ci: refresh pnpm lockfile before merge#707
Merged
cryppadotta merged 4 commits intomasterfrom Mar 12, 2026
Merged
Conversation
Co-Authored-By: Paperclip <[email protected]>
* public-gh/master: Drop pnpm lockfile from PR Update ui/src/components/OnboardingWizard.tsx Update ui/src/components/OnboardingWizard.tsx Fix onboarding manual debug JSX Improve onboarding defaults and issue goal fallback Simplify adapter environment check: animate pass, show debug only on fail Show Claude Code and Codex as recommended, collapse other adapter types Animate onboarding layout when switching between Company and Agent steps Make onboarding wizard steps clickable tabs for easier dev navigation Add agent chat architecture plan Style tweaks for onboarding wizard step 1 Add direct onboarding routes
* public-gh/master: Raise default max turns to 300
Contributor
Greptile SummaryThis PR shifts lockfile freshness enforcement from a post-merge repair flow (a bot PR against Key changes:
Issues found:
Confidence Score: 2/5
Important Files Changed
Prompt To Fix All With AIThis is a comment left during a code review.
Path: .github/workflows/pr-policy.yml
Line: 16-17
Comment:
**Missing `contents: read` permission breaks checkout**
When a `permissions` block is defined at the job level in GitHub Actions, any permission not explicitly listed is set to `none`. Only `pull-requests: read` is listed here, which means `contents` will default to `none`. The `actions/checkout@v4` step that immediately follows requires `contents: read` to clone the repository — without it, the checkout will fail with a permission error and the entire policy job will be broken.
```suggestion
permissions:
contents: read
pull-requests: read
```
How can I resolve this? If you propose a fix, please make it concise.
---
This is a comment left during a code review.
Path: .github/workflows/refresh-lockfile-pr.yml
Line: 72-84
Comment:
**"Fail on unexpected file changes" step never explicitly exits 0 for the dirty case**
When `changed` is non-empty and all changed files are `pnpm-lock.yaml`, the `grep -Fvq ' pnpm-lock.yaml'` command returns exit code `1` (no non-lockfile lines found). The `if` block is skipped, and the step exits with the last command's exit code — which is `1` from `grep`. This will fail the step even when the lockfile refresh is clean, blocking the subsequent commit step.
Add an explicit `exit 0` after the guard `if` block so the step succeeds when only `pnpm-lock.yaml` is dirty:
```suggestion
- name: Fail on unexpected file changes
if: steps.changes.outputs.manifest_changed == 'true'
run: |
changed="$(git status --porcelain)"
if [ -z "$changed" ]; then
echo "Lockfile is already up to date."
exit 0
fi
if printf '%s\n' "$changed" | grep -Fvq ' pnpm-lock.yaml'; then
echo "Unexpected files changed during lockfile refresh:"
echo "$changed"
exit 1
fi
exit 0
```
How can I resolve this? If you propose a fix, please make it concise.Last reviewed commit: 8808a33 |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+16
to
+17
| permissions: | ||
| pull-requests: read |
Contributor
There was a problem hiding this comment.
Missing contents: read permission breaks checkout
When a permissions block is defined at the job level in GitHub Actions, any permission not explicitly listed is set to none. Only pull-requests: read is listed here, which means contents will default to none. The actions/checkout@v4 step that immediately follows requires contents: read to clone the repository — without it, the checkout will fail with a permission error and the entire policy job will be broken.
Suggested change
| permissions: | |
| pull-requests: read | |
| permissions: | |
| contents: read | |
| pull-requests: read |
Prompt To Fix With AI
This is a comment left during a code review.
Path: .github/workflows/pr-policy.yml
Line: 16-17
Comment:
**Missing `contents: read` permission breaks checkout**
When a `permissions` block is defined at the job level in GitHub Actions, any permission not explicitly listed is set to `none`. Only `pull-requests: read` is listed here, which means `contents` will default to `none`. The `actions/checkout@v4` step that immediately follows requires `contents: read` to clone the repository — without it, the checkout will fail with a permission error and the entire policy job will be broken.
```suggestion
permissions:
contents: read
pull-requests: read
```
How can I resolve this? If you propose a fix, please make it concise.
Comment on lines
+72
to
+84
| - name: Fail on unexpected file changes | ||
| if: steps.changes.outputs.manifest_changed == 'true' | ||
| run: | | ||
| changed="$(git status --porcelain)" | ||
| if [ -z "$changed" ]; then | ||
| echo "Lockfile is already up to date." | ||
| exit 0 | ||
| fi | ||
| if printf '%s\n' "$changed" | grep -Fvq ' pnpm-lock.yaml'; then | ||
| echo "Unexpected files changed during lockfile refresh:" | ||
| echo "$changed" | ||
| exit 1 | ||
| fi |
Contributor
There was a problem hiding this comment.
