chore: add-continuous-publish

[ryanbas21]

JIRA Ticket

N/A

Description

Add continuous releases on PR's.

on Main, when we don't publish, we publish to the stack blitz registry (like a beta)

Summary by CodeRabbit

• New Features

  • None

• Documentation

  • Updated README badges: added preview publish badge and refreshed CI status badge.

• Tests

  • Improved stability of OIDC logout e2e tests by synchronizing navigation and actions in parallel.

• Chores

  • Enhanced CI/publish workflows to auto-publish preview packages and adjust run order when standard publishing doesn’t occur.
  • Updated dependencies: moved a build tool to devDependencies and added linting and preview-publish tooling.

[changeset-bot]

⚠️ No Changeset found

Latest commit: bb83ab8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[nx-cloud]

View your CI Pipeline Execution ↗ for commit bb83ab8

Command	Status	Duration	Result
nx run-many -t build	✅ Succeeded	<1s	View ↗
nx affected -t build typecheck lint test e2e-ci	✅ Succeeded	53s	View ↗
nx-cloud record -- nx format:check	✅ Succeeded	1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-09-30 19:02:02 UTC

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.75%. Comparing base (5c1ff08) to head (bb83ab8).
⚠️ Report is 2 commits behind head on main.

❌ Your project status has failed because the head coverage (18.75%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff            @@
##           main     #399       +/-   ##
=========================================
+ Coverage      0   18.75%   +18.75%     
=========================================
  Files         0      138      +138     
  Lines         0    27368    +27368     
  Branches      0      951      +951     
=========================================
+ Hits          0     5132     +5132     
- Misses        0    22236    +22236     

see 138 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@399

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@399

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@399

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@399

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@399

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@399

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@399

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@399

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@399

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@399

commit: bb83ab8

[github-actions]

Deployed 43e62c5 to https://ForgeRock.github.io/ping-javascript-sdk/pr-399/43e62c57b2cdd285e807f47d9c7ab8c80998b9f8 branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/journey-client - 0.0 KB (-82.0 KB, -100.0%)

📊 Minor Changes

📈 @forgerock/journey-client - 82.0 KB (+0.0 KB)

➖ No Changes

➖ @forgerock/device-client - 9.2 KB
➖ @forgerock/oidc-client - 23.0 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/sdk-utilities - 7.5 KB
➖ @forgerock/sdk-types - 8.0 KB
➖ @forgerock/storage - 1.4 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB
➖ @forgerock/sdk-request-middleware - 4.4 KB
➖ @forgerock/sdk-oidc - 2.5 KB
➖ @forgerock/davinci-client - 34.5 KB

---

13 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}

[coderabbitai]

Walkthrough

Adds pnpm-based pkg-pr-new publish steps to CI and publish workflows, updates README badges, refines an e2e test to use Promise.all for navigation/click sync, and adjusts package.json devDependencies (moves ts-patch, adds ESLint TS plugins and pkg-pr-new).

Changes

Cohort / File(s)	Summary of Changes
CI Workflow (PR validation) .github/workflows/ci.yml	Inserts a step to run pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm after build checks and before docs build.
Publish Workflow .github/workflows/publish.yml	Adds conditional step to run pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm --comment=off only if Changesets did not publish. Modifies control flow.
Documentation / Badges README.md	Replaces old ci.yaml badge with two: pkg.pr.new badge and updated Build Status for ci.yml.
E2E Tests e2e/oidc-suites/src/logout.spec.ts	Replaces sequential navigation waits with Promise.all to wait for target URL and click concurrently for PingAM and PingOne flows; keeps assertions intact.
Tooling & Dev Dependencies package.json	Moves ts-patch from dependencies to devDependencies; adds @typescript-eslint/eslint-plugin, @typescript-eslint/parser, and pkg-pr-new to devDependencies.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Pull Request
  participant GH as GitHub Actions (ci.yml)
  participant Build as Ensure builds run
  participant PkgPR as pkg-pr-new publish
  participant Docs as build docs

