test(bazel): add module-vs-package version-parity guard (TIN-2668)#17
Merged
Jess Sullivan (Jesssullivan) merged 1 commit intoJul 9, 2026
Merged
Conversation
Port the version-parity guard from tinyland-auth PR #21 as recurrence prevention. MODULE.bazel (0.2.4), the npm_package() target in BUILD.bazel (0.2.4), and package.json (0.2.4) already agree, but nothing asserted that. Extracts the version from the module() block of MODULE.bazel and the npm_package() target of BUILD.bazel and asserts both it and package.json match the module SSOT. Guard proven to catch skew: with BUILD.bazel version mutated to 9.9.9, the assertion fails as intended.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
TIN-2668: recurrence prevention. tinyland-auth PR #21 found and fixed a
version-authority skew between MODULE.bazel, the npm_package() target
in BUILD.bazel, and package.json, then added a guard test so the class
of bug cannot recur. fingerprint, otel, and auth-pg currently match
their tags but had no equivalent guard.
Current state (verified before writing the guard)
All three already agree; no skew found, no version values changed.
Fix
Add
src/__tests__/package-authority.test.ts(this repo's tests liveunder src/tests, per vitest.config.ts's include pattern; no
existing package/release-authority test to extend). It extracts the
version from the module() block of MODULE.bazel and the npm_package()
target of BUILD.bazel and asserts both the packaged version and
package.json match the module SSOT, mirroring tinyland-auth PR #21's
guard shape.
Validation (offline, no remote cache required)
pnpm test: 3 files / 41 tests pass, 2 files / 5 tests skipped (thetestcontainers-backed Postgres smoke tests, which skip automatically
with no Docker/Podman runtime available) — new guard included in the
passing set.
9.9.9, the assertion fails as intended (reverted before commit).
pnpm typecheck: clean.