"Fail on unexpected file changes" step never explicitly exits 0 for the dirty case
When changed is non-empty and all changed files are pnpm-lock.yaml, the grep -Fvq ' pnpm-lock.yaml' command returns exit code 1 (no non-lockfile lines found). The if block is skipped, and the step exits with the last command's exit code — which is 1 from grep. This will fail the step even when the lockfile refresh is clean, blocking the subsequent commit step.
Add an explicit exit 0 after the guard if block so the step succeeds when only pnpm-lock.yaml is dirty:
Suggested change
| - name: Fail on unexpected file changes | |
| if: steps.changes.outputs.manifest_changed == 'true' | |
| run: | | |
| changed="$(git status --porcelain)" | |
| if [ -z "$changed" ]; then | |
| echo "Lockfile is already up to date." | |
| exit 0 | |
| fi | |
| if printf '%s\n' "$changed" | grep -Fvq ' pnpm-lock.yaml'; then | |
| echo "Unexpected files changed during lockfile refresh:" | |
| echo "$changed" | |
| exit 1 | |
| fi | |
| - name: Fail on unexpected file changes | |
| if: steps.changes.outputs.manifest_changed == 'true' | |
| run: | | |
| changed="$(git status --porcelain)" | |
| if [ -z "$changed" ]; then | |
| echo "Lockfile is already up to date." | |
| exit 0 | |
| fi | |
| if printf '%s\n' "$changed" | grep -Fvq ' pnpm-lock.yaml'; then | |
| echo "Unexpected files changed during lockfile refresh:" | |
| echo "$changed" | |
| exit 1 | |
| fi | |
| exit 0 |
Prompt To Fix With AI
This is a comment left during a code review.
Path: .github/workflows/refresh-lockfile-pr.yml
Line: 72-84
Comment:
**"Fail on unexpected file changes" step never explicitly exits 0 for the dirty case**
When `changed` is non-empty and all changed files are `pnpm-lock.yaml`, the `grep -Fvq ' pnpm-lock.yaml'` command returns exit code `1` (no non-lockfile lines found). The `if` block is skipped, and the step exits with the last command's exit code — which is `1` from `grep`. This will fail the step even when the lockfile refresh is clean, blocking the subsequent commit step.
Add an explicit `exit 0` after the guard `if` block so the step succeeds when only `pnpm-lock.yaml` is dirty:
```suggestion
- name: Fail on unexpected file changes
if: steps.changes.outputs.manifest_changed == 'true'
run: |
changed="$(git status --porcelain)"
if [ -z "$changed" ]; then
echo "Lockfile is already up to date."
exit 0
fi
if printf '%s\n' "$changed" | grep -Fvq ' pnpm-lock.yaml'; then
echo "Unexpected files changed during lockfile refresh:"
echo "$changed"
exit 1
fi
exit 0
```
How can I resolve this? If you propose a fix, please make it concise.
Merged
cryppadotta
added a commit
that referenced
this pull request
Mar 12, 2026
cryppadotta
added a commit
that referenced
this pull request
Mar 13, 2026
* 'master' of github.com-dotta:paperclipai/paperclip: fix: resolve type errors in process-lost-reaper PR fix(heartbeat): prevent false process_lost failures on queued and non-child-process runs Revert "Merge pull request #707 from paperclipai/nm/premerge-lockfile-refresh" fix: ensure embedded PostgreSQL databases use UTF-8 encoding
cryppadotta
added a commit
that referenced
this pull request
Mar 13, 2026
* public-gh/master: (33 commits) fix: align embedded postgres ctor types with initdbFlags usage docs: add dated plan naming rule and align workspace plan Expand workspace plan for migration and cloud execution Add workspace product model plan docs: add token optimization plan docs: organize plans into doc/plans with date prefixes fix: keep runtime skills scoped to ./skills fix: prefer .agents skills and repair codex symlink targets\n\nCo-Authored-By: Paperclip <[email protected]> Change sidebar Documentation link to external docs.paperclip.ing Fix local-cli skill install for moved .agents skills docs: update PRODUCT.md and add 2026-03-13 features plan feat(worktree): add worktree:cleanup command, env var defaults, and auto-prefix fix: resolve type errors in process-lost-reaper PR fix(heartbeat): prevent false process_lost failures on queued and non-child-process runs Revert "Merge pull request #707 from paperclipai/nm/premerge-lockfile-refresh" ci: refresh pnpm lockfile before merge fix(docker): include gemini adapter manifest in deps stage chore(lockfile): refresh pnpm-lock.yaml Raise default max turns to 300 Drop pnpm lockfile from PR ...
