From 873535fbf0b4b133e2bb9c987c889763f8ee9b4b Mon Sep 17 00:00:00 2001 From: Dotta Date: Thu, 12 Mar 2026 12:42:00 -0500 Subject: [PATCH] verify the packages actually make it to npm --- scripts/release-lib.sh | 30 ++++++++++++++++++++++++++++++ scripts/release.sh | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 60 insertions(+), 2 deletions(-) diff --git a/scripts/release-lib.sh b/scripts/release-lib.sh index d2a33526..7a4df5f0 100644 --- a/scripts/release-lib.sh +++ b/scripts/release-lib.sh @@ -196,6 +196,36 @@ npm_version_exists() { [ "$resolved" = "$version" ] } +npm_package_version_exists() { + local package_name="$1" + local version="$2" + local resolved + + resolved="$(npm view "${package_name}@${version}" version 2>/dev/null || true)" + [ "$resolved" = "$version" ] +} + +wait_for_npm_package_version() { + local package_name="$1" + local version="$2" + local attempts="${3:-12}" + local delay_seconds="${4:-5}" + local attempt=1 + + while [ "$attempt" -le "$attempts" ]; do + if npm_package_version_exists "$package_name" "$version"; then + return 0 + fi + + if [ "$attempt" -lt "$attempts" ]; then + sleep "$delay_seconds" + fi + attempt=$((attempt + 1)) + done + + return 1 +} + require_clean_worktree() { if [ -n "$(git -C "$REPO_ROOT" status --porcelain)" ]; then release_fail "working tree is not clean. Commit, stash, or remove changes before releasing." diff --git a/scripts/release.sh b/scripts/release.sh index 555a674c..34eb336d 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -181,10 +181,12 @@ for (const rel of roots) { rows.sort((a, b) => a[0].localeCompare(b[0])); for (const [dir, name] of rows) { - const key = `${dir}\t${name}`; + const pkgPath = path.join(root, dir, 'package.json'); + const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8')); + const key = `${dir}\t${name}\t${pkg.version}`; if (seen.has(key)) continue; seen.add(key); - process.stdout.write(`${dir}\t${name}\n`); + process.stdout.write(`${dir}\t${name}\t${pkg.version}\n`); } NODE } @@ -348,6 +350,7 @@ if [ "$canary" = true ]; then npx changeset pre enter canary fi npx changeset version +VERSIONED_PACKAGE_INFO="$(list_public_package_info)" if [ "$canary" = true ]; then BASE_CANARY_VERSION="${TARGET_STABLE_VERSION}-canary.0" @@ -403,6 +406,31 @@ else npx changeset publish release_info " ✓ Published ${TARGET_PUBLISH_VERSION} under dist-tag latest" fi + + release_info "" + release_info "==> Post-publish verification: Confirming npm package availability..." + VERIFY_ATTEMPTS="${NPM_PUBLISH_VERIFY_ATTEMPTS:-12}" + VERIFY_DELAY_SECONDS="${NPM_PUBLISH_VERIFY_DELAY_SECONDS:-5}" + MISSING_PUBLISHED_PACKAGES="" + while IFS=$'\t' read -r pkg_dir pkg_name pkg_version; do + [ -z "$pkg_name" ] && continue + release_info " Checking $pkg_name@$pkg_version" + if wait_for_npm_package_version "$pkg_name" "$pkg_version" "$VERIFY_ATTEMPTS" "$VERIFY_DELAY_SECONDS"; then + release_info " ✓ Found on npm" + continue + fi + + if [ -n "$MISSING_PUBLISHED_PACKAGES" ]; then + MISSING_PUBLISHED_PACKAGES="${MISSING_PUBLISHED_PACKAGES}, " + fi + MISSING_PUBLISHED_PACKAGES="${MISSING_PUBLISHED_PACKAGES}${pkg_name}@${pkg_version}" + done <<< "$VERSIONED_PACKAGE_INFO" + + if [ -n "$MISSING_PUBLISHED_PACKAGES" ]; then + release_fail "publish completed but npm never exposed: $MISSING_PUBLISHED_PACKAGES. Inspect the changeset publish output before treating this release as good." + fi + + release_info " ✓ Verified all versioned packages are available on npm" fi release_info ""