chore: migrate from yarn to pnpm

[gastoner]

Migrates from yarn to pnpm that is used in Podman Desktop

Summary by CodeRabbit

• Chores
  • Migrated from Yarn to PNPM across CI/workflows, local dev tasks, build scripts, container build flows, Gitpod, and documentation.
  • Updated development and build scripts to invoke PNPM consistently.
  • Removed yarn-error.log from ignored files.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Replaces Yarn with PNPM across CI workflows, containerfiles, scripts, Gitpod, docs, and tooling; switches lockfile tracking from yarn.lock to pnpm-lock.yaml; removes yarn-error.log from .gitignore. No functional logic changes beyond command/flag and cache key substitutions.

Changes

Cohort / File(s)	Summary
CI/CD Workflows .github/workflows/e2e-main.yml, .github/workflows/pr-check.yaml	Replaced Yarn commands with PNPM equivalents for install/build/test/lint/format; updated cache keys, cache paths, restore-keys and lockfile references from yarn.lock to pnpm-lock.yaml; adjusted step names and messages to reference pnpm.
Container Definitions oci/Containerfile.builder, oci/Containerfile.multistage	Switched to PNPM in build stages: copy pnpm-lock.yaml, install PNPM globally (npm install -g pnpm), and run pnpm install / pnpm i --frozen-lockfile and pnpm build in place of yarn commands.
Build & Dev Scripts scripts/build.cjs, scripts/run.mts	Replaced yarn invocations with pnpm (including yarn add → pnpm add with --dir/flag adjustments); kept existing control flow and error handling.
Tooling & Config .extfiles, .gitpod.yml, .gitignore	Switched lockfile tracking to pnpm-lock.yaml in extfiles; updated Gitpod init/watch commands to use pnpm; removed yarn-error.log entry from .gitignore.
Documentation docs/develop.md	Updated inline command examples to use pnpm instead of yarn (desk:prepare, desk:run, desk:build).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Changes are widespread but highly repetitive (straight command and reference substitutions).
• Extra attention recommended for:
  • CI cache key correctness and cache paths in .github/workflows/pr-check.yaml.
  • Consistent use of pnpm flags (--frozen-lockfile, --dir, --check-files) across scripts and containers.
  • Containerfile copying of pnpm-lock.yaml into build context to ensure reproducible installs.

Suggested reviewers

• benoitf
• jeffmaury
• deboer-tim

Poem

🐰 I swapped the yarn for a PNPM tune,
hopping through CI under a bright new moon.
Lockfiles matched, commands in line,
pipelines hum and build times shine —
nibble a carrot, ship on time! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'chore: migrate from yarn to pnpm' clearly and directly summarizes the main change—migrating the package manager from Yarn to PNPM across all workflows, dependencies, and configuration files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

docs/develop.md (1)

8-25: Align command formatting for consistency

The three pnpm commands are correct, but pnpm desk:build (Line 25) has two leading spaces while the others don’t. For consistency and copy‑paste friendliness, consider removing the extra spaces so all three commands are formatted the same way.

.gitpod.yml (1)

7-9: Consider explicitly ensuring pnpm is available in Gitpod

The pnpm install, pnpm run build, and pnpm run watch commands look fine, but this assumes pnpm is already available in the Gitpod workspace image. To make this more robust and future‑proof, consider adding an explicit pnpm setup step (e.g., via corepack enable pnpm or npm install -g pnpm) or documenting that the chosen Gitpod image includes pnpm.

oci/Containerfile.multistage (1)

22-25: Align container build with lockfile‑based installs

Using global pnpm and pnpm i && pnpm build works, but you lose lockfile enforcement here while oci/Containerfile.builder uses pnpm i --frozen-lockfile. For more reproducible builds, consider updating this to:

RUN npm install -g pnpm

RUN pnpm i --frozen-lockfile \
  && pnpm build

and, if possible, pinning the pnpm version instead of installing the latest globally.

scripts/build.cjs (1)

47-48: Redundant working‑directory configuration in pnpm call

pnpm add hasha@^6.0.0 --dir . combined with { cwd: './dist' } effectively sets the project directory to dist twice. It’s harmless but a bit confusing.

Consider simplifying to one source of truth, e.g.:

cproc.exec('pnpm add hasha@^6.0.0', { cwd: './dist' }, (error, stdout, stderr) => {
  // ...
});

to rely solely on cwd.

oci/Containerfile.builder (1)

18-25: Good lockfile usage; consider pinning pnpm and validating Node 22 upgrade

Switching to ubi10/nodejs-22 and running pnpm i --frozen-lockfile is a solid move for deterministic installs. Two follow‑ups to consider:

• Pin the pnpm version instead of npm install -g pnpm (e.g., npm install -g pnpm@<version>) to avoid surprise breakages.
• Double‑check that the extension build and runtime are happy with Node.js 22, since this is a non‑trivial jump from the previous Node 20 base.