tr00x
pushed a commit
to tr00x/paperclip
that referenced
this pull request
Mar 26, 2026
…ile-refresh ci: refresh pnpm lockfile before merge
tr00x
pushed a commit
to tr00x/paperclip
that referenced
this pull request
Mar 26, 2026
tr00x
pushed a commit
to tr00x/paperclip
that referenced
this pull request
Mar 26, 2026
* 'master' of github.com-dotta:paperclipai/paperclip: fix: resolve type errors in process-lost-reaper PR fix(heartbeat): prevent false process_lost failures on queued and non-child-process runs Revert "Merge pull request paperclipai#707 from paperclipai/nm/premerge-lockfile-refresh" fix: ensure embedded PostgreSQL databases use UTF-8 encoding
tr00x
pushed a commit
to tr00x/paperclip
that referenced
this pull request
Mar 26, 2026
* public-gh/master: (33 commits) fix: align embedded postgres ctor types with initdbFlags usage docs: add dated plan naming rule and align workspace plan Expand workspace plan for migration and cloud execution Add workspace product model plan docs: add token optimization plan docs: organize plans into doc/plans with date prefixes fix: keep runtime skills scoped to ./skills fix: prefer .agents skills and repair codex symlink targets\n\nCo-Authored-By: Paperclip <[email protected]> Change sidebar Documentation link to external docs.paperclip.ing Fix local-cli skill install for moved .agents skills docs: update PRODUCT.md and add 2026-03-13 features plan feat(worktree): add worktree:cleanup command, env var defaults, and auto-prefix fix: resolve type errors in process-lost-reaper PR fix(heartbeat): prevent false process_lost failures on queued and non-child-process runs Revert "Merge pull request paperclipai#707 from paperclipai/nm/premerge-lockfile-refresh" ci: refresh pnpm lockfile before merge fix(docker): include gemini adapter manifest in deps stage chore(lockfile): refresh pnpm-lock.yaml Raise default max turns to 300 Drop pnpm lockfile from PR ...
hhhhansel
pushed a commit
to hhhhansel/paperclip
that referenced
this pull request
Mar 27, 2026
…ile-refresh ci: refresh pnpm lockfile before merge
hhhhansel
pushed a commit
to hhhhansel/paperclip
that referenced
this pull request
Mar 27, 2026
hhhhansel
pushed a commit
to hhhhansel/paperclip
that referenced
this pull request
Mar 27, 2026
* 'master' of github.com-dotta:paperclipai/paperclip: fix: resolve type errors in process-lost-reaper PR fix(heartbeat): prevent false process_lost failures on queued and non-child-process runs Revert "Merge pull request paperclipai#707 from paperclipai/nm/premerge-lockfile-refresh" fix: ensure embedded PostgreSQL databases use UTF-8 encoding
hhhhansel
pushed a commit
to hhhhansel/paperclip
that referenced
this pull request
Mar 27, 2026
* public-gh/master: (33 commits) fix: align embedded postgres ctor types with initdbFlags usage docs: add dated plan naming rule and align workspace plan Expand workspace plan for migration and cloud execution Add workspace product model plan docs: add token optimization plan docs: organize plans into doc/plans with date prefixes fix: keep runtime skills scoped to ./skills fix: prefer .agents skills and repair codex symlink targets\n\nCo-Authored-By: Paperclip <[email protected]> Change sidebar Documentation link to external docs.paperclip.ing Fix local-cli skill install for moved .agents skills docs: update PRODUCT.md and add 2026-03-13 features plan feat(worktree): add worktree:cleanup command, env var defaults, and auto-prefix fix: resolve type errors in process-lost-reaper PR fix(heartbeat): prevent false process_lost failures on queued and non-child-process runs Revert "Merge pull request paperclipai#707 from paperclipai/nm/premerge-lockfile-refresh" ci: refresh pnpm lockfile before merge fix(docker): include gemini adapter manifest in deps stage chore(lockfile): refresh pnpm-lock.yaml Raise default max turns to 300 Drop pnpm lockfile from PR ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Context
The old flow allowed package manifest changes to merge to master before pnpm-lock.yaml was updated, which broke Docker and any other frozen-lockfile build until a follow-up bot PR was merged. This change enforces lockfile freshness before merge and removes the old chore/refresh-lockfile branch flow.