Skip to content

chore: migrate to pnpm#229

Open
dkarpele wants to merge 1 commit into
redhat-developer:mainfrom
dkarpele:dk-GITOPS-9128
Open

chore: migrate to pnpm#229
dkarpele wants to merge 1 commit into
redhat-developer:mainfrom
dkarpele:dk-GITOPS-9128

Conversation

@dkarpele

@dkarpele dkarpele commented May 5, 2026

Copy link
Copy Markdown
Contributor

I tested commands from Readme.md (Option 1) and package.json:

pnpm install
pnpm run start
pnpm run start-console
image

@dkarpele dkarpele marked this pull request as ready for review May 5, 2026 16:48
@openshift-ci openshift-ci Bot requested review from keithchong and wtam2018 May 5, 2026 16:48
@keithchong

Copy link
Copy Markdown
Collaborator

Thanks Denis. For app-4 in your screenshot, which test case (repo) did you use and how did you create/deploy it?

@dkarpele

dkarpele commented May 5, 2026

Copy link
Copy Markdown
Contributor Author

Thanks Denis. For app-4 in your screenshot, which test case (repo) did you use and how did you create/deploy it?

I created a simple file
% oc apply -f app.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app-4
  namespace: openshift-gitops
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: https://github.com/argoproj-labs/argocd-image-updater/
    path: test/e2e/testdata/005-public-guestbook
    targetRevision: HEAD
  destination:
    server: https://kubernetes.default.svc
    namespace: openshift-gitops-operator
  syncPolicy:
    automated: {}
    retry:
      limit: 2
image

@dkarpele dkarpele changed the title chore: Migrate to pnpm chore: migrate to pnpm May 5, 2026
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@dkarpele, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 27 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 0c73f0fe-deb5-41a4-a208-fd34b2e69dfa

📥 Commits

Reviewing files that changed from the base of the PR and between 37c54fc and ab6a950.

⛔ Files ignored due to path filters (2)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (7)
  • .github/workflows/unit-tests.yml
  • .konflux/Containerfile.plugin
  • .npmrc
  • Dockerfile
  • README.md
  • package.json
  • webpack.config.ts
📝 Walkthrough

Walkthrough

This PR migrates the build and dependency management tooling from Yarn to pnpm across Containerfile.plugin, Dockerfile, package.json scripts, and README.md instructions. It also updates package.json dependencies/plugin config, adds npmrc hoist patterns, and changes webpack's CSS exclusion logic.

Changes

Yarn to pnpm migration

Layer / File(s) Summary
Dependencies and plugin config
package.json
Scripts switch from yarn to pnpm/ts-node invocations, Jest scripts removed, devDependencies updated (adds `@patternfly/react-component-groups`, `@types/lodash`), `resolutions` replaced with `pnpm.overrides`, `consolePlugin.version` and new `exposedModules` added, and `lodash` added to dependencies.
Container build stages
.konflux/Containerfile.plugin, Dockerfile
Build stages install pnpm globally, use `pnpm-lock.yaml`, run `pnpm install`/`pnpm build`, and remove Yarn-specific commands and caching.
Package hoist configuration
.npmrc
Adds `public-hoist-pattern[]` entries for `*types`, `*eslint`, and `*prettier`.
Setup documentation
README.md
Replaces `yarn install`/`yarn run start`/`yarn run start-console` commands with pnpm equivalents across setup options and Apple silicon podman guidance.
Webpack stylesheet exclusion
webpack.config.ts
Changes CSS/SCSS rule exclude logic from a regex pattern to an exclude callback that filters `node_modules` while allowing `@patternfly` and `@console/plugin-shared`.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Related PRs: None identified.

Suggested labels: dependencies, build

Suggested reviewers: None identified.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: migrating the project to pnpm.
Description check ✅ Passed The description is directly related to the pnpm migration and the tested commands.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (2)
.npmrc (1)

1-1: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Broaden-then-narrow: *types* hoist pattern is too permissive.

*types* matches any package name containing that substring anywhere (e.g. mime-types), not just @types/* scoped packages. This can unintentionally hoist unrelated transitive deps, reintroducing phantom-dependency issues.