Both are precautionary rather than blockers.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 71917e8 and 2d9b9ae.

⛔ Files ignored due to path filters (2)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (10)

• .extfiles (1 hunks)
• .github/workflows/e2e-main.yml (4 hunks)
• .github/workflows/pr-check.yaml (7 hunks)
• .gitignore (0 hunks)
• .gitpod.yml (1 hunks)
• docs/develop.md (2 hunks)
• oci/Containerfile.builder (1 hunks)
• oci/Containerfile.multistage (1 hunks)
• scripts/build.cjs (1 hunks)
• scripts/run.mts (2 hunks)

💤 Files with no reviewable changes (1)

• .gitignore

🧰 Additional context used

🪛 actionlint (1.7.9)

.github/workflows/pr-check.yaml

82-82: property "cachenodemodules" is not defined in object type {pnpm-cache: {conclusion: string; outcome: string; outputs: {cache-hit: string}}; pnpm-cache-dir-path: {conclusion: string; outcome: string; outputs: {string => string}}}

(expression)

🪛 RuboCop (1.81.7)

oci/Containerfile.builder

[fatal] 23-23: unexpected token tIDENTIFIER
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

🔇 Additional comments (5)

.extfiles (1)

5-6: Lockfile exclusion is consistent and correct

Excluding dist/pnpm-lock.yaml while including dist/** keeps the extension payload clean and mirrors typical handling of lockfiles; no issues here.

.github/workflows/e2e-main.yml (1)

85-89: pnpm migration in e2e workflow looks consistent across OSes

The replacements of yarn with pnpm for install (pnpm install --check-files), build (pnpm build / pnpm test:e2e:build), and test (pnpm test:e2e) are coherent and consistent for Ubuntu, macOS, and Windows, and align with the earlier pnpm/action-setup step. No additional issues from this change.

Also applies to: 130-171, 204-209

scripts/run.mts (1)

72-77: Fix prepareDev to call pnpm install explicitly (current code will fail)

prepareDev currently does:

await exec('pnpm', undefined, { cwd: desktopPath });
await exec('pnpm', [], { cwd: path.join(__dirname, '..') });

Unlike Yarn (where bare yarn runs yarn install), running pnpm without a subcommand shows help and exits with a non-zero code. This will cause desk:prepare to fail.

Explicitly call install in both locations:

 async function prepareDev() {
   await checkAndCloneDesktopRepo();

-  await exec('pnpm', undefined, { cwd: desktopPath });
-  await exec('pnpm', [], { cwd: path.join(__dirname, '..') });
+  await exec('pnpm', ['install'], { cwd: desktopPath });
+  await exec('pnpm', ['install'], { cwd: path.join(__dirname, '..') });
 }

The other script usages (pnpm compile:current, pnpm build, pnpm watch) are consistent with prior Yarn usage.

.github/workflows/pr-check.yaml (2)

36-120: Yarn-to-PNPM migration is well-executed overall.

The systematic replacement across all three primary jobs (Windows, macOS, lint-format-unit) is consistent: cache setup uses pnpm cache dir, lockfile keys reference pnpm.lock, and all commands are correct (e.g., pnpm --frozen-lockfile, pnpm build, pnpm lint:check, pnpm format:check, pnpm test). Once the cache-hit condition is fixed, this workflow should be solid.

---

158-287: E2E test job correctly integrated PNPM tooling and build commands.

The multi-platform e2e-tests job properly installs pnpm via the dedicated action (line 159), and all build and test steps consistently use pnpm commands. Cross-platform builds for Ubuntu, macOS, and Windows all invoke pnpm install --check-files, pnpm build, and pnpm test:e2e correctly.

[jeffmaury]

What is the rationale for this change ? Are we sure this is the right timing ?

[gastoner]

Probably after the 2.1 release it would be better time, but still I see this as "deprecated" thing

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/pr-check.yaml (1)

73-83: Align macOS cache‑hit condition with updated step id.

The if expression still references steps.cacheNodeModules.outputs.cache-hit, but the cache step id is now pnpm-cache, so the condition never inspects the real cache result (and actionlint flags this).

You can either rename the step back to cacheNodeModules or update the condition. To keep the current id, apply:

       - uses: actions/cache@v4
-        id: pnpm-cache
+        id: pnpm-cache
         with:
           path: ${{ steps.pnpm-cache-dir-path.outputs.dir }}
           key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
           restore-keys: |
             ${{ runner.os }}-pnpm-
 
       - name: Execute pnpm
-        if: ${{ steps.cacheNodeModules.outputs.cache-hit != 'true' }}
+        if: ${{ steps.pnpm-cache.outputs.cache-hit != 'true' }}
         run: pnpm --frozen-lockfile --network-timeout 180000

🧹 Nitpick comments (2)

oci/Containerfile.builder (1)

22-26: pnpm builder flow looks good; consider pinning pnpm version for reproducibility.

