fix: update packageManager to pnpm@9.15.9 to match lockfileVersion 9.0 in pnpm-lock.yaml

.github/workflows/create-release-pr.yml

@@ -11,9 +11,6 @@ on:
     branches:
       - master
       - alpha
-    # Only trigger for commits that touch package source files.
-    paths:
-      - 'packages/**'
 
 permissions:
   contents: write

package.json

@@ -35,5 +35,5 @@
 		"playwright": "1.50.1",
 		"semver": "^6.3.1"
 	},
-	"packageManager": "pnpm@8.15.0"
+	"packageManager": "pnpm@9.15.9"
 }

scripts/test-release-automation.js

@@ -788,6 +788,51 @@ test('alpha version bump needed: commit created for alpha release branch', () =>
   }
 });
 
+// ----------------------------------------------------------------------------
+// Section 7 — pnpm version / lockfile compatibility
+//
+// Guards against the recurring breakage where a contributor regenerates
+// pnpm-lock.yaml with a newer pnpm but forgets to update the "packageManager"
+// field in package.json.  When the two are out of sync, pnpm/action-setup@v4
+// installs the (stale) version from packageManager, which then rejects the
+// lockfile with ERR_PNPM_NO_LOCKFILE and the entire workflow fails.
+//
+// Compatibility rule (based on pnpm changelog):
+//   lockfileVersion 6.x  →  generated by pnpm 6/7/8 (pnpm <9 cannot read v9)
+//   lockfileVersion 9.x  →  generated by pnpm 9+; pnpm 8 treats it as absent
+// ----------------------------------------------------------------------------
+
+section('7. pnpm version / lockfile compatibility');
+
+test('packageManager in package.json is compatible with pnpm-lock.yaml lockfileVersion', () => {
+  const rootPkg = JSON.parse(fs.readFileSync(path.join(ROOT_DIR, 'package.json'), 'utf8'));
+  const packageManager = rootPkg.packageManager || '';
+
+  const pmMatch = packageManager.match(/^pnpm@(\d+)\./);
+  assert.ok(
+    pmMatch,
+    `packageManager field should be "pnpm@X.Y.Z", got: "${packageManager}"`,
+  );
+  const pnpmMajor = parseInt(pmMatch[1], 10);
+
+  const lockfilePath = path.join(ROOT_DIR, 'pnpm-lock.yaml');
+  const lockfileContent = fs.readFileSync(lockfilePath, 'utf8');
+  const lockVersionMatch = lockfileContent.match(/^lockfileVersion:\s+'?(\d+)/m);
+  assert.ok(lockVersionMatch, 'Could not find lockfileVersion in pnpm-lock.yaml');
+  const lockfileMajor = parseInt(lockVersionMatch[1], 10);
+
+  // lockfileVersion 9 was introduced in pnpm 9.  pnpm 8 ignores it entirely
+  // (ERR_PNPM_NO_LOCKFILE), which is what broke create-release-pr.yml.
+  if (lockfileMajor >= 9) {
+    assert.ok(
+      pnpmMajor >= 9,
+      `pnpm-lock.yaml uses lockfileVersion ${lockVersionMatch[1]} which requires pnpm 9+, ` +
+        `but packageManager is "${packageManager}". ` +
+        `Update packageManager in package.json to match the pnpm version used to generate the lockfile.`,
+    );
+  }
+});
+
 // ============================================================================
 // Summary
 // ============================================================================