CI changes #961
Draft
CI changes #961
+559
−124
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The `--no-package-lock` workaround was added due to npm bug #4828, where npm < 11.3.0 generates incomplete lockfiles for packages with optional platform dependencies (esbuild, rollup). Optional cross-platform dependencies were restored to `package-lock.json` in 358f276, so npm will be able to install from the lock file in the GitHub Actions. Also, fixed in npm 11.3.0 (Apr 2025), but Node v22 ships npm v10 and will remain affected out-of-the-box. Investigation notes follow. What happened? -------------- 1. Switch from yarn to npm: `package-lock.json` added, `yarn.lock` removed - modelcontextprotocol@702f827 Presumably: - run `npm install` to generate a `package-lock.json` from the yarn-managed `node_modules`, on macos - bug #4828: npm omitted optional cross-platform dependencies from the lock file npm can't easily fix this. `npm install [email protected]` could write a resolved dependency, but at the exact version so `foo` would be pinned, and semver operator twiddling would be required to restore it as-was. The fix would be to "manually" re-add the missing metadata. 2. Pull 47, tries `npm ci`, and reverts, on 11 Nov 2024 modelcontextprotocol@3789ef9 - "Try restoring npm ci" --> testing the new node release for the bug? - ran against `setup-node`, `node-version: 18`, likely: 18.20.5 (released nov 11, 2024; ~same day) - git show 3789ef9:.github/workflows/main.yml - Failed action, and logs have expired - https://github.com/modelcontextprotocol/inspector/actions/runs/11782443393/job/32817472448 - https://nodejs.org/en/download/archive/v18.20.5 - uses npm 10.8.2 - Re-tried in inspector fork - workflow run at 3789ef9 - change `node-version: 18` to `18.20.5` (exact node / npm on commit date) - Fails due to missing `linux-x64-gnu` platform dep (rollup, would similarly affect esbuild) 3. Cross-platform dependencies restored to lockfile on 1 May 2025 modelcontextprotocol#372 - modelcontextprotocol@358f276 - worked because `package-lock.json` and `node_modules` were both removed - i.e., not the bug conditions -> even npm < 11.3.0 generates correct lockfile - At that point, `--no-package-lock` could've been removed from CI, Dockerfile, etc. NPM --- npm (aborist) fixed #4828 npm/cli#8184 - npm/cli#4828 --> frequent http 500, due to many comments - npm/cli@a96d8f6 - will not be backported Released in 11.3.0 on 8 Apr npm/cli#8150 - https://github.com/npm/cli/releases/tag/v11.3.0 - arborist 9.0.2 - https://github.com/npm/cli/releases/tag/arborist-v9.0.2 - npm v11.3.0 ships with node v24.2.0, on 6 May 2025 - https://nodejs.org/en/download/archive/v24 Node v22 ships npm v10 - https://nodejs.org/en/download/archive/v22 - will always be affected, no backport coming
Top-level `npm run lint` runs `prettier --check .` and lint in client/ Using the package script after install ensures the same procedure and versions are used in CI and development, and also avoids yet-another variant of a direct prettier invocation.
Separates publish jobs into `release.yml` to eliminate "skipped" status noise on pull requests. All PRs currently display "skipped" for publish jobs, which is correct since they should only run on releases. However, this can confuse PR submitters who may not realize the skipping is expected rather than a failure related to their changes (accidental release trigger, etc.). Separate workflows keep PR checks focused on build and test jobs relevant to the submitter.
- Shows all jobs related to a PR in one workflow run for convenience - Fewer "duplicate" runs, de-cluttering the Github Actions UI - Conceptual grouping since it uses the same triggers as build job
- Shows all jobs related to a PR in one workflow run for convenience - Fewer "duplicate" runs, de-cluttering the Github Actions UI - Conceptual grouping since it uses the same triggers as build job
From npm/cli:
$ git log -1 -p -G'"node":' -U0 --format="" v11.3.0 -- package.json | grep node
- "node": "^18.17.0 || >=20.5.0"
+ "node": "^20.17.0 || >=22.9.0"
Since prettier lacks CRLF configuration, presumably Windows contributors are configuring EOL using git-config. Using `gitattributes` would be more user-friendly for those not knowing git configuration details, and eliminate this config hidden in CI.