Copying pnpm-lock.yaml and using pnpm i --frozen-lockfile is the right pattern. To avoid future breakage from pnpm major upgrades in this base image, consider pinning the pnpm version, for example:

-RUN npm install -g pnpm
+RUN npm install -g pnpm@<desired-major>

oci/Containerfile.multistage (1)

22-25: Multi‑stage builder correctly uses pnpm; pin pnpm version for consistency with builder.

The npm install -g pnpm + pnpm i && pnpm build flow matches the dedicated builder image. For deterministic builds, it would be safer to pin pnpm here as well to the same version used in oci/Containerfile.builder.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d9b9ae and 606867f.

⛔ Files ignored due to path filters (2)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (10)

• .extfiles (1 hunks)
• .github/workflows/e2e-main.yml (4 hunks)
• .github/workflows/pr-check.yaml (7 hunks)
• .gitignore (0 hunks)
• .gitpod.yml (1 hunks)
• docs/develop.md (2 hunks)
• oci/Containerfile.builder (1 hunks)
• oci/Containerfile.multistage (1 hunks)
• scripts/build.cjs (1 hunks)
• scripts/run.mts (2 hunks)

💤 Files with no reviewable changes (1)

• .gitignore

🚧 Files skipped from review as they are similar to previous changes (4)

• .github/workflows/e2e-main.yml
• docs/develop.md
• scripts/run.mts
• .extfiles

🧰 Additional context used

🪛 actionlint (1.7.9)

.github/workflows/pr-check.yaml

82-82: property "cachenodemodules" is not defined in object type {pnpm-cache: {conclusion: string; outcome: string; outputs: {cache-hit: string}}; pnpm-cache-dir-path: {conclusion: string; outcome: string; outputs: {string => string}}}

(expression)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: e2e tests for macos-14
• GitHub Check: e2e tests for windows-2022

🔇 Additional comments (4)

.gitpod.yml (1)

8-9: Gitpod tasks correctly migrated to pnpm.

Switching init and watch commands to pnpm is consistent with the repo-wide migration; nothing else to adjust here.

scripts/build.cjs (1)

48-48: CLI switch from Yarn to pnpm is correct here.

Using pnpm add hasha@^6.0.0 --dir . with cwd: './dist' preserves the previous behavior of installing hasha into the dist folder; no further changes needed.

.github/workflows/pr-check.yaml (2)

205-225: E2E build and test steps are cleanly migrated to pnpm.

The pnpm install --check-files, pnpm build, and pnpm test:e2e usages in the Ubuntu, macOS, and Windows E2E flows are consistent with the rest of the pipeline and correctly replace the former Yarn commands.

Also applies to: 232-241, 247-257, 283-288

---

36-54: Ensure pnpm is installed in non‑E2E jobs before calling it.

In the windows, darwin, and lint-format-unit jobs, you call pnpm cache dir, pnpm --frozen-lockfile, pnpm build, pnpm lint:check, pnpm format:check, and pnpm test without any prior pnpm setup step. GitHub-hosted runners do not pre-install pnpm, so these steps will fail unless explicitly configured.

For robustness and consistency with the e2e-tests job, add a pnpm setup step after actions/setup-node in each job:

      - uses: actions/setup-node@v6
        with:
          node-version: 22
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          run_install: false

Keep your explicit pnpm --frozen-lockfile step as-is.

Also applies to: 69–87, 98–120

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix cache key to use the correct pnpm lockfile name.

The cache keys currently hash **/pnpm.lock, but pnpm’s default lockfile is pnpm-lock.yaml. As written, hashFiles('**/pnpm.lock') will not find your lockfile and will reduce cache effectiveness.

Update the keys in all three jobs to:

-          key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm.lock') }}
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}

Also applies to: 77-79, 106-108

🤖 Prompt for AI Agents

.github/workflows/pr-check.yaml around lines 44-47 (and also update the same
pattern at 77-79 and 106-108): the cache key is hashing the wrong pnpm lockfile
name (`**/pnpm.lock`) so the lockfile won't be found; update all three jobs to
use pnpm's default lockfile pattern `pnpm-lock.yaml` in the hashFiles call
(e.g., change `hashFiles('**/pnpm.lock')` to `hashFiles('**/pnpm-lock.yaml')`)
and adjust any related restore-keys if they include the lockfile name.

[odockal]

Shouldn't be node installed first?