Proposed tightening
-public-hoist-pattern[]=*types*
+public-hoist-pattern[]=`@types/`*
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.npmrc at line 1, The public-hoist-pattern entry is too broad because the
*types* glob can match unrelated packages like mime-types, so tighten the hoist
rule in .npmrc to target only `@types` scoped packages. Update the existing hoist
pattern to a more specific matcher using the same npm config entry so only
intended TypeScript type packages are hoisted and phantom dependencies are
avoided.
package.json (1)

86-100: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Stale jest/@types/jest overrides after removing Jest scripts.

pnpm.overrides still pins jest/@types/jest to the very old 21.x line even though the Jest test scripts were removed from scripts (lines 8-17). If Jest is no longer used, these overrides are dead weight pinning an outdated (and likely vulnerable) transitive version; if it's still needed transitively, the override should track a current major version instead of 21.x.

#!/bin/bash
# Check if jest is referenced anywhere else in the repo (config, CI, other scripts)
rg -n "jest" --iglob '!**/node_modules/**'
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 86 - 100, The pnpm overrides still pin jest and
`@types/jest` to the obsolete 21.x line even though the Jest scripts were removed
from the package scripts. Update the package.json overrides by removing these
entries if Jest is no longer used anywhere, or bump them to a currently
supported major if they are still required transitively; check the package.json
scripts and any other Jest references in the repo before deciding. Use the
existing pnpm.overrides block and the jest/@types/jest keys to locate the
change.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.konflux/Containerfile.plugin:
- Around line 21-32: The container build in Containerfile.plugin uses an
unpinned pnpm install and disables lockfile enforcement, so update the build to
use a pinned pnpm version via Corepack or an explicit version tied to
packageManager, and switch both pnpm install steps back to frozen-lockfile
behavior. Adjust the install flow around the pnpm setup and the two pnpm install
commands so the image build always follows the committed pnpm-lock.yaml and does
not drift with newer pnpm releases.

In `@Dockerfile`:
- Around line 5-6: The build stage is invoking pnpm without first making pnpm
available, so update the Dockerfile’s setup before the RUN pnpm config set and
RUN pnpm install/build steps by enabling corepack or installing pnpm in this
node:23 stage. Also correct the pnpm timeout configuration in the same
Dockerfile setup from network-timeout to fetchTimeout so the configuration is
recognized.

In `@package.json`:
- Around line 8-17: The package manifest no longer exposes the test-related
scripts expected by the documentation, so the contributor workflow is broken. In
package.json, restore the missing test, test:update, and test:coverage entries
if they are still supported, or update the README Testing section to reference
the current script names instead of yarn test*. Keep the commands aligned with
the existing npm scripts alongside build, start, and lint.

In `@webpack.config.ts`:
- Around line 50-53: The allow-list regex in the webpack config is checking the
wrong package scope, so `@openshift-console/plugin-shared` is still being
excluded from the sass/css loader. Update the `exclude` predicate in
`webpack.config.ts` to match the actual dependency name used by
`@openshift-console/plugin-shared` (alongside the existing `@patternfly`
exception), so the intended package is included correctly.

---

Nitpick comments:
In @.npmrc:
- Line 1: The public-hoist-pattern entry is too broad because the *types* glob
can match unrelated packages like mime-types, so tighten the hoist rule in
.npmrc to target only `@types` scoped packages. Update the existing hoist pattern
to a more specific matcher using the same npm config entry so only intended
TypeScript type packages are hoisted and phantom dependencies are avoided.

In `@package.json`:
- Around line 86-100: The pnpm overrides still pin jest and `@types/jest` to the
obsolete 21.x line even though the Jest scripts were removed from the package
scripts. Update the package.json overrides by removing these entries if Jest is
no longer used anywhere, or bump them to a currently supported major if they are
still required transitively; check the package.json scripts and any other Jest
references in the repo before deciding. Use the existing pnpm.overrides block
and the jest/@types/jest keys to locate the change.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: c2cdaacf-7d49-4e2b-8034-6ce11f3edfe8

📥 Commits

Reviewing files that changed from the base of the PR and between 9086cb7 and 37c54fc.