GitHub Runner version >= 2.239.0 is required. Workflow `Set up job` runs do indicate that runner version is used: > Current runner version: '2.329.0'
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I think this is at the point where it can be looked at. Likely low-priority, except perhaps the first bits.
Summary
The changes started from investigating two CI failures:
Prettier problems caused by mismatch between development and CI environments
Release build failures when
--no-package-lockcaused CI to resolve newer dependency versionsthan the locked versions used in development
As I investigated, it seemed worth reorganizing workflows for better PR "checks" and GitHub Actions
UI organization. I also added a matrix for cross-platform testing on Windows.
Regarding review --
I tried to keep commits small, with the intent of reviewing each by paging through the PR UI.
[Opt]commits are changes about which I was uncertain, and need closer attention. I'll reword todrop
[Opt]if they'll be kept.I've ordered them to make it easy to slice up. So if preferrable, I can split this into multiple
smaller PRs (e.g., CI fixes, then workflow organization, etc.). Submitting it as one since it's
conceptually related.
Type of Change
Core Fixes
--no-package-lockwithnpm clean-installsemver-compatible versions
Workflow Organization
build.yml: All PR-relevant jobs (build, test, lint, dependency testing, e2e tests)release.yml: Contains publish jobs (only runs on releases)main.ymlfor clarityclaude.yml: Remains separate (Claude-assisted development tasks)ubuntu-latest) and Windows (windows-latest)package-lock.jsonhandlingscripts/validate-platform-dependencies.jsdetects missing platform-dependencies in the lockfile[Opt]Includes pre-commit hook validation[Opt]Use engines for npm version 11.3.0 (warn EBADENGINE)Consistency & Maintenance
package.jsonscripts consistentlynpm run prettier-checkandnpm run lintinstead of invoking tools directlyactions/setup-node@v6for latest featuresactions/checkout@v6for improved performanceworkflow_dispatchfor manual workflow triggeringRelated Issues
.node-versionto22Testing
Example CI in fork:
ReleaseTest Results and/or Instructions
I'm wondering about release testing. Could test with a pre-release to be sure
releaseworks. I could also change release to be no-op (butexit 0so it works) in my fork and "release" there.Checklist
npm run prettier-fix)I considered adding CI documentation; can do if helpful.
Breaking Changes
Shouldn't be.
Additional Context
Why these changes?
Ensure CI tests are unsurprising, and test what is expected to be released. When CI uses different
versions than local development (via
--no-package-lock), it can cause surprising failures thatblock releases and waste time debugging.
Separately, the GitHub Actions UI benefits from semantic workflow organization. Having all
PR-relevant checks in one workflow makes it easier for contributors to review results without
clicking through multiple workflows.
Questions / future
Feedback needed on a few uncertain areas:
0. Semver dependency test job
"Dependency range test" is a fairly awful name. Suggestions?
1.
.gitattributesfor EOL consistencyautocrlf: falseis used in the checkout action to prevent LF→CRLF conversion on Windows.Perhaps better to instead add:
.gitattributeswithtext=auto eol=lf.gitattributesShould we add
.gitattributesor use this CI-only approach (or even at least for now)?2. Historical workflow cleanup
The GitHub Actions UI will continue to show old workflow files and run history, even though the
workflows have been reorganized; so UI clutter will remain. I have a script for this, since it bulk run delete is not available in the UI.
Options:
Question: Is there value in keeping historical workflow runs? If so: all, or which?
3. Optional changes
[Opt]Several commits are marked
[Opt]because I'm uncertain if they'd be desired:Question: Are these useful, or drop?
Future
Further ideas, happy to discuss and add here or in future PRs:
build, since the CLI does dependon code which could break it, but I wanted a review of the revised workflows first.
(especially Claude Code runs, the vast majority are just "skipped" noise)
npm run update-versioninto release workflow?