Skip to content

fix: Add lockfile freshness validation to plugin-ci workflow#147

Open
privilegedescalation-engineer[bot] wants to merge 1 commit intomainfrom
fix/lockfile-freshness-validation
Open

fix: Add lockfile freshness validation to plugin-ci workflow#147
privilegedescalation-engineer[bot] wants to merge 1 commit intomainfrom
fix/lockfile-freshness-validation

Conversation

@privilegedescalation-engineer
Copy link
Copy Markdown
Contributor

@privilegedescalation-engineer privilegedescalation-engineer Bot commented May 5, 2026

Summary

Adds a pre-install validation step to detect stale pnpm lockfiles when overrides are present in package.json. Prevents the confusing ERR_PNPM_LOCKFILE_CONFIG_MISMATCH error by failing early with a clear message directing developers to run pnpm install.

Changes

  • Added Validate pnpm lockfile freshness (detect stale overrides) step to .github/workflows/plugin-ci.yaml
  • The step runs before "Install dependencies" when using pnpm with a lockfile that has an overrides section
  • If lockfile is stale, provides clear error message suggesting pnpm install to regenerate

Testing

  • The change is a workflow-only modification; CI will validate the YAML syntax on the PR
  • Existing plugin repos without overrides are unaffected (validation is skipped)

Related

@cpfarhood
Add lockfile freshness validation to detect stale pnpm overrides
5a8e1dd 
Prevents ERR_PNPM_LOCKFILE_CONFIG_MISMATCH by validating lockfile
freshness before install when pnpm-lock.yaml contains an overrides
section. Provides clear error message directing users to run
'pnpm install' to regenerate the lockfile.

Fixes PRI-764
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cpfarhood