  Dev->>GH: PR opened/updated
  GH->>Build: Run build checks
  Build-->>GH: Success/Failure
  alt Build success
    GH->>PkgPR: pnpm pkg-pr-new publish ./packages/* ./packages/sdk-effects/* (--packageManager=pnpm)
    PkgPR-->>GH: Publish result (PR preview packages)
    GH->>Docs: build docs
  else Build failure
    GH-->>Dev: Fail workflow
  end

Loading

sequenceDiagram
  autonumber
  actor Maint as Release Trigger
  participant GH as GitHub Actions (publish.yml)
  participant CS as Changesets Publish
  participant PkgPR as pkg-pr-new publish

  Maint->>GH: Workflow run (release)
  GH->>CS: Publish via Changesets
  CS-->>GH: outputs.published = true/false
  alt outputs.published == false
    GH->>PkgPR: pnpm pkg-pr-new publish ./packages/* ./packages/sdk-effects/* (--packageManager=pnpm --comment=off)
    PkgPR-->>GH: Publish result
  else published == true
    GH-->>Maint: Skip pkg-pr-new step
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ci: use-trusted-publishers #418 — Also refactors publish workflow, introducing a reusable trusted-publish job; overlaps with publish.yml logic changes.
• ci: change-event-for-publish-snapshot #419 — Adjusts conditions for the trusted-publish job in publish.yml; related to this PR’s conditional publish step.
• chore: update-pnpm #422 — Updates pnpm-related tooling/configuration; aligns with added pkg-pr-new and devDependency changes.

Suggested reviewers

• cerebrl
• ancheetah

Poem

I thump my paw on build-time ground,
New badges shine, the workflows sound.
With pnpm hops I preview-pack,
If Changesets nap, I’ve got their back.
Tests now leap in sync, not slow—
A happy hare in CI’s flow. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The description includes the required JIRA Ticket and Description headings but omits whether a changeset was added and lacks detail about the specific CI workflow modifications and conditions for publishing, making it incomplete relative to the template’s prompts.	Please update the description to explicitly state if a changeset was added, detail the new CI steps introduced in ci.yml and publish.yml, and clarify the conditions under which packages are published or redirected to StackBlitz as a beta.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly and accurately describes the main purpose of the changeset by indicating that this PR adds continuous publishing, aligning directly with the implemented workflow updates and package publication logic.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch pkg-pr-new

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2c00751 and 16135c2.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/workflows/ci.yml (1 hunks)
• .github/workflows/publish.yml (1 hunks)
• README.md (1 hunks)
• e2e/oidc-suites/src/logout.spec.ts (2 hunks)
• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Mend Code Security Check
• GitHub Check: pr

🔇 Additional comments (4)

e2e/oidc-suites/src/logout.spec.ts (2)

41-44: LGTM: Proper concurrent navigation pattern.

Using Promise.all to wait for navigation while clicking is a Playwright best practice that prevents race conditions and timeouts.

---

78-81: LGTM: Consistent pattern applied.

The same concurrent navigation pattern is correctly applied for PingOne login flow, maintaining consistency across tests.

.github/workflows/publish.yml (1)

107-109: LGTM: Conditional beta publishing strategy.

The conditional publish to pkg-pr-new when published == 'false' correctly implements the beta publishing strategy for main branch when no official release occurs. The --comment=off flag is appropriate since there's no PR context.

.github/workflows/ci.yml (1)

83-84: No changes needed to the publish step. All glob patterns correctly match every directory containing a package.json, including all sdk-effects subpackages.

[cerebrl]

I think CodeRabbit caught a version issue, but other than that, this looks good.

[nx-cloud]

Nx Cloud has identified a possible root cause for your failed CI:

The failure is classified as 'environment_state' because:

1. The error is consistent across all failing lint tasks: "Cannot find package '@typescript-eslint/eslint-plugin' imported from eslint.config.mjs"

2. The PR changes focus on adding continuous publishing functionality (pkg-pr-new), updating CI workflows, README badges, and improving E2E test stability - none of which are related to ESLint configuration or TypeScript ESLint plugin dependencies.

