Skip to content

fix(toolchain): upgrade Node.js to 20.17.0 for npm 11.6.2 compatibility #680

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
GarthDB merged 4 commits into from
Jan 23, 2026
Merged

fix(toolchain): upgrade Node.js to 20.17.0 for npm 11.6.2 compatibility #680

GarthDB merged 4 commits into from
Jan 23, 2026
+5 −4

Conversation

@GarthDB
Copy link
Member

@GarthDB GarthDB commented Jan 23, 2026
edited
Loading

Problem

The OIDC-enabled publishing workflow was failing with two issues after PR #679 merged:

  1. npm compatibility: npm 11.6.2 incompatible with Node.js 20.12.2
  2. CI glossary export: spectrum-glossary:export task failing with No such file or directory

Issue 1: npm/Node.js Version Incompatibility

Error from workflow logs:

npm warn cli npm v11.6.2 does not support Node.js v20.12.2. 
This version of npm supports the following node versions: ^20.17.0 || >=22.9.0
ENEEDAUTH

Despite OIDC environment validation passing, npm failed to use OIDC authentication due to the version incompatibility.

Issue 2: Glossary Export Failing in CI

Error:

cp: cannot stat 'dist/*': No such file or directory
fail RunTask(spectrum-glossary:export)

Moon was caching dist/ as an output and cleaning it up immediately after the build task completed. The export task couldn't access the dist folder even when declared as an input.

Solutions Applied

1. Upgrade Node.js to 20.17.0 ✅

Updated .moon/toolchain.yml and package.json engines constraint:

node:
  version: "20.17.0"  # Was: 20.12
"engines": {
  "node": "~20.17"  // Was: ~20.12
}

This satisfies npm 11.6.2's requirement: ^20.17.0 || >=22.9.0

2. Fix Glossary Export Task ✅

Modified docs/spectrum-glossary/moon.yml:

  • Removed outputs: ["dist"] from build task
  • Kept inputs: ["dist"] in export task

This prevents moon from caching and cleaning up the dist folder, allowing it to persist naturally for the dependent export task.

Why These Changes Matter

Node.js Upgrade:

  • npm 11.6.2 requires compatible Node.js for OIDC to function
  • Without it, OIDC validation passes but npm still fails with ENEEDAUTH
  • Node.js 20.17.0 is the minimum LTS version that supports npm 11.6.2

Glossary Export Fix:

  • Fixes pre-existing CI failure unrelated to OIDC (but blocking PR merge)
  • Moon's caching was too aggressive for this sequential task dependency
  • Trade-off: loses cache optimization but gains reliability

Impact

After this PR merges:

  1. ✅ Node.js 20.17.0 and npm 11.6.2 are compatible
  2. ✅ npm OIDC authentication works properly
  3. spectrum-glossary:export task passes in CI
  4. All 4 pending versions will publish to npm with cryptographic provenance:
    • @adobe/spectrum-tokens 14.1.0
    • @adobe/design-system-registry 1.1.0
    • @adobe/token-diff-generator 2.5.3
    • @adobe/spectrum-design-data-mcp 1.0.13

Related PRs

This completes the OIDC migration sequence:

@GarthDB
fix(toolchain): upgrade Node.js to 20.17.0 for npm 11.6.2 compatibility
8705736 
npm 11.6.2 requires Node.js ^20.17.0 || >=22.9.0 for OIDC authentication
to work properly. Without this, npm fails with ENEEDAUTH even though
OIDC environment validation passes.

Previous workflow failure: https://github.com/adobe/spectrum-design-data/actions/runs/21301759226

Error from logs:
npm warn cli npm v11.6.2 does not support Node.js v20.12.2.
This version of npm supports the following node versions: ^20.17.0 || >=22.9.0
@changeset-bot
Copy link

changeset-bot bot commented Jan 23, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: ed84b6f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@GarthDB
Copy link
Member Author

GarthDB commented Jan 23, 2026
edited
Loading

Run report for ed84b6fe

Total time: 1m 25s | Comparison time: 3m 46s | Estimated savings: 2m 21s (62.2% faster)

