chore: unify package manager to bun across repo and CI#27
Merged
lobinuxsoft merged 3 commits intoApr 20, 2026
Merged
Conversation
Replace actions/setup-node@v4 + pnpm9 pipeline with oven-sh/setup-bun@v2. The repo already tracks bun.lock as its authoritative lock file and the monorepo's build_all.sh mandates bun — the CI lagging on pnpm was the last source of truth drift. - bun install --frozen-lockfile (was pnpm install --frozen-lockfile) - bunx tsc --noEmit --skipLibCheck (was npx tsc; node is no longer set up) - bun run build (was pnpm run build) The python job is untouched — still uses setup-python for its syntax check and py_modules verification. Addresses #25.
Same rewrite as ci.yml: drop setup-node@v4 + pnpm9 in favour of oven-sh/setup-bun@v2. This is the job that produces CapyDeploy.zip as a release asset, so it must follow the same lock-file source of truth (bun.lock) as the monorepo and the local build.sh pipeline. The setup-python step and the inline zip packaging are untouched. Addresses #25.
Drop pnpm-lock.yaml from the repo — with both CI workflows on bun and the local build.sh defaulting to bun, it is no longer a source of truth for anything. Leaving it would invite the exact drift hazard this effort is closing (CI and local resolving different versions). package-lock.json was already untracked (gitignored from earlier eras), so no git operation is needed there. README.md and CONTRIBUTING.md stop offering 'pnpm or npm' as equally valid options and point at bun directly. Closes #25.
8 tasks
lobinuxsoft
deleted the
25-chore-unify-package-manager-to-bun-across-repo-and-ci
branch
April 20, 2026 19:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #25. Consolidates the three coexisting package-manager sources of truth in this repo down to just
bun, matching the monorepo'sbuild_all.shmandate and the localbuild.shtooling (already fixed in #22 to detect bun).Before
bun.lockpnpm-lock.yamlpackage-lock.json(untracked, legacy).github/workflows/ci.yml.github/workflows/release-please.yml(build-plugin)build.sh(after #22)README.md/CONTRIBUTING.mdCI resolved dependencies from a different lock file than local builds, which is exactly the kind of silent drift hazard that eventually ships a broken release.
After
Single source of truth:
bun.lock.Changes (3 atomic commits)
ci: migrate ci.yml frontend job to bun— dropssetup-node@v4+pnpm9in favor ofoven-sh/setup-bun@v2. TypeScript check now usesbunx tsc(no node stage available). Thepythonjob is untouched.ci(release-please): migrate build-plugin job to bun— same rewrite on the job that producesCapyDeploy.zipas a release asset. Thesetup-python@v5step and the inline zip packaging logic are untouched.chore: remove legacy lock files and update docs for bun— deletespnpm-lock.yamlfrom the repo, updatesREADME.mdandCONTRIBUTING.mdto recommend bun directly instead of "pnpm or npm".Test plan
bun install --frozen-lockfilereproduces cleanly locally (145 packages, 1.86s)bun run buildproducesdist/index.jslocally (~1s)ci.yml) will validate the frontend job end-to-endrelease-please.ymlbuild-pluginjob can only be validated in a real release — the next tag cut after merge will either produce aCapyDeploy.zipcleanly or surface a regression for us to fixResidual risk
The
build-pluginjob is not reachable via PR CI (it only firesif: release_created == 'true'). The change there is mechanical and follows the exact pattern the monorepo already uses successfully for Hub/Agent Tauri. If it still breaks, the failure will be loud (no release asset) and easy to diagnose.