3. This appears to be a missing dependency issue where @typescript-eslint/eslint-plugin is imported in the ESLint configuration but not present in package.json dependencies. This suggests the environment is missing required packages due to incomplete dependency installation or package resolution issues.

4. The failure is unrelated to the code changes made in this PR. The PR successfully adds preview publishing capabilities but the environment cannot run linting due to missing ESLint plugin dependencies.

5. This type of dependency resolution failure is characteristic of environment setup issues rather than code changes introduced by the pull request.

No code changes are proposed since this is an environmental issue that should be resolved by ensuring all dependencies are properly installed in the CI environment.

A code change would likely not resolve this issue, so no action was taken.

View in Nx Cloud ↗

_{⚙️ An Nx Cloud workspace admin can disable these reviews in workspace settings.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0b2f420 and cb978d9.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (7)

• .direnv/flake-profile (1 hunks)
• .direnv/flake-profile-3-link (1 hunks)
• .github/workflows/ci.yml (1 hunks)
• .github/workflows/publish.yml (1 hunks)
• README.md (1 hunks)
• e2e/oidc-suites/src/logout.spec.ts (2 hunks)
• package.json (2 hunks)

✅ Files skipped from review due to trivial changes (2)

• .direnv/flake-profile
• .direnv/flake-profile-3-link

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/publish.yml
• README.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Mend Code Security Check
• GitHub Check: pr

🔇 Additional comments (4)

e2e/oidc-suites/src/logout.spec.ts (2)

41-44: Nice synchronization of the login navigation

Registering the waitForURL before the click keeps the navigation watcher armed and removes the race we occasionally saw here. Looks good.

---

78-81: Consistent fix for the PingOne flow

Mirroring the Promise.all pattern here brings the same flake resistance to the PingOne scenario. 👍

.github/workflows/ci.yml (1)

83-83: Addition aligns with pkg.pr.new guidance.

Running a single pkg-pr-new publish invocation for all workspaces and tagging the package manager matches the upstream recommendations, so this fits the intended continuous-preview flow. (github.com)

package.json (1)

107-107: pkg-pr-new pin looks good.

0.0.51 is the current latest tag, so this devDependency constraint is valid for the new workflow step. (classic.yarnpkg.com)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Version 8.45.0 hasn’t been published—build will fail.

@typescript-eslint/eslint-plugin and @typescript-eslint/parser top out at 8.42.0 as of September 30, 2025, so the ^8.45.0 range cannot resolve and pnpm install will error. Drop the floor to a released tag (for example ^8.42.0) or align with whatever version constraints you intend to support before merging. (npmjs.com)

-    "@typescript-eslint/eslint-plugin": "^8.45.0",
-    "@typescript-eslint/parser": "^8.45.0",
+    "@typescript-eslint/eslint-plugin": "^8.42.0",
+    "@typescript-eslint/parser": "^8.42.0",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"@typescript-eslint/eslint-plugin": "^8.45.0",
	"@typescript-eslint/parser": "^8.45.0",
	"@typescript-eslint/eslint-plugin": "^8.42.0",
	"@typescript-eslint/parser": "^8.42.0",

🤖 Prompt for AI Agents

In package.json around lines 53 to 54, the @typescript-eslint/eslint-plugin and
@typescript-eslint/parser versions are set to ^8.45.0 which is unpublished and
will break installs; change both entries to a released version (for example
^8.42.0) or to the exact version range you intend to support, then run your
package manager (pnpm install) to update the lockfile and verify the install
succeeds.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cb978d9 and 3e4a03a.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (7)

• .direnv/flake-profile (1 hunks)
• .direnv/flake-profile-3-link (1 hunks)
• .github/workflows/ci.yml (1 hunks)
• .github/workflows/publish.yml (1 hunks)
• README.md (1 hunks)
• e2e/oidc-suites/src/logout.spec.ts (2 hunks)
• package.json (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• .direnv/flake-profile-3-link
• e2e/oidc-suites/src/logout.spec.ts
• .github/workflows/ci.yml
• .github/workflows/publish.yml
• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: pr
• GitHub Check: Mend Code Security Check

🔇 Additional comments (1)

README.md (1)

1-2: LGTM! Badge updates are correct.