⛔ Files ignored due to path filters (2)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (6)
  • .konflux/Containerfile.plugin
  • .npmrc
  • Dockerfile
  • README.md
  • package.json
  • webpack.config.ts

Comment on lines +21 to +32
# Install pnpm
RUN npm install --global pnpm

COPY ["package.json", "yarn.lock", "./"]
COPY ["package.json", "pnpm-lock.yaml", "./"]

RUN yarn install --no-progress --non-interactive
RUN pnpm install --no-frozen-lockfile --ignore-scripts

ADD . /usr/src/app
WORKDIR /usr/src/app

RUN yarn install --network-timeout 600000 && \
yarn cache clean

RUN yarn install --no-progress --non-interactive
RUN pnpm install --no-frozen-lockfile && \
pnpm store prune

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
rg -n "packageManager" package.json

Repository: redhat-developer/gitops-console-plugin

Length of output: 176


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== package.json ==\n'
sed -n '1,120p' package.json

printf '\n== pnpm-lock.yaml head ==\n'
sed -n '1,40p' pnpm-lock.yaml

printf '\n== .konflux/Containerfile.plugin ==\n'
nl -ba .konflux/Containerfile.plugin | sed -n '1,80p'

Repository: redhat-developer/gitops-console-plugin

Length of output: 5151


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Check whether corepack or pnpm version pinning is already used elsewhere
rg -n "corepack|pnpm@|packageManager|frozen-lockfile|no-frozen-lockfile" -S .

Repository: redhat-developer/gitops-console-plugin

Length of output: 176


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect lockfile version semantics without executing repo code
python3 - <<'PY'
from pathlib import Path
import re

text = Path('pnpm-lock.yaml').read_text()
m = re.search(r'^lockfileVersion:\s*(.+)$', text, re.M)
print('lockfileVersion:', m.group(1).strip() if m else 'MISSING')
PY

Repository: redhat-developer/gitops-console-plugin

Length of output: 199


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== .konflux/Containerfile.plugin ==\n'
sed -n '1,80p' .konflux/Containerfile.plugin

printf '\n== pnpm pinning / corepack references ==\n'
grep -RInE 'corepack|pnpm@|packageManager|frozen-lockfile|no-frozen-lockfile' . --exclude-dir=.git || true

Repository: redhat-developer/gitops-console-plugin

Length of output: 50394


Pin pnpm and restore frozen installs in the container build.

  • package.json has no packageManager pin, so npm install --global pnpm can drift to a different pnpm release over time.
  • Both pnpm install steps use --no-frozen-lockfile, which allows dependency resolution to move away from the committed pnpm-lock.yaml.

Use a pinned pnpm version (or Corepack) and switch back to frozen-lockfile behavior for the image build.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.konflux/Containerfile.plugin around lines 21 - 32, The container build in
Containerfile.plugin uses an unpinned pnpm install and disables lockfile
enforcement, so update the build to use a pinned pnpm version via Corepack or an
explicit version tied to packageManager, and switch both pnpm install steps back
to frozen-lockfile behavior. Adjust the install flow around the pnpm setup and
the two pnpm install commands so the image build always follows the committed
pnpm-lock.yaml and does not drift with newer pnpm releases.

Comment thread Dockerfile Outdated
Comment thread package.json Outdated
Comment thread webpack.config.ts Outdated
@codecov-commenter

codecov-commenter commented Jul 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 11.84%. Comparing base (01e9db1) to head (ab6a950).
⚠️ Report is 9 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #229      +/-   ##
==========================================
- Coverage   11.92%   11.84%   -0.09%     
==========================================
  Files         154      154              
  Lines        6272     6326      +54     
  Branches     2028     2108      +80     
==========================================
+ Hits          748      749       +1     
- Misses       5524     5577      +53     
Flag Coverage Δ
unit-tests 11.84% <ø> (-0.09%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Signed-off-by: dkarpele <karpelevich@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants