home / skills / openai / openai-agents-js / pnpm-upgrade
/.codex/skills/pnpm-upgrade
This skill helps you upgrade pnpm and align CI manifests by updating pnpm versions, packageManager, and workflow pins across your repo.
npx playbooks add skill openai/openai-agents-js --skill pnpm-upgradeReview the files below or copy the command above to add this skill to your agents.
---
name: pnpm-upgrade
description: 'Keep pnpm current: run pnpm self-update/corepack prepare, align packageManager in package.json, and bump pnpm/action-setup + pinned pnpm versions in .github/workflows to the latest release. Use this when refreshing the pnpm toolchain manually or in automation.'
---
# pnpm Upgrade
Use these steps to update pnpm and CI pins without blunt search/replace.
## Steps (run from repo root)
1. Update pnpm locally
- Try `pnpm self-update`; if pnpm is missing or self-update fails, run `corepack prepare pnpm@latest --activate`.
- Capture the resulting version as `PNPM_VERSION=$(pnpm -v)`.
2. Align package.json
- Open `package.json` and set `packageManager` to `pnpm@${PNPM_VERSION}` (preserve trailing newline and formatting).
3. Find latest pnpm/action-setup tag
- Query GitHub API: `curl -fsSL https://api.github.com/repos/pnpm/action-setup/releases/latest | jq -r .tag_name`.
- Use `GITHUB_TOKEN`/`GH_TOKEN` if available for higher rate limits.
- Store as `ACTION_TAG` (e.g., `v4.2.0`). Abort if missing.
4. Update workflows carefully (no broad regex)
- Files: everything under `.github/workflows/` that uses `pnpm/action-setup`.
- For each file, edit by hand:
- Set `uses: pnpm/action-setup@${ACTION_TAG}`.
- If a `with: version:` field exists, set it to `${PNPM_VERSION}` (keep quoting style/indent).
- Do not touch unrelated steps. Avoid multiline sed/perl one-liners.
5. Verify
- Run `pnpm -v` and confirm it matches `packageManager`.
- `git diff` to ensure only intended workflow/package.json changes.
6. Follow-up
- If runtime code/build/test config was changed (not typical here), run `$code-change-verification`; otherwise, a light check is enough.
- Commit with `chore: upgrade pnpm toolchain` and open a PR (automation may do this).
## Notes
- Tools needed: `curl`, `jq`, `node`, `pnpm`/`corepack`. Install if missing.
- Keep edits minimal and readable—prefer explicit file edits over global replacements.
- If GitHub API is rate-limited, retry with a token or bail out rather than guessing the tag.
This skill automates a careful pnpm toolchain refresh across a repository. It runs pnpm self-update or corepack prepare, aligns packageManager in package.json, and updates pnpm/action-setup and pinned pnpm versions in .github/workflows to the latest release. The goal is a minimal, verifiable update suitable for manual or automated PRs.
The skill updates pnpm locally (preferring pnpm self-update, falling back to corepack), captures the active pnpm version, and writes packageManager in package.json to that exact version. It queries the GitHub API for the latest pnpm/action-setup release tag and updates workflow files under .github/workflows that use that action, setting the uses: tag and any with: version: values to the captured pnpm version. It emphasizes manual, file-scoped edits and confirms changes with git diff.
What if GitHub API rate limits the release lookup?
Retry the query with GITHUB_TOKEN or GH_TOKEN for higher rate limits; if still blocked, abort rather than guessing the tag.
Should I change any other workflow steps?
No. Keep edits minimal: only update pnpm/action-setup uses and any with: version fields. Avoid touching unrelated steps.