Skip to content

CI: set up Node in nightly + release jobs (fix npm not found turning main red)#6206

Merged
lawrencecchen merged 1 commit into
mainfrom
fix-ci-nightly-npm
Jun 16, 2026
Merged

CI: set up Node in nightly + release jobs (fix npm not found turning main red)#6206
lawrencecchen merged 1 commit into
mainfrom
fix-ci-nightly-npm

Conversation

@lawrencecchen

@lawrencecchen lawrencecchen commented Jun 16, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Why

build-sign-notarize-nightly is red on main (and has been across recent commits: fce1524, #6199's 723329f, #6102's 50ae246). The job lands on a self-hosted macOS runner (the iOS-CI minis match the same MACOS_RUNNER_15/warp label) that has no npm on PATH, so the pinned npm install --global create-dmg@${CREATE_DMG_VERSION} fails with npm: command not found (exit 127).

No workflow used setup-node; runners were assumed to ship npm.

Fix

Add a pinned actions/setup-node@v6.4.0 (node 20) before Install build deps in both nightly.yml and release.yml, so the job is self-sufficient regardless of which runner picks it up. The create-dmg install stays pinned to CREATE_DMG_VERSION=8.0.0; tests/test_ci_create_dmg_pinned.sh still passes.

Workflow-only change.

🤖 Generated with Claude Code

View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.

Note

Low Risk
Workflow-only CI change; no application, signing, or release artifact logic is modified beyond ensuring npm is available for the existing create-dmg install.

Overview
Fixes nightly and release macOS jobs failing on self-hosted runners where npm is not on PATH, which broke the existing pinned npm install --global create-dmg@${CREATE_DMG_VERSION} step with npm: command not found.

Adds a Set up Node step (actions/setup-node@v6.4.0, Node 20) immediately before Install build deps in nightly.yml and release.yml, using the same if guards as the surrounding build steps. The create-dmg version pin and install command are unchanged.

Reviewed by Cursor Bugbot for commit 21c72d8. Bugbot is set up for automated code reviews on this repo. Configure here.

Summary by cubic

Set up Node in nightly and release build jobs to fix “npm: command not found” on self-hosted macOS runners. This makes the create-dmg install reliable and keeps CI green.

  • Bug Fixes
    • Added actions/setup-node@v6.4.0 (Node 20) before “Install build deps” in nightly.yml and release.yml.
    • Ensures npm is available on all runners; create-dmg stays pinned at 8.0.0.

Written for commit 21c72d8. Summary will update on new commits.

Review in cubic

Summary by CodeRabbit

  • Chores
    • Updated macOS build and release workflows to ensure Node.js is properly installed on self-hosted runners before proceeding with build steps, improving build reliability.

@lawrencecchen
CI: set up Node in nightly + release build jobs (fix npm not found)
21c72d8 
build-sign-notarize-nightly has been red across recent main commits: the job
can land on a self-hosted macOS runner (the iOS-CI minis match the same
MACOS_RUNNER_15/warp label) that has no npm on PATH, so
'npm install --global create-dmg' fails with exit 127 'npm: command not found'.

No workflow used setup-node; the runners were assumed to ship npm. Add a
pinned actions/setup-node (v6.4.0, node 20) before Install build deps in both
nightly.yml and release.yml so the job is self-sufficient on any runner. The
create-dmg install stays pinned to CREATE_DMG_VERSION=8.0.0 (pin guard
tests/test_ci_create_dmg_pinned.sh still passes).
@vercel

vercel Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
cmux Ready Ready Preview, Comment Jun 16, 2026 1:16am
cmux-staging Building Building Preview, Comment Jun 16, 2026 1:16am

@coderabbitai

coderabbitai Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9ae400cb-862c-43e4-bca5-720576653cc4

📥 Commits

Reviewing files that changed from the base of the PR and between fce1524 and 21c72d8.

📒 Files selected for processing (2)
  • .github/workflows/nightly.yml
  • .github/workflows/release.yml
📝 Walkthrough

Walkthrough

Two macOS CI workflow files (nightly.yml and release.yml) each receive a new conditional step that provisions Node.js 20 via actions/setup-node before the build dependency installation stage. Both steps are guarded by existing job conditions and target self-hosted runner environments.

Changes

Node.js Setup in macOS CI Workflows

Layer / File(s) Summary
Node.js setup steps in nightly and release workflows
.github/workflows/nightly.yml, .github/workflows/release.yml		 Adds a guarded Set up Node step using actions/setup-node (Node 20) to both macOS jobs, inserted before the build dependency installation step that includes the global create-dmg install.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 Hop, hop! Before we build and sign,
A Node step now joins the line!
npm ready, the runner won't fret,
create-dmg installs without sweat.
The bunny CI pipeline is set! 🎉

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 inconclusive)

