chore: update-npm-version-in-ci

[ryanbas21]

JIRA Ticket

N/A

Description

update npm version explicitly before publishing.

Summary by CodeRabbit

• Chores
  • Updated build and deployment workflow to run a build step before publishing.
  • Added lightweight environment/version checks in the publish pipeline and an environment variable placeholder for publishing.
  • Adjusted release script sequence to ensure artifacts are built prior to publish and tagging.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: a5012d5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Added npm upgrade and version-check steps to the publish GitHub Actions workflow and updated the release script in package.json to run an NX build target before publishing and tagging.

Changes

Cohort / File(s)	Change Summary
Publish workflow .github/workflows/publish.yml	Inserted two pre-publish steps: run: npm install npm@latest -g and run: npm --version. Added an empty NPM_TOKEN environment variable in the publish step.
Release script package.json	Modified scripts.ci:release to run pnpm nx run-many -t build --no-agents before pnpm publish -r --no-git-checks && changeset tag (reordered to build, then publish, then tag).

Sequence Diagram(s)

sequenceDiagram
    participant CI as GitHub Actions
    participant Runner as Job Runner
    participant NPM as npm
    participant NX as nx
    participant Registry as npm Registry
    CI->>Runner: start publish job
    Runner->>NPM: npm install npm@latest -g
    Runner->>NPM: npm --version
    Runner->>NX: pnpm nx run-many -t build --no-agents
    Runner->>Registry: pnpm publish -r --no-git-checks (uses NPM_TOKEN)
    Runner->>CI: changeset tag
    note right of Runner `#e6f7ff`: New/changed steps highlighted: npm upgrade, version check, NX build before publish

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review areas that may need attention:
  • .github/workflows/publish.yml: ensure NPM_TOKEN usage and secrets handling are correct and that added empty env var is intentional.
  • package.json ci:release script: verify NX build targets, workspace behavior, and publish ordering.

Possibly related PRs

• ci: update-npm-cli #421 — similar change adding npm install -g npm@latest to the publish workflow.
• ci: use-trusted-publishers #418 — related publish workflow edits and token handling adjustments.
• chore: update-pnpm #422 — modifications to CI/pnpm-related configuration and package.json changes.

Suggested reviewers

• cerebrl
• ancheetah

Poem

🐇 A hop, a bump, npm gets a cheer,

I update and check before we steer.
Build the bundles, then send them far —
Tags hop on, like wishes on a star. ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore: update-npm-version-in-ci' clearly and specifically describes the main change: updating npm version in the CI workflow before publishing.
Description check	✅ Passed	The description provides context about updating npm version before publishing, but the JIRA Ticket section is marked N/A and lacks detail about the actual implementation changes (npm install step, npm version check, and build step ordering).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update-npm-version

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 533d546 and a5012d5.

📒 Files selected for processing (2)

• .github/workflows/publish.yml (2 hunks)
• package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/publish.yml

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-10-28T14:44:26.883Z

Learnt from: ryanbas21
Repo: ForgeRock/ping-javascript-sdk PR: 427
File: .github/workflows/ci-fork.yml:50-56
Timestamp: 2025-10-28T14:44:26.883Z
Learning: Nx CLI accepts multiple targets with the short `-t` flag as space-separated tokens (e.g., `nx affected -t lint test build`) and also supports comma-separated values with the long form `--targets=` (e.g., `nx affected --targets=lint,test,build`). Both syntaxes are valid.

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: pr

🔇 Additional comments (1)

package.json (1)

18-18: --no-agents flag is valid and appropriate for this CI release script.

The --no-agents flag is a documented Nx option that prevents task dispatch to distributed workers and ensures execution on the main CI job—appropriate for a release pipeline that needs synchronized build, publish, and tagging steps.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit a5012d5

Command	Status	Duration	Result
nx run-many -t build --no-agents	✅ Succeeded	<1s	View ↗
nx affected -t build lint test e2e-ci	✅ Succeeded	2m 14s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-11-24 19:57:58 UTC

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/publish.yml (2)

50-56: Consider centralizing npm upgrade to the setup action.

Both the publish-or-pr job (line 51) and snapshot job (line 118) invoke ./.github/actions/setup. If npm upgrade is a general pre-requisite for both workflows, moving it into the setup action would reduce duplication and ensure consistency.

---

55-56: ---

Apply npm upgrade steps consistently across both publishing jobs.

The npm upgrade commands at lines 55–56 are correct and appropriately placed before the publish-or-pr job's publish step. However, verification confirms that the snapshot job (lines 99–129) also performs npm publishing at line 129 (pnpm publish -r ...) but lacks the corresponding npm upgrade steps. For consistency and to ensure both jobs publish with the latest npm version, add the same upgrade commands to the snapshot job before its publish step.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f3131fc and 533d546.

📒 Files selected for processing (1)

• .github/workflows/publish.yml (1 hunks)

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@497

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@497

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@497

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@497

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@497

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@497

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@497

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@497

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@497

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@497

commit: a5012d5

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.79%. Comparing base (b89ad58) to head (a5012d5).
⚠️ Report is 3 commits behind head on main.

❌ Your project status has failed because the head coverage (18.79%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #497   +/-   ##
=======================================
  Coverage   18.79%   18.79%           
=======================================
  Files         140      140           
  Lines       27640    27640           
  Branches      980      980           
=======================================
  Hits         5195     5195           
  Misses      22445    22445           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Deployed 53f8f45 to https://ForgeRock.github.io/ping-javascript-sdk/pr-497/53f8f455aef043dc99e3b4c8c69af83d6f2c986c branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🆕 New Packages

🆕 @forgerock/device-client - 9.2 KB (new)
🆕 @forgerock/oidc-client - 23.4 KB (new)
🆕 @forgerock/protect - 150.1 KB (new)
🆕 @forgerock/sdk-utilities - 7.5 KB (new)
🆕 @forgerock/journey-client - 0.0 KB (new)
🆕 @forgerock/journey-client - 82.4 KB (new)
🆕 @forgerock/sdk-types - 8.0 KB (new)
🆕 @forgerock/storage - 1.4 KB (new)
🆕 @forgerock/sdk-logger - 1.6 KB (new)
🆕 @forgerock/iframe-manager - 2.4 KB (new)
🆕 @forgerock/sdk-request-middleware - 4.5 KB (new)
🆕 @forgerock/sdk-oidc - 2.6 KB (new)
🆕 @forgerock/davinci-client - 39.5 KB (new)

---

13 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}