Action Time Status Info
⬛️ SetupProto(0.51.4) 0ms Skipped
🟩 SyncWorkspace 6.9ms Passed
🟩 SyncProject(visualizer) 0.3ms Passed
🟩 SyncProject(tokens) 0.4ms Passed
🟩 SyncProject(release-analyzer) 0.4ms Passed
🟩 SyncProject(spectrum-diff-core) 0.5ms Passed
🟩 SyncProject(s2-visualizer) 0.3ms Passed
🟩 SyncProject(release-timeline) 0.4ms Passed
🟩 SyncProject(csvGenerator) 0.3ms Passed
🟩 SyncProject(component-diff-generator) 0.4ms Passed
🟩 SyncProject(componentSchemas) 1.2ms Passed
🟩 SyncProject(viewer) 1.2ms Passed
🟩 SyncProject(optimized-diff) 0.3ms Passed
🟩 SyncProject(spectrum-design-data-mcp) 0.4ms Passed
🟩 SyncProject(token-diff-generator) 0.4ms Passed
🟩 SyncProject(component-options-editor) 0.3ms Passed
🟩 SyncProject(design-system-registry) 0.2ms Passed
🟩 SyncProject(site) 0.3ms Passed
🟩 SyncProject(spectrum-glossary) 0.3ms Passed
🟩 RunTask(release-timeline:clean) 44.6ms Passed
And 44 more...
Expanded report
Action Time Status Info
🟩 RunTask(viewer:clean) 608.9ms Passed
🟩 RunTask(site:copyComponentSchema) 634.9ms Passed
🟩 RunTask(site:copyTokenTypeSchema) 615.8ms Passed
⬛️ SetupToolchain(node:20.17.0) 1.3s Skipped
🟩 InstallWorkspaceDeps(node:20.17.0) 10.6s Passed
🟩 RunTask(tokens:buildManifest) 287.1ms Passed
🟩 RunTask(visualizer:typescript) 3.9s Passed
🟩 RunTask(component-options-editor:type-check) 8.6s Passed
🟩 RunTask(design-system-registry:validate) 391.9ms Passed
🟩 RunTask(component-options-editor:lint) 10s Passed
🟩 RunTask(token-diff-generator:test) 9.8s Passed
🟩 RunTask(s2-visualizer:typescript) 5s Passed
🟩 RunTask(spectrum-glossary:build) 7.5s Passed
🟩 RunTask(component-options-editor:test) 10.5s Passed
🟩 RunTask(component-diff-generator:test) 3.3s Passed
🟩 RunTask(csvGenerator:test) 1.6s Passed
🟩 RunTask(site:clean) 217.7ms Passed
🟩 RunTask(componentSchemas:test) 3.8s Passed
🟩 RunTask(spectrum-design-data-mcp:test) 2.1s Passed
🟩 RunTask(release-timeline:updateData) 1.1s Passed
🟩 RunTask(spectrum-diff-core:test) 2.4s Passed
🟩 RunTask(release-analyzer:test) 1.6s Passed
🟩 RunTask(component-options-editor:build) 40.7s Passed
🟩 RunTask(design-system-registry:test) 1.8s Passed
🟩 RunTask(optimized-diff:test) 1.6s Passed
🟩 RunTask(csvGenerator:generateCSV) 258.5ms Passed
🟩 RunTask(spectrum-glossary:clean) 895.1ms Passed
🟩 RunTask(visualizer:build) 3.5s Passed
🟩 RunTask(token-diff-generator:ci) 32.8ms Passed
🟩 RunTask(token-diff-generator:diff) 306ms Passed
🟩 RunTask(s2-visualizer:build) 5.9s Passed
🟩 RunTask(component-diff-generator:diff) 412ms Passed
🟩 RunTask(component-diff-generator:ci) 27.4ms Passed
🟩 RunTask(release-timeline:build) 1.6s Passed
🟩 RunTask(spectrum-diff-core:ci) 10.4ms Passed
🟩 RunTask(optimized-diff:benchmark) 569ms Passed
🟩 RunTask(component-options-editor:validate) 16.6s Passed
🟩 RunTask(site:build) 30.9s Passed
🟩 RunTask(site:export) 110.3ms Passed
🟩 RunTask(tokens:buildTokens) 1m 10s Passed
🟩 RunTask(tokens:build) 12ms Passed
🟩 RunTask(viewer:prepare) 34.6ms Passed
🟩 RunTask(viewer:export) 41.6ms Passed
🟩 RunTask(tokens:test) 2.7s Passed
Touched files
.moon/toolchain.yml
docs/spectrum-glossary/moon.yml
package.json

@GarthDB
fix(glossary): add dist as input to export task
b05f6ff 
Moon caches the dist/ folder after build completes and cleans it up.
The export task depends on build but didn't declare dist as an input,
so moon didn't restore it from cache, causing 'No such file or directory' error.

