feat(why): allow specifying a version or range#6992
Open
remypar5 wants to merge 23 commits intoyarnpkg:masterfrom
Open
feat(why): allow specifying a version or range#6992remypar5 wants to merge 23 commits intoyarnpkg:masterfrom
remypar5 wants to merge 23 commits intoyarnpkg:masterfrom
Conversation
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Author
|
@arcanis are you available to review this? You refactored |
clemyan
previously requested changes
Dec 11, 2025
…w-version-range-for-yarn-why
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
clemyan
reviewed
Jan 19, 2026
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
clemyan
requested changes
Feb 14, 2026
packages/acceptance-tests/pkg-tests-specs/sources/commands/why.test.ts
Outdated
Show resolved
Hide resolved
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
clemyan
previously approved these changes
Feb 22, 2026
Member
|
Okay, since it is a relatively simple change I went ahead and added the last couple lines of code to push this over the finishing line. The only thing I'm still iffy on is having to make a new set of fixture packages in the tests but cleaning that up can be a separate PR. |
Author
|
Thank you @clemyan! When you're ready, please merge it as I'm not allowed to do so |
This rerun is to check if the previous failure is because of flakiness Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
… SHA (yarnpkg#7079) When a release partially fails (npm registry issues, network errors, etc.), there's no way to re-run only the publish steps against an already-tagged commit without bumping versions again. ## Changes - **New workflow** `.github/workflows/release-rerun.yml`: `workflow_dispatch` with a required `commit_sha` input that checks out the repo at that SHA and runs `02-release-builds.sh` + `03-release-npm.sh` - **No version bumping**: `01-release-tags.sh` is intentionally absent — this workflow is publish-only - Same environment, permissions (`id-token: write` for provenance), and npm auth setup as the existing release workflows <!-- START COPILOT ORIGINAL PROMPT --> <details> <summary>Original prompt</summary> ## Summary Add a new manual GitHub Actions workflow that allows triggering the release pipeline at a specific commit SHA without updating package versions. This is useful for re-releasing artifacts that were not properly published the first time around. ## Background The current release workflows are: 1. **`release-branch.yml`** - Releases a new stable version from a specified branch, bumps versions via `01-release-tags.sh`, and publishes 2. **`release-candidate.yml`** - Releases a RC from master, optionally applies new versions via `01-release-tags.sh --prerelease`, and publishes Both workflows always check out a branch (`master` or a specified branch) and optionally run version tagging scripts. There's no way to re-release artifacts from a specific commit when publishing failed partially (e.g., due to network issues, npm registry problems, etc.). ## Requirements Create a new workflow file at `.github/workflows/release-rerun.yml` (or similar name like `republish.yml`) that: 1. **Trigger**: Uses `workflow_dispatch` with a required input for the commit SHA to checkout 2. **Input**: - `commit_sha` (required): The specific commit SHA to checkout and release from 3. **Steps** (follow the pattern from existing release workflows): - Checkout the repository at the specified commit SHA (using `actions/checkout@v4` with `ref: ${{ github.event.inputs.commit_sha }}`) - Fetch all relevant tags (like existing workflows) - Setup Node.js 18.x - Build the CLI binary (same "Build a binary for convenience" step) - **Skip** the "Generate the release commits" step entirely (no version bumping) - Configure npm auth tokens - Run `./scripts/release/02-release-builds.sh` to publish packages - Run `./scripts/release/03-release-npm.sh` to publish the CLI dist package 4. **Permissions**: Include `id-token: write` for provenance statement minting (same as existing workflows) 5. **Environment**: Use the same environment variables as existing workflows: - `node-version: '18.x'` - `NODE_OPTIONS: --max_old_space_size=8192` ## Reference Implementation Use `release-candidate.yml` as the base template but: - Change the input from `apply_versions` to `commit_sha` (required, string type with description like "Commit SHA to release from") - Change the checkout `ref` to use the commit SHA input instead of `master` - Remove the conditional "Generate the release commits" step entirely - Keep the "Upload the releases" step that runs `02-release-builds.sh` and `03-release-npm.sh` ## Workflow Name Use a descriptive name like `'Re-release'` or `'Republish Artifacts'` to make it clear this is for re-running a failed release. The following is the prior conversation context from the user's chat exploration (may be truncated): User: Open a pr on yarnpkg/berry that adds a new manual workflow triggering the release pipeline at a specific commit without updating the package versions. We will use it to re-release artifacts that were not properly published the first time around. Assistant: I'll create a pull request on yarnpkg/berry to add a new manual workflow for triggering the release pipeline at a specific commit without updating package versions. Let me first explore the existing release workflows to understand the current setup. Assistant: Let me look at the existing release workflows to understand the release pipeline structure: Assistant: Now I have a good understanding of the existing release workflows. Let me also check the release scripts to better understand what they do: Assistant: Now I have a good understanding of the existing release workflows. I can see that: 1. `release-candidate.yml` already has an `apply_versions` input that can skip version bumping 2. `release-branch.yml` releases from a specific branch 3. Both workflows use `02-release-builds.sh` and `03-release-npm.sh` to publish artifacts The new workflow should: - Allow specifying a specific commit SHA to checkout - Skip version updates entirely (no `01-release-tags.sh` execution) - Just run the build and publish scripts Let me create the PR: Assistant: I've started a pull request on `yarnpkg/berry` using the Copilot coding agent. The agent will create a new workflow file (likely named `release-rerun.yml` or `republish.yml`) that: 1. **Manually triggered** via `workflow_dispatch` with a required `commit_sha` input 2. **Checks out** the repository at the specified commit SHA 3. **Builds** the CLI binary 4. **Skips version bumping** - no calls to `01-release-tags.sh` 5. **Runs the publish scripts** (`02-release-builds.sh` and `03-release-npm.sh`) to re-release the artifacts This will allow you to re-release packages from any previously-tagged commit when publishing failed partially (e.g., npm registry issues, network problems, etc.). The Copilot coding agent is now working on this task. You can follow the progress in the repository's pull requests - a new PR should appear shortly at [yarnpkg/berry pull requests](https://gith... </details> <!-- START COPILOT CODING AGENT SUFFIX --> *This pull request was created from Copilot chat.* > <!-- START COPILOT CODING AGENT TIPS --> --- 📍 Connect Copilot coding agent with [Jira](https://gh.io/cca-jira-docs), [Azure Boards](https://gh.io/cca-azure-boards-docs) or [Linear](https://gh.io/cca-linear-docs) to delegate work to Copilot in one click without leaving your project management tool. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: arcanis <1037931+arcanis@users.noreply.github.com>
Build the CLI without including the git hash for versioning.
This rerun is to check if the previous failure is because of flakiness Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Author
Member
|
Yeah Node 25.7 is failing. If the pipelines other than the E2Es and the Node 25 tests are all passing you should be fine |
Author
Thank you. If it is good to go, please merge it as I'm not allowed to do so |
clemyan
approved these changes
Mar 31, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What's the problem this PR addresses?
Allowing users to specify a version or range for
yarn whyto find out why a specific version appears in the dependency tree. This is particularly useful if you want to address CVEs.Closes #6859
How did you fix it?
Checklist