Both badges are properly formatted with correct repository paths and workflow filenames. The pkg.pr.new badge will display the package preview status, and the CI badge correctly references the ci.yml workflow file.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Do not commit .direnv/ directory to version control.

The .direnv/ directory contains environment-specific configuration generated by direnv and Nix flakes. These files are machine-specific and will differ across developer environments, causing unnecessary merge conflicts and repository churn. The standard practice is to exclude this directory from version control.

Remove this file and add .direnv/ to your .gitignore:

-flake-profile-3-link

Then add the following line to .gitignore:

+.direnv/

Run the following script to verify if .direnv is already in .gitignore and to identify all .direnv files that should be removed:

---

🏁 Script executed:

#!/bin/bash
# Check if .direnv is already in .gitignore
echo "Checking .gitignore for .direnv entry:"
if [ -f .gitignore ]; then
  grep -n "^\.direnv" .gitignore || echo "Not found in .gitignore"
else
  echo ".gitignore file not found"
fi

echo ""
echo "All .direnv files/directories in the repository:"
fd -H -t f -t d "^\.direnv$" -x echo "{}"

Length of output: 122

---

Remove .direnv/ directory from version control and update .gitignore.

• Delete the committed .direnv/flake-profile (and any other files under .direnv/):

  git rm -r --cached .direnv

• Add the following line to your .gitignore:

  +.direnv/

This prevents machine-specific direnv artifacts from being tracked.

🤖 Prompt for AI Agents

In .direnv/flake-profile at lines 1-1: the repo currently tracks the .direnv
directory; remove all tracked .direnv files from version control and stop
tracking future ones by removing them from the index (e.g., git rm -r --cached
.direnv), add the line .direnv/ to the repository .gitignore, and commit the
changes so machine-specific direnv artifacts are no longer tracked.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/ci.yml (1)

83-84: Gate PR preview publish on non-forks and provide token env to avoid failures.

Forked PRs have read-only GITHUB_TOKEN; tools that post PR comments typically expect GH_TOKEN/GITHUB_TOKEN. This step can fail on forks or when token isn’t detected. Recommend gating to same-repo PRs and mapping the token; optionally keep it non-blocking if previews are “nice to have.”

-      - run: pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm
+      - name: Publish PR preview packages
+        if: ${{ github.event.pull_request.head.repo.fork == false }}
+        env:
+          # Many tools read GH_TOKEN; map the workflow token explicitly.
+          GH_TOKEN: ${{ github.token }}
+          GITHUB_TOKEN: ${{ github.token }}
+        run: pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm
+        # Uncomment if you prefer previews not to block CI:
+        # continue-on-error: true

If you want previews even on forks, consider adding --comment=off for forks and keeping the run non-blocking. Please confirm how pkg-pr-new behaves without write perms on forked PRs.

.github/workflows/publish.yml (1)

107-109: Make preview publish resilient and pass token explicitly.

When Changesets doesn’t publish on main, this fallback preview publish should not block the workflow. Also map the token for tools that expect GH_TOKEN.

-      - run: pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm --comment=off
-        if: steps.changesets.outputs.published == 'false'
+      - name: Publish preview to StackBlitz registry (no comment)
+        if: steps.changesets.outputs.published == 'false'
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GITHUB_TOKEN: ${{ github.token }}
+        run: pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm --comment=off
+        continue-on-error: true

Please confirm whether pkg-pr-new requires any additional flags (e.g., custom registry) in your environment; if so, we should add them here to avoid silent no-ops.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3e4a03a and bb83ab8.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/workflows/ci.yml (1 hunks)
• .github/workflows/publish.yml (1 hunks)
• README.md (1 hunks)
• e2e/oidc-suites/src/logout.spec.ts (2 hunks)
• package.json (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• README.md
• package.json
• e2e/oidc-suites/src/logout.spec.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: pr
• GitHub Check: Mend Code Security Check
• GitHub Check: Mend Security Check