idempotency appears to be missing. If this was intended to be part of this PR, please include the necessary script updates.

@purnendu-convai purnendu-convai merged commit 8f6a616 into main May 9, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@purnendu-convai