fix: release readiness gate checks every non-private package#499
Merged
Conversation
changeset publish attempts every non-private workspace package whose local version is absent from npm and never consults the Changesets ignore list, so the readiness gate no longer exempts ignored packages either. Every non-private package must exist on npm; a missing one fails with guidance pointing at the private-until-seed guard, and the report marks whether the missing package sat in the ignore list. The runsheet's gate description now matches. Follows the 2026-07-10 release.yml failure where an ignored-but-public unseeded package reached the publish step.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #497, taking up the redesign session's suggested check extension after the 2026-07-10 release.yml failure.
changeset publishattempts every non-private workspace package whose local version is absent from npm and never consults the Changesets ignore list. The readiness gate previously exempted ignored packages from the npm-existence check, so an ignored-but-public unseeded package passed the gate and then failed the publish step (npm rejects an OIDC PUT for a name with no trusted-publishing config).The gate now checks every non-private package regardless of the ignore list:
"private": true-until-seed guard from the corrected runsheet, and the report marks whether the missing package sat in the ignore list (the trap fix: keep atribd private until npm first-publish seed #497 closed).Verified both directions: current main state passes (all 18 non-private packages exist on npm), and flipping
atribdto public while unseeded fails with the teaching message, which is exactly the pre-#497 breakage scenario.pnpm doc-syncgreen (13 checks).