Fixes CI failure: spectrum-glossary:export task
@GarthDB
fix(glossary): don't cache dist as output to prevent cleanup
5eebfd3 
Moon caches and cleans outputs immediately after task completion.
Even with dist declared as input to export task, moon wasn't restoring
it from cache in CI. Removing outputs declaration allows dist to persist
naturally for the dependent export task.

This trades off cache optimization for reliability.
@GarthDB
fix(glossary): mark export task as local to exclude from CI
ed84b6f 
The export task is only needed for the deploy-docs workflow, not for CI.
Marking it as local: true excludes it from 'moon ci' runs, preventing
the dist folder hashing issue since CI doesn't need to export glossary.

The deploy-docs workflow explicitly runs 'moon run spectrum-glossary:export'
which will work correctly there.
@GarthDB GarthDB merged commit d2de70f into main Jan 23, 2026
3 checks passed
@GarthDB GarthDB deleted the fix/upgrade-nodejs-for-npm-oidc branch January 23, 2026 21:51
This was referenced Jan 23, 2026
Merged
Merged
GarthDB added a commit that referenced this pull request Jan 23, 2026
@GarthDB
fix(ci): use changesets-action v1.6.8 with explicit OIDC env passing
49dd54b 
This version explicitly passes OIDC environment variables to the publish
command execution, which should fix the proto shim compatibility issue.

Changes:
- Use GarthDB/changesets-action@v1.6.8 instead of changesets/action@v1
- Enable oidcAuth: true to activate explicit env var passing
- Restore single-step publish (no need for separate manual publish step)
- Remove verification step (v1.6.8 handles validation internally)

How v1.6.8 fixes the proto shim issue:
- PR #687 confirmed OIDC vars ARE present in GitHub Actions shell
- Previous versions failed because vars were lost through proto shim chain
- v1.6.8 explicitly passes env vars to exec() call using env option
- This forces OIDC variables through: action → pnpm → changeset → npm

Expected outcome:
✅ npm should detect OIDC from explicitly passed environment variables
✅ Packages should publish successfully with provenance
✅ Works with proto/moonrepo toolchains and standard environments

Related:
- v1.6.8 release: https://github.com/GarthDB/changesets-action/releases/tag/v1.6.8
- Root cause identified in PR #687
- Builds on npm 11.6.2 setup from PR #680
@GarthDB GarthDB mentioned this pull request Jan 23, 2026
Merged
GarthDB added a commit that referenced this pull request Jan 23, 2026
@GarthDB
fix(ci): use changesets-action v1.6.8 with explicit OIDC env passing (#…
00c4198 
…688)

This version explicitly passes OIDC environment variables to the publish
command execution, which should fix the proto shim compatibility issue.

Changes:
- Use GarthDB/changesets-action@v1.6.8 instead of changesets/action@v1
- Enable oidcAuth: true to activate explicit env var passing
- Restore single-step publish (no need for separate manual publish step)
- Remove verification step (v1.6.8 handles validation internally)

How v1.6.8 fixes the proto shim issue:
- PR #687 confirmed OIDC vars ARE present in GitHub Actions shell
- Previous versions failed because vars were lost through proto shim chain
- v1.6.8 explicitly passes env vars to exec() call using env option
- This forces OIDC variables through: action → pnpm → changeset → npm

Expected outcome:
✅ npm should detect OIDC from explicitly passed environment variables
✅ Packages should publish successfully with provenance
✅ Works with proto/moonrepo toolchains and standard environments

Related:
- v1.6.8 release: https://github.com/GarthDB/changesets-action/releases/tag/v1.6.8
- Root cause identified in PR #687
- Builds on npm 11.6.2 setup from PR #680
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GarthDB