Use these steps to update pnpm and CI pins without blunt search/replace.
Steps (run from repo root)
- Update pnpm locally
Try pnpm self-update; if pnpm is missing or self-update fails, run corepack prepare pnpm@latest --activate.
-
Capture the resulting version as
PNPM_VERSION=$(pnpm -v). -
Align package.json
Open package.json and set packageManager to pnpm@${PNPM_VERSION} (preserve trailing newline and formatting).
- Find latest pnpm/action-setup tag
Query GitHub API: curl -fsSL https://api.github.com/repos/pnpm/action-setup/releases/latest | jq -r .tag_name.
-
Use
GITHUB_TOKEN/GH_TOKENif available for higher rate limits. -
Store as
ACTION_TAG(e.g.,v4.2.0). Abort if missing. -
Update workflows carefully (no broad regex)
Files: everything under .github/workflows/ that uses pnpm/action-setup.
- For each file, edit by hand:
Set uses: pnpm/action-setup@${ACTION_TAG}.
-
If a
with: version:field exists, set it to${PNPM_VERSION}(keep quoting style/indent). -
Do not touch unrelated steps. Avoid multiline sed/perl one-liners.
-
Verify
Run pnpm -v and confirm it matches packageManager.
-
git diffto ensure only intended workflow/package.json changes. -
Follow-up
If runtime code/build/test config was changed (not typical here), run $code-change-verification; otherwise, a light check is enough.
- Commit with
chore: upgrade pnpm toolchainand open a PR (automation may do this).
Notes
-
Tools needed:
curl,jq,node,pnpm/corepack. Install if missing. -
Keep edits minimal and readable—prefer explicit file edits over global replacements.
-
If GitHub API is rate-limited, retry with a token or bail out rather than guessing the tag.