Check name Status Explanation Resolution
Cmux Source Artifacts ❌ Error .claude/scheduled_tasks.lock is a runtime artifact (contains sessionId, pid, procStart timestamp) that violates source-control-artifacts.md rule against local tool output and generated artifacts in... Remove .claude/scheduled_tasks.lock and add .claude/ pattern to .gitignore, or move only intentional config files (commands, skills) and exclude runtime artifacts and lock files.
Description check ❓ Inconclusive The PR description provides detailed context (why the jobs were failing, the root cause, the specific fix applied) but is missing the required Testing, Demo Video, and Checklist sections from the template. Complete the description by adding Testing (how the fix was verified), Demo Video (N/A if not applicable), and Checklist sections from the template.
✅ Passed checks (19 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately and concisely summarizes the main change: adding Node setup to CI jobs to fix the npm-not-found issue on self-hosted runners.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Cmux Swift Actor Isolation ✅ Passed Swift actor isolation check not applicable; PR only modifies GitHub Actions workflow YAML files (.github/workflows/nightly.yml, release.yml) with no production Swift code changes.
Cmux Swift Blocking Runtime ✅ Passed PR modifies only GitHub Actions workflow YAML files (.github/workflows/); no Swift source code changes present, so Swift blocking runtime check is not applicable.
Cmux Expensive Synchronous Load ✅ Passed This PR modifies only GitHub Actions workflow files (.yml) to add Node.js setup steps. The check requires production Swift changes but this is a workflow-only change with no Swift code modifications.
Cmux Cache Substitution Correctness ✅ Passed PR modifies only GitHub Actions workflow files (.github/workflows/nightly.yml and release.yml), not production Swift, TypeScript, or JavaScript code. Cache substitution correctness check explicitly...
Cmux No Hacky Sleeps ✅ Passed GitHub Actions workflow changes are intentionally out of scope per .github/review-bot-rules/runtime-no-hacky-sleeps.md. The PR only adds setup-node action steps for CI orchestration and introduces...
Cmux Algorithmic Complexity ✅ Passed PR changes only GitHub Actions workflow files (.yaml), not production code. The algorithmic complexity rule applies to "production Swift, TypeScript, JavaScript, shell, and runtime code" - not CI/C...
Cmux Swift Concurrency ✅ Passed PR contains only workflow YAML changes (nightly.yml, release.yml), no Swift code modifications. Custom check for Swift concurrency patterns is not applicable.
Cmux Swift @Concurrent ✅ Passed PR contains only workflow YAML changes (.github/workflows/nightly.yml and release.yml), no Swift code modifications, so the Swift @concurrent annotation check is not applicable.
Cmux Swift File And Package Boundaries ✅ Passed PR modifies only GitHub Actions workflow YAML files (nightly.yml, release.yml); no Swift code or SwiftPM package boundaries are affected, so the check is not applicable.
Cmux Swift Logging ✅ Passed PR contains only workflow file changes (.github/workflows/*.yml), no Swift code modifications. Check for Swift logging violations is not applicable to YAML workflow files.
Cmux User-Facing Error Privacy ✅ Passed The PR only adds workflow-only changes (setup-node steps and developer comments) to CI/CD configuration files. The comments referencing "npm: command not found" are developer-only documentation in...
Cmux Full Internationalization ✅ Passed PR modifies only GitHub Actions workflow files (nightly.yml, release.yml) to add Node.js setup steps. These are operational/infrastructure changes with no user-facing text, UI, localized strings, o...
Cmux Swiftui State Layout ✅ Passed PR contains only GitHub Actions workflow changes (Node.js setup steps) with no SwiftUI code modifications. SwiftUI state layout check is not applicable.
Cmux Architecture Rethink ✅ Passed Check not applicable: PR modifies only GitHub Actions workflows (.yml files), not Swift code. Custom check targets Swift architecture changes specifically.
Cmux Swift Auxiliary Window Close Shortcuts ✅ Passed PR contains only workflow file changes (nightly.yml and release.yml) with Node.js setup additions; no Swift code modifications, so the cmux window close-shortcut check is not applicable.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-ci-nightly-npm

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@greptile-apps

greptile-apps Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR fixes the npm: command not found (exit 127) failure in build-sign-notarize-nightly by adding an explicit actions/setup-node@v6.4.0 step before Install build deps in both nightly.yml and release.yml, making each job self-sufficient instead of relying on npm being pre-installed on the runner.

  • Both workflow files add the same SHA-pinned (48b55a0…) actions/setup-node step with node-version: "20", consistent with how other actions (actions/cache, actions/setup-go) are pinned in these files.
  • The if condition on each new Set up Node step exactly matches the if condition on the adjacent Install build deps step it unblocks, so the two steps are always skipped or run together.

Confidence Score: 5/5

Workflow-only change that adds a single, well-scoped setup step to two CI jobs; no production code is touched.

Both additions are minimal and correctly scoped: the action is pinned to a full commit SHA (matching the existing pinning convention in these files), node 20 is a stable LTS version, and each new step's if guard is identical to the Install build deps step it immediately precedes, so they can never diverge.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/nightly.yml Adds SHA-pinned actions/setup-node@v6.4.0 (node 20) before Install build deps; if guard matches the downstream step exactly.
.github/workflows/release.yml Same SHA-pinned actions/setup-node@v6.4.0 addition; if: steps.guard_release_assets.outputs.skip_all != 'true' matches the downstream Install build deps guard.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Job starts on macOS runner] --> B{Runner has npm?}
    B -- Before fix --> C[npm: command not found ❌]
    B -- After fix --> D["Set up Node\n(actions/setup-node@v6.4.0)"]
    D --> E["Install build deps\n(npm install --global create-dmg@8.0.0)"]
    E --> F[Build / Sign / Notarize ✅]
Loading 
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[Job starts on macOS runner] --> B{Runner has npm?}
    B -- Before fix --> C[npm: command not found ❌]
    B -- After fix --> D["Set up Node\n(actions/setup-node@v6.4.0)"]
    D --> E["Install build deps\n(npm install --global create-dmg@8.0.0)"]
    E --> F[Build / Sign / Notarize ✅]
Loading

Reviews (1): Last reviewed commit: "CI: set up Node in nightly + release bui..." | Re-trigger Greptile

@lawrencecchen lawrencecchen merged commit 677ff8f into main Jun 16, 2026
29 of 31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lawrencecchen