Use npx release-it to avoid mise shim failures#1040
Conversation
Greptile SummaryThis PR replaces the bare Key changes:
Issues found:
Confidence Score: 4/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["bundle exec rake release"] --> B["verify_npm_auth / verify_gh_auth"]
B --> C["gem bump --no-commit"]
C --> D["bundle install + lockfile updates"]
D --> E["git add staged files"]
E --> F{"Before PR"}
E --> G{"After PR"}
F --> F1["release-it <npm_version>\n(requires global binary)"]
G --> G1["npx --yes release-it <npm_version>\n(downloads latest from npm)"]
F1 --> H["npm publish + git tag + push"]
G1 --> H
H --> I["gem release"]
I --> J["sync_github_release_after_publish"]
Reviews (1): Last reviewed commit: "Use npx release-it in release task" | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| release_it_command = +"release-it #{Shellwords.escape(npm_version)}" | ||
| # Use npx so maintainers don't need a globally installed `release-it` binary. | ||
| # This avoids failures from shim managers (e.g. mise) when `release-it` isn't configured. | ||
| release_it_command = +"npx --yes release-it #{Shellwords.escape(npm_version)}" |
There was a problem hiding this comment.
release-it version pinned — latest will be fetched on every run
npx --yes release-it without an explicit version specifier will always download and execute whatever version is current on npm at run time. Since release-it is not listed as a devDependency in package.json, there is no lock file to constrain it either. A future major release-it release (e.g. v18) could change the CLI interface, prompt behaviour, or the handling of --npm.publish / --no-git.requireCleanWorkingDir, silently breaking the release process.
Consider one of these alternatives:
Option A — pin via npx (minimal change)
| release_it_command = +"npx --yes release-it #{Shellwords.escape(npm_version)}" | |
| release_it_command = +"npx --yes release-it@17 #{Shellwords.escape(npm_version)}" |
Option B — add to devDependencies in package.json so the local version in node_modules is used and the exact version is captured in package-lock.json / yarn.lock:
"release-it": "^17.0.0"Then npx will resolve it from node_modules without downloading anything.
| bundle install | ||
| gem install gem-release # Provides `gem bump` and `gem release` | ||
| yarn global add release-it # Installs release-it for npm publishing | ||
| npm --version # Required because release task uses `npx release-it` |
There was a problem hiding this comment.
npm --version just prints the installed npm version — it doesn't actually install or configure anything. The inline comment # Required because release task uses \npx release-it`reads as if runningnpm --version*causes* something to be set up, when it's really just a sanity check that npm (and thereforenpx) is available on PATH`.
A clearer phrasing would align it with the gh --version pattern below:
| npm --version # Required because release task uses `npx release-it` | |
| npm --version # Verify npm (and npx) is available for `npx release-it` |
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 2 minutes and 47 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
* origin/main: (22 commits) docs: add Dependabot configuration guide (#1094) Sync address-review prompt with upstream PR #16 (#1098) Supersede #910: entry shape test with lint unblock (#919) fix: align rspack v2 peer deps and installer defaults (#1091) docs: update README and guides for Shakapacker v10 (#1092) Release 10.0.0 Update CHANGELOG.md for v10.0.0 (#1089) Release 10.0.0-rc.1 Update CHANGELOG.md for v10.0.0-rc.1 (#1087) Supersede #961 by using pack-config-diff (#973) Add final summary output to rake release (#1041) Add bin/setup to install development deps (#1039) Release 10.0.0-rc.0 Use npx release-it to avoid mise shim failures (#1040) Fix Nokogiri build failure on Ruby 3.4.6 (#1038) Update CHANGELOG.md for v10.0.0-rc.0 (#1037) Update rspack dev deps to 2.0.0-rc.0 (#1036) Fix stale and broken documentation across Shakapacker guides (#1023) Allow webpack-cli v7 in peer dependencies (#1021) refactor: simplify resolving js peer versions when installing (#1034) ... # Conflicts: # package.json
1 participant
Summary
release-itvianpx --yes, removing reliance on a globally installed binary and preventingmiseshim failures during npm publish.--npm.publish --no-git.requireCleanWorkingDir) while documenting the rationale inline.npxusage for prerequisites and manual npm publishing.Pull Request checklist
Other Information
ruby -c rakelib/release.rake,bundle exec rake -T | rg '\\brelease\\b', andnpx --yes release-it --version.Note
Medium Risk
Touches the automated release/publish path; while behavior should be equivalent, invoking
release-itvianpxcan change which version runs and could impact npm publishing if environments differ.Overview
Updates the release rake task to publish to npm by running
release-itvianpx --yesinstead of requiring a globally installedrelease-itbinary, with inline rationale to avoid shim-manager (e.g.mise) failures.Refreshes
docs/releasing.mdprerequisites and manual release steps to match the newnpx --yes release-it ...workflow and clarify that no global install is needed.Written by Cursor Bugbot for commit d564446. This will update automatically on new commits. Configure here.